Sarbanes-Oxley 合规 服务
The Sarbanes-Oxley (SOX) Act of 2002, specifically Section 404, 要求上市公司的首席执行官和首席财务官在他们建立的每个年度报告期结束时记录和评估, 维护, 并检验了上市公司财务报告内部控制(ICFR)的运行有效性。. 然后,上市公司的独立审计师必须就管理层对上市公司ICFR的评估提供意见. 首席执行官和首席财务官还必须在每个季度和年度报告期末证明,他们对基于《明升app》第302条的ICFR的设计和运营有效性负责.
上市公司通过制定合规计划来建立对SOX法案的遵从性,该计划包括适当的标准,以确保已识别出重大的财务报告风险, assessed and key internal controls put in place to mitigate those risks. The most prominent guideline utilized by public companies is the Internal Control – Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
整体, 确保遵守SOX法案的流程要求上市公司具备SOX法案要求的专业知识, COSO框架, and the internal control auditing methodologies followed by the independent auditor.
LBMC’s Sarbanes-Oxley Specialists have extensive knowledge and experience with the SOX Act, Section 404 documentation and testing requirements, COSO框架, 公认会计原则(GAAP)和上市公司会计监督委员会(PCAOB)审计准则(特别是AS 2201). We have been assisting numerous public companies with their SOX 合规 programs; working closely with their independent auditors. 无论您是成熟的上市公司,还是正在通过传统的公开发行(IPO)或特殊目的收购公司(SPAC)进入公开市场的公司。. We can help you with your SOX 合规. 明升体育app下载服务可以根据您需要的支持进行打包或选择,包括以下内容:
- Documentation and Assessment of 合规 with COSO框架
- Risk Assessment Facilitation
- Documentation of Significant Processes and Systems
- Financial Reporting Risk and Internal Control Assessment
- Internal Control Testing and Reporting of Testing Results
Why outsource SOX compliance?
LBMC拥有SOX法规遵从专家团队和完善的SOX法规遵从流程,可帮助公司以高效且经济的方式建立或继续遵守SOX法案. 明升体育app下载资源可以分配给多个客户,从而降低成本,为您节省大量成本.
Companies that outsource the SOX compliance process generally meet the following profile:
- 公司正处于通过IPO或SPAC进入公共市场的过程中,并且没有一个既定的框架来管理SOX合规性,也没有必要的资源来建立一个全面和合规的计划.
- 为了留住管理SOX法规所需的人才,上市公司已经经历了成本的显著增加,并且/或者无法利用组织内的专业知识,从而导致人才的利用不足.
- Public company is unable to attract the talent that is needed to manage SOX 合规.
LBMC SOX 合规 服务
LBMC提供各种SOX遵从性服务,可以根据每个公司的需求进行定制. 我们通常提供的服务包括以下描述的一个或多个遵从性阶段:
Documentation and Assessment of 合规 with COSO框架
We assist clients with documentation and assessment of compliance with COSO框架, completion of COSO框架 templates, and assessment of control gaps. 除了, 我们为评估与COSO框架的遵从性时确定的关键治理控制提供实体级控制测试服务.
Risk Assessment Facilitation
When assisting clients with a risk assessment, we follow a top-down, 基于风险的方法,以确保未来的合规工作只关注关键的过程和系统. 风险评估的目的是确定重要的财务流程和系统,这些流程和系统将作为SOX合规流程的一部分进行记录和测试.
我们与您的内部审计部门或直接与公司管理层合作,了解产生财务报告的系统,并评估与财务报告可靠性和准确性相关的风险. 然后, 我们制定了一份内部控制的清单,这些控制是或应该是用来保护财务报告过程的.
Documentation of Significant Processes and Systems
我们能够以一种有效的方式有效地记录组织的重要过程和系统. 由于所有重要的过程和系统都需要详细的访谈和文档工作,SOX遵从性过程的这一阶段通常很麻烦.
By maintaining continuity on your SOX audit engagement year after year, our auditors develop a deep level of familiarity with your processes and systems, and you don’t have to waste time re-training our team members. 这种熟悉程度不仅可以实现最有效的SOX遵从性,还可以建立牢固的工作关系.
Financial Reporting Risk and Internal Control Assessment
As we develop our understanding of our clients’ critical processes and document the related systems, 我们将评估每个过程中固有的关键风险,以确定哪些关键风险最有可能阻止相关过程实现其目标. We will then understand and assess the key controls in place to mitigate those risks. We will then report any control gaps for remediation.
Internal Control Testing and Reporting of Testing Results
After the key internal controls are identified, 我们与客户一起制定测试计划,以评估这些控制的操作有效性. 在这个阶段, 我们将经常与相关的财务报表审计师沟通,以确保我们同意正在测试的控制, the frequency and timing of the testing, the documentation to the testing and the related testing sample sizes. Communication is critical during this phase to ensure all parties are on the same page.
在测试期间, 我们经常向客户管理层提供最新信息,以确保所有控制缺陷都被了解并尽快纠正. 除了, 在测试之后, we will provide formal reporting to management and the related audit committee, 如果请求.
