Confused about timing of implementation 1543
I have just started at the legal department at a new company after 3 and a half years at a lawfirm, and we are trying to figure out when we need to implement sarbox 404 by. I saw some law firm memos which said that non-accelerated filers need to begin to comply with Section 404 for fiscal years ending on or after July 15, 2007. I also just saw the SEC release which says that 404(a) needs to be complied wiith for fiscal years beginning on or after December 16, 2006. Thanks, any replies would be greatly appreciated.
milan last edited by
It is my understanding that:
Non-accelerated filers with a 12/31 year-end must comply by 12/31/07.
Non-accelerated filers with a year-end other than 12/31 may not need to comply until 2008 due to the recent postponement. However, this is not guaranteed.
You should verify with inhouse counsel or Finance group to ensure that your firm is appropriately classified as a non-accelerated filer.
Thanks, I am actually in-house counsel here. We are definitely a non-accelerated filer. How do you know about the dates of implementation? Also, what does it mean that we have to be compliant by 12/31/07, does it mean that all testing and procedures need to be in place by the beginning of 2007 and the report will cover that year. Sorry for these questions, and I really appreciate your response.
milan last edited by
Protiviti Consulting has a good guidance document (see link below) that addresses your questions/concerns and then some. You can simply substitute the compliance date in the guidance document to the compliance date for your firm (12/31/07).
The guidance document addresses what it means to be compliant, how management can develop an action plan to help achieve SOX compliance, and provides good example SOX documentation.
Additionally, you can research the Q and A’s on the SEC website and PCAOB website for current requirements. If you are unable to locate this information, try reading some of the other posts in the general discussion or perform a query on the Forum. Either way, you should find plenty of useful information and answers to basic and technical questions.
Hope this further helps,
place www. in front of the link below:
knowledgeleader.com/iafreewebsite.nsf/2dcddc49dec9cd558525685400583e59/93dc93e3574732ea88256db40004c88b/USDFILE/Section 404 FAQs – Third Edition.pdf
Thanks Milan, I’ll check it out, I really appreciate your help.
efcbob last edited by
Dr. J, I’m a manager at a smaller firm that assists clients with SOX compliance and want to add that you might want to consider hiring consultants to help you document and test your controls. As you are not the only firm that has to come to grips with compliance as a Non-A filer, I’d thought I’d offer you and any other readers some tips about dealing with outside firms for SOX work, even though you didn’t ask these questions yet:
- Assess where you stand to determine your needs. Who is your internal SOX Champion and what are his or her skills? Do you have someone with some SOX experience or will this be a new experience for them? What can you do in house well and what are your weaknesses. In house personnel are less expensive but sometimes have less depth of experience to accomplish SOX 404 compliance. Does hiring one or more folks with this effort make sense now?
- Shop around among firms. Many firms will be more than happy to present proposals to you and at this point virtually all should be able to achieve your objectives. Consider hourly fees and the firm’s client references. Don’t rule out smaller firms and sometimes a smaller firm will be more flexible than larger firms toward accomplishing your objectives. Smaller firms also tend to cost less per hour.
- If you contract out, don’t let hourly fees run amock. Nothing says you can’t cap billable hours at say no more than 40 hours per week per consultant.
- As early as you can, engage your external attest auditors early to review your controls in a given area. Have external auditors conduct a walk through of a major sub process early on (such as payroll, accounts receivable etc.) to avoid a major disconnect later over identified controls, which are key, test plans etc.
Hope this helps. Contact me if you need more info.