Internal Controls & SOX

Internal Controls & SOX 2017-08-23T03:55:48+00:00

“The A2Q2 team provided tremendous value to ServiceSource. The firm was nimble and responsive to our needs. The team possess the unique combination of technical and audit experience which effectively supported our IPO efforts and assisted in our foundational efforts related to SOX compliance.”

David Bernstein, Chief Accounting Officer and Controller, Chief Accounting Officer
“I hired Kim Le and A2Q2 while I was CFO of CNET Networks and again when I accepted the position of CFO at Turnitin. Kim is an exceptional leader who develops very strong teams. She drives results with great integrity. The scope of work she accomplished for me was quite broad — ranging from Sarbanes-Oxley compliance to NetSuite Financial systems implementation and integration with SalesForce.com. She and her team also helped me to integrate an acquisition, establish a UK subsidiary and transition auditors. I can’t say enough about how effective she is. Wherever I go next, I will hire Kim.”
George Mazzotta, Former CFO
“I consider A2Q2 to be among the handful of top service providers I have had throughout my career. Kim Le assembled a team on short notice for a critical accounting project and then managed within tight deadlines and budget constraints to meet our objectives. She delivers that rare level of outstanding quality, service and commitment, as well as the technical expertise commensurate with any top tier accounting firm.”
Delida Costin, Former General Counsel
Energy Recovery
“After working with a Big 4 and other large consulting firm, I’m glad we made
the switch to A2Q2. The professional staff was knowledgeable and responsive.
They effectively managed the project to save time and costs while meeting our deadlines. We are happy to bring them back again this year.”
Denise Winn, former Assistant Controller

A2Q2’s approach to SOX is unlike other firms’. They far surpassed my expectations. Unlike other firms that use a one-size-fits-all approach to SOX, A2Q2 understood the unique aspects of our company’s business model and adapted their control documentation and testing accordingly. Their experienced staff were extremely efficient and offered a number of cogent recommendations for a more efficient engagement and reduced the amount of client time required for success.

Bill Roeschlein, CFO

A2Q2 Internal Controls & SOX

We help implement internal controls and SOX compliance.

We provided our IT audit preparation services to a client with over 3,000 employees. With the constantly increasing information technology risks and ever changing legislative compliance, our consultants have the necessary breadth of resources, skills, and experience to meet the most advanced IT audit requirements.

Over a period of four months, we worked with both the internal audit team and external auditors. We conducted the review of IT general controls, application controls, and key financial reports. The client also requested assistance with SSAE 16 report reviews and post-implementation reviews for Oracle R12.

The year-end IT audit was completed ahead of schedule and without issue, and our team was available an additional month after the project was completed to assist if any questions arose.

We have a client who distributed the controls documentation responsibility to each business unit and department. This decentralized approach resulted in various documentation formats. The content, level of details, and quality of the documentation varied greatly.

Over time, the documentation lost its rigor and accuracy. In addition, the process owners assigned to complete the controls documentation and assessment had varying levels of internal controls background and training. As a result the external auditors could not rely on the company’s work.

The company hired us to conduct interviews and walk-throughs to update the controls documentation. We were also asked to revamp the company’s risk control matrices to be more comprehensive and risk-focused around management review controls. As part of the review, we identified control gaps and proposed recommendations.

The CFO and CEO of a company needed comfort before signing their SOX 302 quarterly certifications which required that material financial disclosure is brought to the attention of the Disclosure Committee.

Our team explained to the Accounting and Legal Leads the benefits of implementing an automated sub-certification process. Together with management, we identified the appropriate employees who would be sub-certifying in support of the CFO and CEO. After compiling the list of sub-certifiers, we assisted management in tailoring sub-certification letters, assembled SOX 302 training materials and documented instruction on the sub-certification process.

We used the Echosign online document signing web application, which was presented during the training, to distribute the quarterly sub-certifications. We tracked and monitored sub-certifications that came in via Echosign and provided the client with any exceptions noted.

The final results were summarized for the Disclosure Committee to determine if any exceptions identified in the sub-certification process needed to be disclosed in the 10-K and 10-Q.

We proctored this quarterly sub-certification process for our client for several quarters until the company had the bandwidth to take over the process.

In preparing for an IPO, our client wanted an assessment of its existing processes for appropriate internal controls and SOX readiness. Through interviews and walk-throughs, we obtained an understanding of the existing processes and identified key controls.

After the initial assessment, we summarized our findings and prioritized the recommendations. Using white boards and flowcharts, we worked with process owners to redesign various processes to segregate incompatible duties and responsibilities. Over the next 12 months, we documented the revised processes and selectively tested key controls to verify that the process worked as designed.

In 2004, when SOX compliance was first mandated for publicly-traded companies, we successfully helped our client pass their first audit.
We began by understanding the regulations, its requirements and the implications to the auditee (our client). We estimated the effort/hours needed and built a project plan based on the reporting deadline.

Next, we performed a materiality and risk assessment to focus the audit effort on the higher risk areas and reduce the work on low risk areas. We gained an overview understanding of our client’s business and operations. From there, we created audit work programs tailored to our client’s processes and procedures. We sent documents and data requests. We scheduled and conducted interviews to understand policies and
procedures in detail. We documented the procedures and controls and assessed the design of the controls to mitigate the risks identified.

Then, we selected sample transactions to test and verify that the controls operated as intended. Where needed, we suggested changes to improve the control environment. Once management implemented the recommendations, we reevaluated the test results. We then finalized and
reported the results to management.

We managed the project from beginning to end. Throughout the audit, we worked closely with management and external auditors to ensure collaboration and communication. We held weekly status meetings with process owners and reported summary progress to senior management and to the Audit Committee.

We had a client implemented SOX the first time using only in-house resources. These were knowledgeable people, but they received a material weakness that year because they stretched their resources too far.

In 2005, they hired us to completely manage SOX for them, including planning, scoping, documentation, testing, and evaluation. We reported directly to the CFO and the Audit Committee. After hiring us, they successfully passed SOX.

After the issuance of Auditing Standard No. 5, we streamlined our clients’ SOX efforts by at least 20%. We reduced the scope of work for lower risk areas, eliminated non-essential process documentation, and decreased the number of key controls that required testing. We increased the consistency of documentation between business groups with standard templates. We leveraged the SOX work to identify operational efficiencies. We coordinated with the external auditors to ensure increased reliance on our work.

We helped a payment processing company pass its ISO27001 certification audit.

We interpreted the ISO27001 code relevant to the company and created a detailed audit test plan including test procedures, timing, and results tracking. We collaborated with the Compliance and Risk Management, Engineering, Information Security, Finance & Accounting, and Business Operations departments to create necessary policies, processes, and internal audit plan to help them with their ISO27001 certification.

The readiness assistance including answering the team’s questions and providing supporting documentation during the audit and post-audit follow up.

We implemented the audit plan and acted as the internal auditors. We tested, communicated findings and helped the company keep track of the progress. During the Stage 2 audit process, we attended the interviews and supported the company by adding any additional information and kept track of any findings and assisted in fixing them. With minimal findings, the Company obtained its ISO certification.