In the previous blog, we covered SOX 404 requirements and the JOBS Acts.  Now, we get practical and tactical.  In this session, we answer the following questions:

  1. Who runs the SOX 404 process?
  2. What is the suggested compliance approach?
  3. How long does the 404 process take to implement?
  4. What is the typical plan for SOX compliance?

In the future, we will focus on the “how to” for specific steps in SOX compliance.

I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.

 

Who runs the SOX 404 process?

Typically Finance or Internal Audit runs the program.  Smaller companies often outsource or co-source the 404 compliance process because of the expertise and bandwidth required in a short time to successfully implement the program.

Regardless of whom you use, in-house resources or co-sourced service provider, the best practice is to have them report directly to the Audit Committee.  They can report dotted line to the CFO because of day-to-day interactions. The external auditors are more likely to place more reliance on the work performed by an independent person/team if they report directly to the Audit Committee.

Within SOX 404, Legal needs to own the company wide policies such as Employee Code of Conduct, Insider Trading, and FCPA.

 

What is the suggested SOX 404 approach?

Here is an easy 5-step approach: Plan, Document, Test, Remediate, and Evaluate.  The key to success in the first year is training and education.  For younger companies, many of your employees may not have worked for public companies or are new to the SOX process.  The more Legal and Finance communicate and train, the easier the adoption and implementation.

SOX 404 implementation approach
Fig. 1 – SOX 404 implementation approach process

 

How long does SOX 404 compliance take?

SOX compliance can take 6 to 12 months, depending on how intensely you want to focus.  The Gantt chart below is a sample 12-month timeline for the planning, documentation, walk-through, testing and wrap up assuming SOX 404a and 404b compliance.

SOX Compliance timeline Gantt Chart
Fig. 2 – SOX Compliance Gantt Chart 12 months

 

What is the typical plan for SOX compliance?

Below is a more detail break out of the steps for SOX compliance.  We also show you the deliverables or output that is typical at each stage.

Plan for SOX Compliance a2q2
Fig. 3 – Typical plan for SOX compliance

 

Summary

To recap, we tackle the SOX 404 Implementation Approach to answer the following questions:

  1. Who runs the SOX 404 process?
  2. What is the suggested compliance approach?
  3. How long does the 404 process take to implement?
  4. What is the typical plan for SOX compliance?

watch video in youtube

 

If you found this post helpful and
want to receive the next segment
sign up for blog