SOX 404 FIXED FEE SOLUTION
An Innovative Approach to Controlling Compliance Costs
For many organizations, achieving compliance with Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404) has created new challenges by requiring substantial fee-driven services that often exceed budgetary expectations.
K Financial now offers a unique and innovative solution that removes the uncertainty of compliance costs for organizations that have already undergone an initial SOX 404 audit. Our solution includes a full range of services for a clearly defined cost – helping to ease the expense, labor requirements and budgetary challenges of SOX 404 compliance.
Comprehensive Services. Clearly Defined Costs.
The K Financial SOX 404 Fixed Fee Solution includes end-to-end services that are provided in three phases, which occur at regular intervals throughout the year. Defined in detail below, these services include an initial update of your SOX 404 compliance program, quarterly testing and the preparation of a final report to management and external auditors.
Phase I – Update of SOX 404 Compliance Plan
The initial update of the SOX 404 compliance plan is performed at the end of the first quarter of your current fiscal year and includes the following key steps:
- Update location and process scoping
- Update financial statement risk assessment
- Evaluate key controls
- Perform IT application risk assessment
- Evaluate general computer controls and test plans
- Update entity level control documentation
- Review and update policies and procedures
- Review and update process narratives and control matrices
- Perform walkthrough analyses of processes and documentation
- Update test plans for IT, activity and entity level controls
- Continuous coordination with external auditors
Phase II – Quarterly Testing
Control test work will be performed four to eight weeks after the end of each quarter, the results of which will be summarized in a formal report that will be provided to both your management and external auditors. Remediation plans will be developed for control deficiencies and weaknesses, as they are identified. The quarterly testing provided during this phase enables you to:
- Maintain the momentum you achieved from your prior year SOX 404 project and avoid costly retraining of your staff.
- Identify and address control issues early, easing the burden of SOX 404 compliance at year end.
Phase III – Final Report to Management and Auditors
A final report will be provided to management and external auditors approximately six weeks after the end of your current fiscal year. This report will provide your chief executive officer (CEO) and chief financial officer (CFO) with a summary of internal control test work, a summary and evaluation of control deficiencies, and an opinion on the effectiveness of internal control over financial reporting.
The report not only gives the CEO and CFO the support they need to sign the SOX 404 certification, it also provides external auditors with a basis for their independent assessment of internal controls over financial reporting. |
