Organizations which certify SOX compliance 2417



  • Hi
    I need details of organisations and firms which can certify other comapanies for SOX compliance. We provide compliance enablement services but cannot certify, we need details about comapnies which can certify too.
    It would be great If you can provide the above said details for other regulations such as PCI-DSS, SAS 70, FISMA, HIPPA, GLBA etc.
    Any help in this regard will be highly appreciated.
    Thanks and regards
    Gideon



  • There is no such thing as a certification of SOX compliance. The Sarbanes-Oxley Act of 2002 has a multitude of articles that deal with various things and there is no legal requirement to obtain a certiciation that you comply with all the articles of the Sarbanes-Oxley Act.
    Only section 404 of the Sarbanes-Oxley Act that deals with including an assessment of the effectiveness of internal control over financial reporting in the annual report of public companies requires an attestation by a public accountant.
    Are you talking about companies that use external service providers to perform certain taks that have a material impact on the financial statements (e.g. payroll processing)? In that case the company will try to obtain a SAS 70 type II report on the design and operating effectiveness of the internal controls of the service provider., because they cannot assess those controls themselves because they are outside of their organization. SAS 70 reports and their non U.S. equivalents are provided by certified public accountants.



  • Only approved auditors of public companies can ‘certify’ their client for SOX compliance by following the relevant auditing standards that guide their work.



  • The auditor of the parent company (i.e. the issuer of the securities) of the group of companies that has to comply with the Sarbanes-Oxley Act needs to be a public accounting firm that is registered with the U.S. Public Company Accounting Oversight Board. As far as I know this usually does not apply to the auditors of the subsidiaries that are part of the group of companies.
    And again, only section 404 (i.e. the effectiveness of internal control over financial reporting) needs to be audited by the registered public accounting firm. All other sections of the Sarbanes-Oxley Act do not require an external audit, attestation or certification.



  • Thanks for your responses.
    Yes I meant the certifiers for complaince to Section 404 assessment of the effectiveness of internal control over financial reporting.
    As you said I looked for the firms and I found few
    Andrews Hooper and Pavlik P.L.C
    Audit Practice
    Amper, Politziner and Mattia
    Thanks again
    Gideon



  • Hi Gideon,
    You can find a list of audit firms that are registered with the PCAOB and can audit issuers that access the U.S. public capital market at pcaobus.org/Registration/Registered_Firms.pdf (don’t forget to add www at the beginning.
    Best regards
    Georg


Log in to reply