SOX / ICFR

Sarbanes-Oxley (SOX, JSOX, CSOX) Experience

Overview

Internal Controls over Financial Reporting (ICFR) compliance programs started in the U.S., and spread to other countries.  Initial compliance dates for a few prevalent programs are as follows:

Sarbanes-Oxley (SOX) – 2006 (enacted in 2002)

Japanese SOX (JSOX) – 2008

China SOX (CSOX) - 2012

I started developing ICFR compliance programs in 2003 before definitive SOX guidance had been issued, and since then I have led ICFR programs under JSOX and CSOX guidance as well.

Objectives

No Material Weaknesses

Strengthen control environment through education

Compliance with SOX/JSOX/CSOX regulations

Optimization of ICFR program

Approach

Pragmatic approach to risk assessment and scoping

Focusing on key controls and risks that could result in material misstatements

Creating secondary analytic controls that limit potential exposure of primary control failures

Educating control users and management on the significance of internal controls

Results

I have implemented over 10 SOX, Japanese SOX (JSOX) and China SOX (CSOX) programs during my career

Led and executed SOX/JSOX/CSOX testing at dozens of companies

Value

Non-compliance or material weaknesses often cost financial executives their jobs

Optimizing the ICFR program while remaining compliant reduces professional service fees, and minimizes the use of company resources