"Where Information Technology Is Purely Business & Engineering"
Professor Rino Nori's Fairfield University School of Engineering graduate school home page
We can assist with the documentation of the procedures, processes, controls and systems surrounding the preparation of financial statements thus helping the company comply with sections 302 and 404 of the Sarbanes-Oxley Act. A brief summary of our understanding of the Act follows at the bottom.
Potential Impact of the Act Upon Information Technology & Business Processes
Clearly, this Act only affects public companies. Secondly, it creates a process and procedures review and documentation requirement upon the Company. The two areas of major interest that we can assist with are as follows:
Section 302 Compliance: Documentation of internal company processes and procedures demonstrating and insuring that all information required to be disclosed is disclosed. This would be the basis upon which the CEO and CFO would base their certification, i.e. that the financial statements and accompanying footnotes are correct and fully complete.
Section 404 Compliance: These rules are not yet final, however the external auditor has to annually attest to managementís assessment of the effectiveness of the companyís internal controls and procedures for financial reporting. Accordingly, documentation of internal controls and procedures appear to be a key requirement upon which management, and the external auditors, can base their assessment.
Below is a brief summary of the Act.
"Generalized Summary of Sarbanes-Oxley Act (Public Law 107-204)"
Further details can be obtained from: http://www.aicpa.org/info/sarbanes_oxley_summary.htm
1) The Act was signed into law on July 30, 2002. The act only impacts public (SEC registered) companies and the CPA firms which service them. The details of the act are still in the process of being fully defined.
2) It created the five
member (each for a five year term) Public Company Accounting Oversight Board
(reporting to the SEC) which will register, set standards for, verify compliance, etc. of
all public accounting firms. The Board shall be supported by registration
"fees" charged to all public accounting firms.
3) It requires the CEO and CFO to certify (on a
quarterly basis) the appropriateness of the financial reporting and for
managementís responsibility for establishing and maintaining an adequate
internal control structure and procedures for financial reporting.
requirements and responsibilities are defined under section 302 and 404,
these rules may require the establishment of processes to ensure or be able to
prove that all information required to be disclosed (both financial and
non-financial) is recorded, processed, summarized and reported timely under SEC
rules. These certifications apply to the consolidated entity, and hence
include all subsidiaries, including those acquired during the quarterly
4) It bolsters the
independence requirements and rules for the Companyís Board of Directors
and its Audit Committee (e.g.
board member can only receive compensation for serving on the board and they
cannot provide external services or consulting, etc.)
5) It defines rules and responsibilities for the
company's audit committee, e.g.: appointment & compensation
of the external accountants, establishment of procedures for the "receipt,
retention, and treatment of complaints" received by the company regarding
accounting, internal controls, and auditing.
6) It bolsters the external
auditor independence rules; e.g. mandated five year audit partner rotation,
prohibits the offering of "non-audit" services (without prior
approval) to publicly traded clients (sample of prohibited services
include: bookkeeping, HR services, IT services, Legal services, Valuation
& Appraisal, etc. ), Key person rules, i.e. CEO or CFO or Chief
Accounting Person cannot have been employed by the external accounting firm one
year prior to the audit, others..
7) It enhances other rules,
must retain work papers for five years, penalty enhancements (e.g. mail
and wire fraud increased from 5 to 10 years), etc..