Tremendous disruption caused by COVID-19 led companies to focus more than ever on risk management, governance, and internal controls. Operating and administrative environments pivoted to a highly dynamic and fluid state, with predictability and normalcy only just beginning to come into focus. However, one thing that hasn’t changed is the need to maintain strong internal control, especially for public companies that need to meet SOX 404 reporting requirements.
No matter when your fiscal year ends, it’s important to review the health of your internal controls frequently to ensure they’re working properly and keeping your company protected from risk. Now is a crucial time to pause and reflect on how recent changes may have impacted those controls. That’s why we’ve created an internal controls checklist, which reporting companies can use to organize key activities into quarterly milestones and check in on progress throughout the year.
In addition to the checklist, here are some guidelines to help you stay on track:
Focus on what’s important
Examine your organization at a high level to determine the need for adjustments and the presence of risk management shortfalls:
- Evaluate if organizational departures have affected the ability to keep up with requirements and responsibilities.
- Reinforce themes of ownership and accountability through proactive discussion with staff.
- Update and, if necessary, revisit the annual risk assessment to ensure all necessary changes have been addressed and incorporated.
Adjust controls as necessary
- Identify temporary and permanent changes in your control environment that have changed business operating conditions.
- Confirm the existence and effectiveness of compensating controls to address obvious internal control shortfalls.
- Monitor and evaluate all control activities early and often to ensure consistent and effective operation.
When looking ahead to year-end, be sure to invest time in identifying, documenting, and disclosing critical changes on periodic financial statements, subject to the appropriate level and precision of review. Factor in any discontinued operations, M&A activity, divestiture of business, debt relief, etc.
We find it helpful for our clients to address these internal control challenges first through a high-level, systematic approach — the checklist will help you make that assessment. If you find that you have more unchecked boxes than you expected, there’s still time to act. For additional support and guidance, contact our team today.