6 steps to make Sarbanes-Oxley work for you
Does your Sarbanes-Oxley (SOX) documentation process stand a chance against the updated 2013 COSO Framework? Don’t wait until the last minute to correct your process.
Follow these steps to ensure your organization maps to the new framework:
- Don't procrastinate. Migrating from your current framework to the new 2013 COSO Framework can take hundreds of hours. Now is the time to create a plan, assign responsibilities, and prep your team for success.
- Set reasonable goals. End of year deadlines don’t change, but you can set incremental deadlines internally to evaluate how your controls map to the 17 principles. Meeting those deadlines will give you a cushion for design and testing, if you need it.
- Take a fresh look. Review and update your internal controls with all the new guidance you have received. As, Marie Hollein, President and CEO of FEI, and FEI’s Representative on the COSO Board recently said, "Roll up [your] sleeves, kick the tires, see what shakes loose.”
- SOX Section 404. Remember that this assessment of internal controls is over your external financial reporting processes and practices.
- Keep things simple. If you recently filed an IPO, start small and work your way up from there. Other preparers have recommended that you start with the original 5 components and then extend from there to the 17 principles detailed in the updated framework.
- Communicate with your external auditors early and often. As you outline current gaps against the updated COSO 2013 Framework and decide how to fill those gaps, get the help you need. Engage external auditors early and often throughout the process to make sure there is buy-in across the board, and prevent any surprises that might arise later in the year.
You can do this. There’s no need to struggle through the mapping process. A combination of knowledgeable employees, good technology, and a commitment to ongoing training will help to ensure that you stay in control and reduce your risk.