The Sarbanes-Oxley Act of 2002 (SOX) has created challenges and opportunities for publicly traded companies, changing the way they do business. SOX, specifically Section 404, charges management with the responsibility of annually assessing the design and operating effectiveness of internal control over financial reporting. BKD can conduct an integrated audit, as required by SOX, resulting in the issuance of a report on the effectiveness of the company's internal controls in addition to our report on the financial statements.
Management is responsible for meeting SOX 404 requirements. When BKD serves as your auditor, we strategize with you and discuss your processes, but are limited in what assistance we can provide while maintaining our independence. In consulting environments where we are not your auditor, we can take a lead role in helping management meet SOX 404 requirements. Our approach is driven by the answers to questions such as:
- What documentation, monitoring and testing of controls already exist?
- How complex is the organization?
- What internal audit or other resources can be deployed?
- What kind of IT does your company depend on?
- What is your company's culture with regard to “doing things right”?
FDICIA requirements for banks are very similar to the SOX 404 provisions. Other regulated industries have adopted similar rules, or some entities have decided to adopt SOX 404-type procedures as a best practice.