Services

With recent announcements by the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) regarding interpretive guidance and a new auditing standard for internal control over financial reporting, many companies are trying to determine how this will affect their compliance with Section 404 of the Sarbanes-Oxley Act.

The SEC also said it will not delay implementation for non-accelerated filers, which means those companies need to comply with the management reporting provisions by their fiscal year ending after Dec. 15, 2007. Given this decision, it is critical that companies who have not yet developed their compliance program begin now. Organizations with a program already in place have an enormous opportunity to take advantage of the new guidance to help reduce costs.

Prior to the SEC guidance being issued, management based their compliance program on Auditing Standard No. 2, a standard which was written for the external auditors and not for management. As a result, compliance programs were rigid, costly and did not take advantage of the knowledge management had of its own controls. 

Today, management has a unique opportunity to take advantage of this new guidance to avoid many of the common pitfalls associated with SOX compliance programs. The guidance provides flexibility and empowerment to management for evaluating its internal control over financial reporting. Management can work from its own set of principles and knowledge to establish a program that streamlines compliance efforts.

Still, non-accelerated filers — generally, small and midsized companies — face a few key challenges:

• Limited project and program management resources
• Lack of deep SOX technical expertise, both financial and IT expertise — know-how that can represent management with the external auditor to ensure the program is designed by management and not the auditor
• Inadequate technology platform to promote collaboration
• Difficulty developing a program that is designed for SOX compliance in the second year

How we can help
At RSM McGladrey, we believe effective project and risk management disciplines are essential to meeting SOX requirements. Managing risk in key areas of your business shapes the future of your company and helps you achieve SOX compliance in the most efficient and cost effective manner.

Our services range from an initial risk assessment and executive education — when most companies struggle with a steep learning curve — to full first-year program and project management. The program is designed to assist with your needs, identify areas to improve efficiencies and establish a training plan to get you where you need to be in the second year of compliance and beyond.

We’ve developed an innovative approach to achieving compliance — one that is consistently accepted by external auditors. With our approach, we help you drive the SOX program into your organization. As a result, process owners take ownership, risk awareness increases, mechanical efforts that don’t add value are avoided and second-year programs hit the ground running — all are outcomes that take you beyond mere compliance and steer you down the path of effective risk management.

Information technology
RSM McGladrey’s dedicated Technology Risk Management Services practice serves our clients’ general information technology (IT) needs, as well as plays an integral role in SOX compliance efforts.

Through our integrated approach, we have embedded our IT professional services into our clients’ SOX compliance programs, working seamlessly with the concurrent assessment efforts of internal controls over financial reporting. Our IT consultants address general computer controls and entity-wide processes related to security, change control and computer operations.

We have adopted the IT Governance Institute’s Control Objectives for Information and related Technology (CobiT) and the recent Institute for Internal Auditor’s Guide to the Assessment of IT General Controls Based on Risk (GAIT). These frameworks allow our top-down, risk-based assessment of IT general controls to accomplish the same objectives as those assessing internal controls over financial reporting.

Why RSM McGladrey
RSM McGladrey is a professional services organization that understands the unique challenges you face in meeting SOX requirements. With this in mind, we offer a customized, flexible approach that’s based on your needs.

We have a staff of more than 350 professionals dedicated to risk management services, including SOX, internal audit and technology risk consulting. And our organization is structured to align with key industries. This means we understand how your organization is staffed and can anticipate the issues you’ll face.

And because RSM McGladrey offers a comprehensive range of business consulting services targeting key areas of your business — such as tax, operations, strategy and human resources — you don’t have to look elsewhere for professional services when needs arise.