Determining SOX Relevance/Relatedness for deficiencies 1354

  • Has anyone seen or have clear, laymans guidance that can be applied for purposes of determining the SOX relevance of a newly identified deficiency?
    In the earlier years of SOX, when there was a rash of deficiencies found that related to SOX docs or testing, there was little debate about a deficiencies SOX relatedness. However, in recent months, its become increasingly apparent that within and across our organization that there is no real baseline understanding for what is SOX related or not.
    Are there some basic questions, considerations or other guidance out there that we can apply, even at the onset of the discussions, that can be used to help frame our discussions and interpretations of what is SOX related or not?
    Thanks much in advance.

  • Questions to ask -
    Can this deficiency impact our external financial statements?
    Can this deficiency lead to fraud?
    Does this deficiency impact our entity-level controls such that it could lead one to conclude that these controls are weak?
    The questions will help you to get to answers that may eliminate something from the SOX realm if the deficiency relates solely to operations (internal reporting, how we price our products, operating efficiency, etc) or compliance (how do we ensure that we are adhering to the laws governing our type of business in the locations where we are doing business?) as SOX is primarily related to internal controls over financial reporting.

  • I haven’t seen a process diagram written in plain English that can be used to determine if a newly identified control deficiency has SOX relevance.
    Some formal guidance has been developed to address the evaluation of control deficiencies and for use in determining the appropriate treatment (disclosure, issue a qualified opinion, etc.) However, the guidance is not easy to understand and is not written in plain English that can be easily applied by persons without an Accounting background.
    I suggest reviewing the newly identified deficiency and comparing it to the list below to see if it falls into one of the categories. Certainly, if you find that the deficiency exactly matches an issue previously identified and reported by another company, and the deficiency could lead to material mistatement, you can determine if it should be reported/disclosed.
    Hope this helps,
    Period-end Reporting/Accounting Policies

    1. Deficiencies in the period-end reporting process (closing process)
    2. No adequate internal controls over the application of new accounting principles or the application of existing accounting principles to new transactions
    3. The absence or ineffectiveness of a rule compliance checking procedure for SEC filings
    4. A lack of effective record keeping and compliance assistance for reports required under Section 16(a) of the Exchange Act
    5. Inadequate internal controls relating to the authorization, recognition, capture and review of transactions, facts, circumstances and events that may have a material impact on the Company’s financial reporting process
    6. Deficiencies related to the design of policies and execution of processes related to accounting for transactions
    7. Weaknesses related to the establishment of standards for review of journal entries and related file documentation
    8. Deficiencies related to the accounting and financial reporting infrastructure for collecting, analyzing, and consolidating information to prepare the consolidated financial statements
    9. Inadequate procedures for appropriately assessing and applying certain SEC disclosures and requirements
    10. Inconsistent application of accounting policies
      Revenue Recognition
    11. Weak internal controls related to the design and review of revenue recognition policies
    12. Weak internal controls related to contracting practices
    13. Weaknesses over certain internal controls related to the detection of side letters and the process of investigating customer assertions regarding terms not specified in the agreements
      Senior Management
    14. Override by senior management
    15. Ineffective control environment
    16. No full time CFO that has SEC and reinsurance experience to focus on the financial affairs of the Company
      Account Specific
    17. Internal control matters with respect to inventory transactions
    18. Problems, such as a lack of effective documentation, with stock options and other compensatory equity grants
    19. Inadequate internal controls for accounting for loss contingencies, including bad debts
    20. Improper accounting for income taxes
    21. Improper accounting procedures for capitalized software development
    22. Improper accounting for accruals such as prepaid expenses and accrued expenses
    23. Improper accounting for an equity method investment
    24. Weak procedures for applying SFAS 131, such as segment determination
    25. Inadequate procedures to reconcile inter-company accounts and transactions
    26. Improper accounting for derivatives
    27. Internal control deficiencies related to the reconciliation of service advances
    28. Inadequate implementation of uniform controls over certain acquired entities and operations
    29. Inadequate control over classification of certain fixed asset balances
    30. Deficiencies in the documentation of a receivables securitization program
    31. Improper accounting for convertible debentures with warrants and related measurement and recognition of beneficial conversion and warrant discounts and issuance costs
    32. Improper accounting for pension liability
    33. Weaknesses in the process to record liabilities related to large deductible insurance programs
    34. Lack of compliance with established procedures for appropriately applying SFAS No. 5, Accounting for Contingencies
    35. Weaknesses in the process to gather information in order to complete the annual impairment testing of recorded goodwill and indefinite lived intangible assets
    36. Failure to timely record patents or trademarks or to timely analyze the patents and trademarks for usefulness and possible impairment
      Account Reconciliations
    37. Problems with certain accounting reconciliations and review procedures
    38. Lack of compliance with established procedures for monitoring and adjusting balances relating to certain accruals and provisions, including restructuring charges
      Subsidiary Specific
    39. Deficiencies related to the timely completion of statutory filings in foreign countries
    40. Inconsistencies in the application of company policies among business units and segments
    41. Deficiencies related to the timely and complete revelation of material contracts entered into by subsidiaries of the Company
    42. Employees overseas engaged in improper transactions and unauthorized trading
    43. Internal accounting control that may have permitted employees at certain company locations to circumvent federal and state laws relating to the reporting of certain cash payments
      Segregation of Duties
    44. Weak internal controls and procedures relating to separation of duties (e.g. lack of separation of certain duties between payroll and other accounting personnel)
    45. Inappropriate segregation of duties to ensure that accurate information is contained in certain types of internal and external corporate communications, including press releases
    46. Inadequate qualified staffing and resources leading to the untimely identification and resolution of certain accounting and disclosure matters and failure to perform timely and effective reviews
    47. The need to increase the training of the financial staff
      Technology Issues
    48. The security of systems used for the entry and maintenance of accounting records requires additional documentation and scrutiny to ensure that access to such systems and the data contained therein is restricted to only those employees whose job duties require such access
    49. Information technology has a number of areas where formal, documented policies and procedures have not been developed

Log in to reply