While we invite you
to contact us so that we can address your questions specifically
to your business, below are some commonly asked questions
regarding our "Sarbanes-Oxley" services.
- What is the Sarbanes-Oxley Act of 2002 and why was
Congress passed the Sarbanes-Oxley Act of 2002, also
known as "SOX", as a result of blatant mis-representation
and inaccurate reporting of financial transactions
by various corporations. Companies such as Enron, WorldCom,
and Tyco, together with various audit firms such as
Arthur Anderson, conspired to falsely present financial
transactions while draining the companies of their
financial basis. Those actions erupted into numerous
scandals and resulted in major losses in investor confidence
and tremendous financial losses to the corporations
and their stakeholders. In order to restore investor
confidence in the US public market, as well as prevent
future debacles of this nature, it was vital that the
US government step in and implement preventative and
- When did the Sarbanes-Oxley Act take effect?
The Sarbanes-Oxley Act was signed into law by President
Bush in 2002, and required publicly traded companies
to begin compliance in 2004. Accelerated Filers (those
public US companies with a market capitalization over
$75 million) initially had to meet compliance in 2004.
Non-Accelerated Files (those public US companies with
a market capitalization under $75 million) have thus
far been provided an extension to file until the end
- What companies must comply with Sarbanes-Oxley?
All US-based public companies, as well as certain foreign
entities, must comply with Sarbanes-Oxley. "Significant
Business Units" in foreign locations, as in the case
of an IT Business Unit, may be required to comply,
regardless of whether or not any financial business
unit exists in that same location. Further, individual
business units in foreign locations may not be considered
significant individually, but may be considered significant
on a consolidated basis. Corporations with foreign
business units must carefully assess the materiality
of transactions flowing through the foreign entity,
and the specific functions being performed, to determine
if they are significant to the organization as a whole.
This and the potential impact to the organization as
a whole, should the foreign entity fail or mis-state
transactions, is a key indicator of whether or not
compliance is required by that entity.
- What areas of my company are required to comply with
All areas of public companies, including Human Resources,
Accounting & Finance, and IT are required to comply.
Virtually any area of a company where an error could
occur and in turn, cause a misrepresentation of the
financial reporting and disclosure must fall under
the Sarbanes-Oxley compliance umbrella. The SOX Act
is comprised of eleven sections, however section 404
(Management Assessment of Internal Controls) and section
409 (Real time issuer disclosures) are of greatest
concern to many companies, and are the most time consuming
to comply with.
- What is required in the process of complying with
Eligible companies must establish a framework of measurable
internal controls for all processes affecting or potentially
affecting financial reporting. Through these internal
controls and documented processes, the company must
ensure that all financial statements are verifiable,
and reported and disclosed accurately. All changes
to software used to maintain and report company financials,
must follow a stringent documentation (Change Management
Procedures), testing and acceptance process.
- What are the penalties involved if my company does
Companies failing to comply with Sarbanes Oxley can
be "de-listed" from the public market, resulting in
negative publicity, falling stock prices, and lawsuits.
Additionally, penalties for corporate officers participating
in inaccurate certifications and deliberate mis-statement
of financial reporting, involve prison time up to 20
years, and fines in the millions of dollars.
- How does complying with Sarbanes Oxley help my company?
In addition to keeping your company in good standing
with regards to public listing, and providing investors
the confidence that the company is accurately reporting
results, there can be other benefits as well. Often
the focus of Sarbanes Oxley Compliance has prompted
corporations to "tighten up" their internal controls,
reducing the number of errors or potential for error,
both of which can weaken profits. Sarbanes Oxley compliance
can eventually result in a healthier, better controlled
company. Because the IT and Financial Processes are
so integrated in every company, a provider of Sarbanes
Oxley compliance services who can seamlessly perform
all areas of SOX consulting, rather than splitting
this work between several firms, can ensure that your
compliance is provided in the most complete and cost-effective
- My company doesn’t need to comply with SOX until
2008. If I have never complied before, how long will
this process take?
The time required to comply with Sarbanes Oxley depends
upon many factors: the sheer size of the company, type
of industry, number of locations (foreign and/or domestic),
structure of the company (centralized or decentralized),
the IT Department and Application Software, and how
well the company has currently organized and implemented
internal control processes. In general, the first year
that a company must comply is the most time consuming.
The compliance process should begin as far in advance
of the compliance deadline as possible, to allow companies
the time to make any needed process or software changes
in a reasonable timeframe. This way, companies can
manage any required changes in a reasonable timeframe
rather than be forced to implement them under tight,
- Can't I just purchase software to meet my Sarbanes-Oxley
While software can be purchased to help support the
compliance with Sarbanes-Oxley, there is no software
that can be purchased that in and of itself will meet
the requirements of Sarbanes-Oxley. Software can aid
in scanning documents, tracking inventory, approving
purchase orders, etc, but in order to comply with Sarbanes
Oxley, these supporting software packages must still
be documented as processes, and tested. Un-tested "bolt-on" software,
or software that has not been validated by your operating
system supplier, can even create Sarbanes Oxley compliance
issues if not installed properly.
- How much will it cost my company to comply with the
There is no quick answer to this question. The cost
to comply with Sarbanes-Oxley, like the time required
to comply with the Act, depends upon many factors.
Again, the size of the company, number of processes
involved, structure of the company, and the amount
and type of internal controls currently in place, all
play a part in the cost structure. At Spectrum, we "right
size" your compliance level to your specific business.
In other words, implementing the same controls of a
billion dollar company, to a $300M company is inappropriate.
We believe that to be effective, controls must be cost
effective and designed around your company's activities,
and we strive to develop procedures and controls that "fit" your
particular environment. In order to do this, we first
perform our due diligence to detail your organizations
specific structure and processes, the amount and type
of documentation that currently exists. Then we develop
a plan and budget the estimated hours it will take
to bring the client to compliance, and provide the