The Sarbanes-Oxley Act requires public companies to undergo strict audits of financial reporting and internal controls. The SOX audit tests for variances and misstatements in financial reporting, internal controls, and governance in the accounting department. Failing a SOX audit may result in a required corrective audit.
Sarbanes-Oxley is legislation passed by the United States Congress that requires public companies to undergo strict audits of financial reporting and internal controls. These audits, known as SOX audits, are quite common and do not necessarily mean that a company is incorrect in its accounting processes. The audit provides information for investors and other interested parties with insight into how well the company maintains general accounting standards and has adequate management controls over business and financial reporting.
The SOX audit will begin with a meeting between the auditors and the company’s management. During this meeting, the auditors will discuss the scope, duration, purpose, and expected results of the review process. Publicly traded companies have some concessions when hiring an auditor for the SOX audit process. However, the accounting firm performing the audit must be registered with the government or with accounting oversight agencies. This assures the public that the auditors performing the fieldwork and review have the appropriate education and training necessary to perform the audit. SOX auditors should also be separate from regular company auditors. If the same auditors perform both audits, this may be a conflict of interest.
A SOX audit tests for variances and misstatements in a company’s financial reporting, the strength of internal controls, and governance in the accounting department. By testing for variations and errors, auditors will review documents prepared by the company. Auditors can also recalculate financial paperwork and compare preparation instructions to standard accounting principles. While some variance is generally acceptable, variances or misstatements in excess of five percent are generally considered significant.
Internal control reviews test which employees are responsible for which activities, how many similar tasks one person performs, which manager oversees various employees, who has access to accounting software, and what defaults are in place to discover errors in accounting software. The SOX audit will primarily focus on internal controls, as these are the procedures specifically intended to limit errors and prohibit fraudulent activities related to the company’s financial reporting.
The SOX audit will generally not provide a company’s management with the necessary corrective actions to resolve accounting issues. While some guidance is necessary, SOX auditors will quickly blur their independence by offering too many corrective actions, as this falls within the realm of consulting services. Under SOX laws, auditors are not allowed to offer consulting services to their audit clients, as this will result in multiple accounting services being offered through one accounting firm.
Failing a SOX audit will often result in a required corrective audit. Most auditors will score the audit on a 100-point scale, with anything less than 70 points resulting in a scheduled re-audit. The corrective audit will test the areas in which the company failed during the initial audit, and will ensure that the company’s corrections are effective and will continue in perpetuity to safeguard company information.
Smart Asset.
Protect your devices with Threat Protection by NordVPN