While we invite you to contact us so that we can address your questions specifically to your business, below are some commonly asked questions regarding our "Sarbanes-Oxley" services.
  1. What is the Sarbanes-Oxley Act of 2002 and why was it enacted?

    Congress passed the Sarbanes-Oxley Act of 2002, also known as "SOX", as a result of blatant mis-representation and inaccurate reporting of financial transactions by various corporations. Companies such as Enron, WorldCom, and Tyco, together with various audit firms such as Arthur Anderson, conspired to falsely present financial transactions while draining the companies of their financial basis. Those actions erupted into numerous scandals and resulted in major losses in investor confidence and tremendous financial losses to the corporations and their stakeholders. In order to restore investor confidence in the US public market, as well as prevent future debacles of this nature, it was vital that the US government step in and implement preventative and monitoring measures.
  2. When did the Sarbanes-Oxley Act take effect?

    The Sarbanes-Oxley Act was signed into law by President Bush in 2002, and required publicly traded companies to begin compliance in 2004. Accelerated Filers (those public US companies with a market capitalization over $75 million) initially had to meet compliance in 2004. Non-Accelerated Files (those public US companies with a market capitalization under $75 million) have thus far been provided an extension to file until the end of 2008.
  3. What companies must comply with Sarbanes-Oxley?

    All US-based public companies, as well as certain foreign entities, must comply with Sarbanes-Oxley. "Significant Business Units" in foreign locations, as in the case of an IT Business Unit, may be required to comply, regardless of whether or not any financial business unit exists in that same location. Further, individual business units in foreign locations may not be considered significant individually, but may be considered significant on a consolidated basis. Corporations with foreign business units must carefully assess the materiality of transactions flowing through the foreign entity, and the specific functions being performed, to determine if they are significant to the organization as a whole. This and the potential impact to the organization as a whole, should the foreign entity fail or mis-state transactions, is a key indicator of whether or not compliance is required by that entity.
  4. What areas of my company are required to comply with Sarbanes-Oxley?

    All areas of public companies, including Human Resources, Accounting & Finance, and IT are required to comply. Virtually any area of a company where an error could occur and in turn, cause a misrepresentation of the financial reporting and disclosure must fall under the Sarbanes-Oxley compliance umbrella. The SOX Act is comprised of eleven sections, however section 404 (Management Assessment of Internal Controls) and section 409 (Real time issuer disclosures) are of greatest concern to many companies, and are the most time consuming to comply with.
  5. What is required in the process of complying with Sarbanes-Oxley?

    Eligible companies must establish a framework of measurable internal controls for all processes affecting or potentially affecting financial reporting. Through these internal controls and documented processes, the company must ensure that all financial statements are verifiable, and reported and disclosed accurately. All changes to software used to maintain and report company financials, must follow a stringent documentation (Change Management Procedures), testing and acceptance process.
  6. What are the penalties involved if my company does not comply?

    Companies failing to comply with Sarbanes Oxley can be "de-listed" from the public market, resulting in negative publicity, falling stock prices, and lawsuits. Additionally, penalties for corporate officers participating in inaccurate certifications and deliberate mis-statement of financial reporting, involve prison time up to 20 years, and fines in the millions of dollars.
  7. How does complying with Sarbanes Oxley help my company?

    In addition to keeping your company in good standing with regards to public listing, and providing investors the confidence that the company is accurately reporting results, there can be other benefits as well. Often the focus of Sarbanes Oxley Compliance has prompted corporations to "tighten up" their internal controls, reducing the number of errors or potential for error, both of which can weaken profits. Sarbanes Oxley compliance can eventually result in a healthier, better controlled company. Because the IT and Financial Processes are so integrated in every company, a provider of Sarbanes Oxley compliance services who can seamlessly perform all areas of SOX consulting, rather than splitting this work between several firms, can ensure that your compliance is provided in the most complete and cost-effective manner.
  8. My company doesn’t need to comply with SOX until 2008. If I have never complied before, how long will this process take?

    The time required to comply with Sarbanes Oxley depends upon many factors: the sheer size of the company, type of industry, number of locations (foreign and/or domestic), structure of the company (centralized or decentralized), the IT Department and Application Software, and how well the company has currently organized and implemented internal control processes. In general, the first year that a company must comply is the most time consuming. The compliance process should begin as far in advance of the compliance deadline as possible, to allow companies the time to make any needed process or software changes in a reasonable timeframe. This way, companies can manage any required changes in a reasonable timeframe rather than be forced to implement them under tight, unmanageable deadlines.
  9. Can't I just purchase software to meet my Sarbanes-Oxley compliance requirements?

    While software can be purchased to help support the compliance with Sarbanes-Oxley, there is no software that can be purchased that in and of itself will meet the requirements of Sarbanes-Oxley. Software can aid in scanning documents, tracking inventory, approving purchase orders, etc, but in order to comply with Sarbanes Oxley, these supporting software packages must still be documented as processes, and tested. Un-tested "bolt-on" software, or software that has not been validated by your operating system supplier, can even create Sarbanes Oxley compliance issues if not installed properly.
  10. How much will it cost my company to comply with the Act?

    There is no quick answer to this question. The cost to comply with Sarbanes-Oxley, like the time required to comply with the Act, depends upon many factors. Again, the size of the company, number of processes involved, structure of the company, and the amount and type of internal controls currently in place, all play a part in the cost structure. At Spectrum, we "right size" your compliance level to your specific business. In other words, implementing the same controls of a billion dollar company, to a $300M company is inappropriate. We believe that to be effective, controls must be cost effective and designed around your company's activities, and we strive to develop procedures and controls that "fit" your particular environment. In order to do this, we first perform our due diligence to detail your organizations specific structure and processes, the amount and type of documentation that currently exists. Then we develop a plan and budget the estimated hours it will take to bring the client to compliance, and provide the estimated cost.

Spectrum Consulting - Home