What constitutes SOX failure 333



  • Now that the November 15th deadline has gone, a number of colleagues and myself are wondering what constitutes SOX failure? If out of say 100 controls, the company is found non-compliant by external auditors on 5% some of which have a potential impact on the P and L but others have some other mitigating control so that the overall effect is neutral, what does this mean? Is it still a failure? What if all the non-complance areas have some mitigating control? What if there’s 1 serious, 2 medium and 10 non-critical non-compliance? I’ve searched several sites and can find no weighting system that allows consideration of various types of non-compliance to be assessed. Or have I read the intent of the act wrong and its a win or lose situation - one non-compliance and you’re done?



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • If out of say 100 controls, the company is found non-compliant by external auditors on 5% some of which have a potential impact on the P and L but others have some other mitigating control so that the overall effect is neutral, what does this mean? ’ According to Standard audit #2, you have a 5% failure rate, you are considered possibly a material weakness and reported on your 10K. You need to remember that external auditors do not only a review of your process, your outcome from thata process but aggregate the deficient controls. If there is a number of failed controls in one area that could be material, if there is a number across say a security section, that could be material, expecially if there is an impact on the financials. Management has to attest to the controls saying that they are comfortable in that they are adequate, but also the external auditor does the same. If one or both are not comfortable with your assessments then you will not get a good opinion and possibly have to report a material weakness on your 10K.%0AWhat if all the non-complance areas have some mitigating control? %0AMitigating controls are considered a secondary control and not all the external auditors will consider these. %0AOr have I read the intent of the act wrong and its a win or lose situation - one non-compliance and you’re done? %0AIt is not a one non compliance issue, it is an aggregate of all your controls and did the management assess properly and effectively.



  • If you look at the word mitigating you 'll find the answer. It basically say’s that your designed controll within a process is for whatever reason not functioning and a different control is mitigating / buffering the negative effect comming out of that flaw. This impacts that you still need to remidiate the deficient control. There you also have an indicator what your auditors may say. They most likely say in such a situation, that there’s no impact. If that disfunctioning controls impact 's exeeding your materiality threshold you may have a material weakness. Nevertheless is your ext. Auditor required to report all deficiencies found to your companies Audit Committee.



  • Now that the November 15th deadline has gone, a number of colleagues and myself are wondering what constitutes SOX failure?
    Could perhaps have been thinking about this a bit earlier, no?
    Ultimately you have a ‘failure’ if under testing a KEY control is found not to have operated coorectly - even for one transaction. Ideally you well have done some of this work well in advance of year end to gie you time to remediate and retest those controls.
    However, this is only half the story becuase not all control failures will result in a potential material or significant weakness that is reportable under SOX.



  • 'If out of say 100 controls, the company is found non-compliant by external auditors on 5% some of which have a potential impact on the P and L but others have some other mitigating control so that the overall effect is neutral, what does this mean? ’ According to Standard audit #2, you have a 5% failure rate, you are considered possibly a material weakness and reported on your 10K %0AHasn’t SEC changed this to 20%?%0AI’m not 100% sure, but some some little bird whispered something about it to me a few weeks ago.


Log in to reply