Determining SOX Relevance/Relatedness for deficiencies 1354
Its_Cole last edited by
Has anyone seen or have clear, laymans guidance that can be applied for purposes of determining the SOX relevance of a newly identified deficiency?
In the earlier years of SOX, when there was a rash of deficiencies found that related to SOX docs or testing, there was little debate about a deficiencies SOX relatedness. However, in recent months, its become increasingly apparent that within and across our organization that there is no real baseline understanding for what is SOX related or not.
Are there some basic questions, considerations or other guidance out there that we can apply, even at the onset of the discussions, that can be used to help frame our discussions and interpretations of what is SOX related or not?
Thanks much in advance.
kymike last edited by
Questions to ask -
Can this deficiency impact our external financial statements?
Can this deficiency lead to fraud?
Does this deficiency impact our entity-level controls such that it could lead one to conclude that these controls are weak?
The questions will help you to get to answers that may eliminate something from the SOX realm if the deficiency relates solely to operations (internal reporting, how we price our products, operating efficiency, etc) or compliance (how do we ensure that we are adhering to the laws governing our type of business in the locations where we are doing business?) as SOX is primarily related to internal controls over financial reporting.
milan last edited by
I haven’t seen a process diagram written in plain English that can be used to determine if a newly identified control deficiency has SOX relevance.
Some formal guidance has been developed to address the evaluation of control deficiencies and for use in determining the appropriate treatment (disclosure, issue a qualified opinion, etc.) However, the guidance is not easy to understand and is not written in plain English that can be easily applied by persons without an Accounting background.
I suggest reviewing the newly identified deficiency and comparing it to the list below to see if it falls into one of the categories. Certainly, if you find that the deficiency exactly matches an issue previously identified and reported by another company, and the deficiency could lead to material mistatement, you can determine if it should be reported/disclosed.
Hope this helps,
MATERIAL WEAKNESS CLASSIFICATION AND EXAMPLES
Period-end Reporting/Accounting Policies
- Deficiencies in the period-end reporting process (closing process)
- No adequate internal controls over the application of new accounting principles or the application of existing accounting principles to new transactions
- The absence or ineffectiveness of a rule compliance checking procedure for SEC filings
- A lack of effective record keeping and compliance assistance for reports required under Section 16(a) of the Exchange Act
- Inadequate internal controls relating to the authorization, recognition, capture and review of transactions, facts, circumstances and events that may have a material impact on the Company’s financial reporting process
- Deficiencies related to the design of policies and execution of processes related to accounting for transactions
- Weaknesses related to the establishment of standards for review of journal entries and related file documentation
- Deficiencies related to the accounting and financial reporting infrastructure for collecting, analyzing, and consolidating information to prepare the consolidated financial statements
- Inadequate procedures for appropriately assessing and applying certain SEC disclosures and requirements
- Inconsistent application of accounting policies
- Weak internal controls related to the design and review of revenue recognition policies
- Weak internal controls related to contracting practices
- Weaknesses over certain internal controls related to the detection of side letters and the process of investigating customer assertions regarding terms not specified in the agreements
- Override by senior management
- Ineffective control environment
- No full time CFO that has SEC and reinsurance experience to focus on the financial affairs of the Company
- Internal control matters with respect to inventory transactions
- Problems, such as a lack of effective documentation, with stock options and other compensatory equity grants
- Inadequate internal controls for accounting for loss contingencies, including bad debts
- Improper accounting for income taxes
- Improper accounting procedures for capitalized software development
- Improper accounting for accruals such as prepaid expenses and accrued expenses
- Improper accounting for an equity method investment
- Weak procedures for applying SFAS 131, such as segment determination
- Inadequate procedures to reconcile inter-company accounts and transactions
- Improper accounting for derivatives
- Internal control deficiencies related to the reconciliation of service advances
- Inadequate implementation of uniform controls over certain acquired entities and operations
- Inadequate control over classification of certain fixed asset balances
- Deficiencies in the documentation of a receivables securitization program
- Improper accounting for convertible debentures with warrants and related measurement and recognition of beneficial conversion and warrant discounts and issuance costs
- Improper accounting for pension liability
- Weaknesses in the process to record liabilities related to large deductible insurance programs
- Lack of compliance with established procedures for appropriately applying SFAS No. 5, Accounting for Contingencies
- Weaknesses in the process to gather information in order to complete the annual impairment testing of recorded goodwill and indefinite lived intangible assets
- Failure to timely record patents or trademarks or to timely analyze the patents and trademarks for usefulness and possible impairment
- Problems with certain accounting reconciliations and review procedures
- Lack of compliance with established procedures for monitoring and adjusting balances relating to certain accruals and provisions, including restructuring charges
- Deficiencies related to the timely completion of statutory filings in foreign countries
- Inconsistencies in the application of company policies among business units and segments
- Deficiencies related to the timely and complete revelation of material contracts entered into by subsidiaries of the Company
- Employees overseas engaged in improper transactions and unauthorized trading
- Internal accounting control that may have permitted employees at certain company locations to circumvent federal and state laws relating to the reporting of certain cash payments
Segregation of Duties
- Weak internal controls and procedures relating to separation of duties (e.g. lack of separation of certain duties between payroll and other accounting personnel)
- Inappropriate segregation of duties to ensure that accurate information is contained in certain types of internal and external corporate communications, including press releases
- Inadequate qualified staffing and resources leading to the untimely identification and resolution of certain accounting and disclosure matters and failure to perform timely and effective reviews
- The need to increase the training of the financial staff
- The security of systems used for the entry and maintenance of accounting records requires additional documentation and scrutiny to ensure that access to such systems and the data contained therein is restricted to only those employees whose job duties require such access
- Information technology has a number of areas where formal, documented policies and procedures have not been developed