Close window

Save Money on Sarbanes-Oxley Section 404(a) Compliance

“It is clear to us the first round of internal control audits cost too much,” declares PCAOB Chairman William McDonough.

Companies in the first year of The Sarbanes-Oxley Act, Section 404(a) compliance need to start early with a lot of planning. Marmann & Associates P.C. believe an economical approach to compliance is possible with the “Top-Down Approach” to internal control over financial reporting.

If your company is trying to use its existing internal control structure, which normally utilizes controls and procedures performed by lower managerial personnel (bottom-up) to provide for accurate recording of individual transactions, expect your compliance cost to soar. This is already documented with the accelerated filers and the PCAOB press release of May 16, 2005.

The bottom-up approach is usually beneficial in highly regulated industries such as banks that already have a well-documented system of internal control.

The Top-Down Approach (“TDA”) requires senior management to develop internal controls not within the normal perception of what is considered to be internal controls. TDA will require more involvement and additional procedures by senior officers and the board of directors. For smaller companies, this is an easier task and should provide benefits not only in internal control and Section 404(a) compliance, but in improving operations and risk management as well.

Marmann & Associates has developed the Top-Down Approach for companies either through guidance as a company’s independent auditor or through extensive planning, development and implementation for non-audit clients.

TDA is still based on the internal control-integrated framework of The Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) and addresses the following five components:

  • Control Environment

  • Risk Assessment

  • Control Activities

  • Information and Communication

  • Monitoring

However, instead of relying solely on company personnel to record transactions that build account balances used in preparing financial statements, senior management develops supplemental internal control procedures and is actively engaged in performing such internal control procedures. The goal of these supplemental procedures is to provide reasonable assurance about the reliability of the company’s financial reporting and its process for preparing and fairly presenting financial statements.

One example, develop a cash flow forecasting model and compare actual results to the forecast. Knowing your cash position and expected cash flows provides a TDA internal control when it is compared to reported financial results. Differences in cash flows in the financial reports from that expected from the forecasts can be investigated and resolved. With this one example, you can see how such a procedure by senior management with the appropriate policies can meet the COSO internal control components previously mentioned.

These supplemental internal controls do not replace the internal controls that every company has to safeguard its assets. They are designed to work with the existing internal control procedures and provide management with the necessary assurance that the financial reporting is proper and not fraudulent or misleading.

Marmann & Associates has developed the TDA applying beneficial operating and control procedures to the material financial reporting balances at the financial-statement level and the individual account-balance level. These are tailored to each company based on discussions with senior management, gaining an understanding of the company’s operations, and review of its financial reporting.

When addressing Section 404(a) compliance using TDA, companies need to keep the following in mind:

  1. The Sarbanes-Oxley Act focuses on companies’ internal control over financial reporting. Materiality is a factor.

  2. The independent auditor rendering an opinion on internal control over financial reporting must obtain sufficient competent evidence about the design and operating effectiveness of controls over all relevant financial statement assertions related to all significant accounts and disclosures in the financial statement.

  3. The company’s goal is to optimize internal control policies and procedures to satisfy A and B in order to comply with Section 404(a). If you want the best bottom to top internal control system to minimize fraud, be prepared to pay for it annually and recognize that your cost may outweigh your risk assessment.

For an understanding of internal control, also see, Internal Control – Integrated Framework Executive Summary from The Committee of Sponsoring Organizations of the Treadway Commission.

For guidance in our example of cash flow forecasting, see Creating Cash flow Projections You Can Trust from Philip Campbell, author of the book “Never Run Out of Cash, The 10 Cash Flow Rules You Can’t Afford To Ignore”.