Sarbanes-Oxley (SOX) Consulting & Compliance and Integrated Audits
Consulting & Compliance Services
The Sarbanes-Oxley Act requires that the management of public companies assess, document and monitor the effectiveness of the internal controls over financial reporting. The Sarbanes-Oxley Act of 2002 (SOX) was designed to improve the accuracy and reliability of financial reporting through implementation of good internal controls. Small, medium and emerging public companies may not have the internal staffing or knowledge to comply with the SOX regulations. We can help your public company to achieve SOX compliance in a cost-efficient way. Rotenberg Meril provides knowledgeable and cost effective SOX advisory and outsourcing solutions.
Whether you are experienced with SOX requirements and the new COSO framework or just starting the process to go public, our professionals have the experience to determine if your current internal controls are SOX compliant and to provide management with remediation recommendations to become compliant. We provide the required management level internal controls system documentation and risk assessment and conduct the annual required management level testing/monitoring of controls, and coordinating all SOX compliance activity with your external financial statement auditors.
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements.
Once public companies exceed non-accelerated filer status (>$75MM in public float), they must have a SOX audit by their independent audit firm, as part of an integrated audit of their financial statements. As discussed, the Sarbanes-Oxley Act requires that the management of public companies assess the effectiveness of the internal control of issuers for financial reporting. Section 404(b) requires a publicly-held company’s auditor to attest to, and report on, management’s assessment of its internal controls. RotenbergMeril is a PCAOB-registered firm and qualified to provide a SOX 404 internal control audit as part of an integrated financial statement audit of a United States public company reporting to the SEC.
Section 404 of The Sarbanes-Oxley Act requires all financial reports of US public companies to include an internal control assessment report prepared by management. This is designed to show that not only are the company’s financial data accurate, but the company has confidence in them because adequate controls are in place to safeguard financial data. The auditing firm does this after reviewing controls, policies, and procedures during a Section 404 audit, conducted along with a traditional financial statement audit.
SOX applies to all public companies in the U.S. and international companies that have registered equity or debt securities with the Securities and Exchange Commission and the accounting firms that provide auditing services to them.
The 2012 JOBS ACT – the Effect on SOX Audits
The Jumpstart Our Business Startups Act (or JOBS Act) is a law intended to encourage funding of United States small businesses by easing various securities regulations. It passed with bipartisan support, and was signed into law by President Barack Obama on April 5, 2012. The JOBS Act created a new category of issuer, called an “Emerging Growth” (ECG) company, in the interest of stimulating equity investment in companies by modifying the regulations surrounding registration, capital-raising activities, and compliance requirements. To qualify for this category, a company must have produced less than $1 billion of revenue in its prior fiscal year (and must not have sold common equity in a registered offering prior to December 8, 2011). A qualifying company would lose ECG status when one of the following occurs:
- Five years elapse from the IPO date
- Company produces more than $1 billion in gross revenue
- Company issues more than $1 billion in non-convertible debt within a 3-year period
- Company reaches accelerated-filer status (>$700MM public market float)
As an ECG, a company would be exempt from an external audit of their internal controls over financial reporting (SOX 404(b)) as long as they maintain ECG status. This would be a maximum of 5 years from the IPO date if no other conditions specified above are met before that time.
Existing public companies who do not qualify for ECG status are still subject to 404(b) requirements (external audits) once they exceed non-accelerated filer status (>$75MM in public float). This means that the JOBS Act has no impact on the requirement for existing public companies to meet existing requirements.