ENTERPRISE RISK SERVICES
SERVICESRESOURCESCONTACT US
ARTICLES
Enterprise Risk Services > Resources > Articles
Our Approach to Internal Control Reporting
Internal Control Reporting Overview

The Sarbanes-Oxley Act of 2002 (SOX) makes reporting on internal control a reality for SEC registrants. In addition, many non-public companies and institutions are assessing the requirements of Sections 302 and 404 of the Act to evaluate and strengthen their existing internal controls and provide additional comfort and assurance to investors and stakeholders.

While the Sarbanes-Oxley Act is new, internal control reporting has been the subject of discussion for many years. As such, we have significant and relevant experience in internal control reporting in the regulated industries.

Guidelines & Requirements

Section 302 of the Act requires an evaluation and disclosure of existing internal controls. Section404(a) directs the SEC to adopt rules requiring annual reports (i.e., Form 10-K, 10-KSB, 20-F, and40-F) to contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of internal control over financial reporting. Section 404(b) of the Act requires the new Public Company Accounting Oversight Board to adopt standards for independent auditors to attest to management’s report on internal control.

Our Approach

We work with management to help them navigate through the compliance regulations of the SOX. Our SOX compliance services will be performed in accordance with the various SOX regulations, and we will work to ensure consistency and coordination with your external auditors. We believe a full-service certified public accounting firm is best suited to perform this work because of our commitment to studying the ever-changing GAAP, GAAS, and SEC environment.

Plante & Moran has developed an expansive client base by combining a high level of industry and technical knowledge with outstanding service. Our approach is to combine our industry, SOX, internal audit, and I/T expertise on an as-needed basis to complement client resources. We are confident of our abilities and are committed to providing the highest quality service. We understand your need for timely, cost-effective services. We strongly believe our approach will meet these needs and at the same time yield meaningful, business-oriented recommendations for continuing improvements.

Plante & Moran can provide the following resources to assist in Section 404 implementation:

  • Leadership to develop an overall strategy and plan to ensure cost-effective compliance
  • Project manager to assist management in developing the detailed implementation plan and managing resources and deadlines
  • Resources to document accounting processes and controls
  • Resources to identify significant controls and design tests to evaluate their effectiveness
  • Resources to assist with the testing of internal controls
  • Resources to remediate identified deficiencies
In addition to meeting the compliance objectives of Sarbanes-Oxley Section 404, Plante & Moran team members will bring opportunities for process and efficiency improvements to management’s attention.

Some of the key elements in beginning the process include:

  • Reviewing existing disclosures (i.e., Section 302)
  • Utilizing a 4-phase/8-step process to implement COSO, following the recommended COSO framework developed by the Council of Sponsoring Organizations of the Treadway Commission
  • Leveraging prior experience in internal control assessments/compliance in the regulated industries
  • Providing an industry focus to ensure proper recognition of risk factors and company strengths
  • Utilizing existing financial and non-financial control systems and processes
Based on this, we believe some of the critical success factors and requirements include:

  • Project sponsorship at the executive level (CEO, CFO)•Establish steering committee membership (roles & responsibilities)
  • Project management office•Internal control and risk management policy
  • Understanding of control environment and assessment of risk
  • Risk-based approach to documentation and testing of control systems (COSO)
  • Method for ongoing monitoring and communication

Our Internal Audit Service Continuum

Resource Assistance:

  • Geographic coverage•International operations
  • Specialty staff
  • Internal control design•Quality assurance reviews
  • Design & execution of risk-based internal audit models
  • Business process and functional reviews

Co-Sourcing:

  • Analysis of coverage and effectiveness of internal audit resources
  • Measurement of existing internal audit processes against Institute of Internal Auditors standards
  • Development & implementation of risk-based IA plans
  • Deliver best practice solutions
  • Assist or perform internal audit activities
  • Provide resources to perform financial, operational, IT and forensic fieldwork

Outsourcing:

  • Risk-based internal audit planning and execution
  • Internal audit function management
  • Management reporting

 
2008 Plante & Moran, PLLC. All rights reserved PMSecure File Exchange | Disclaimer | Privacy Policy | email webmaster
TO DOWNLOAD DOCUMENTS YOU MAY NEED TO INSTALL ADOBE ACROBAT TO ENHANCE EXPERIENCE YOU MAY NEED TO INSTALL FLASH