The needs of a company with respect to corporate governance and internal controls will be dependent upon on its size, maturity, specific environment and other factors.

RCI assists large, complex organizations as well as small and medium sized enterprises, to ensure that they comply with applicable regulations and implement best practices. We work closely with company management and other key individuals within the company to understand your company’s current processes, the political and cultural environments in which you operate, and the vision and goals of your organization. This knowledge, along with broad and diverse experience, is critical to finding and implementing the best solutions.

Our services in this area include:

       Risk assessment

       Process review, analysis and recommendation

       Assist in establishing or enhancing standards, processes and procedures

       Development of good management practices

       Sarbanes-Oxley §404 (Internal Control) documentation, testing,
         monitoring, reporting and remediation

Compliance. Sarbanes-Oxley. The legislation that has transformed financial reporting and corporate responsibility for publicly traded companies. The concepts are already moving into the private and not-for-profit sectors. Are you ready for it?

Section 404 of the Sarbanes-Oxley Act requires publicly traded companies to assess and report on the effectiveness of their internal controls over financial reporting on an annual basis. Larger public companies must already be in compliance with this law. Smaller public companies have until 2007.

New requirements for auditors which went into effect in 2006 and 2007 effectively require an assessment of internal controls for any company which has audited financial statements. Standard Auditing Statements (SAS) Numbers 105-111, otherwise known as “The Risk Assessment Suite” are effective for audited periods beginning on or after December 15, 2006.  SAS No. 112, “Communicating Internal Control Related Matters Identified in an Audit” is effective for years ending on or after December 15, 2006.  

While the Risk Assessment Suite is more comprehensive, SAS No. 112 still requires auditors to communicate to management significant deficiencies and material weaknesses in internal controls that are identified in their audit. Companies can be better prepared for upcoming audits by conducting their own evaluation of internal controls, and making necessary changes (remediation). Although the initial process of risk assessment, documentation, remediation and reporting is complex and time consuming, having good internal controls in place benefits and protects the company.

In June 2006, the Committee of Sposoring Organizations of the Treadway Commission (COSO) published “Internal Control over Financial Reporting – Guidance for Smaller Public Companies”. A free copy of the Executive Summary may be downloaded in PDF format. A companion document, Frequently Asked Questions, is also available. COSO also provides an executive summary of Enterprise Risk Management - Integrated Framework in several languages, including Russian. To download the executive summary or order the full report, go to the COSO Publications page.

The complete Guidance is very helpful not only to smaller publicly traded companies, but also to any company with audited financial statements. 

This is a complex and extensive area.  If you want more information, please contact us.  Robertson Consulting International has experience in documentation and testing of internal controls and can help you.  And don’t forget that financial spreadsheets are a significant area of concern for internal controls. Let The Spreadsheet Doctor cure those ailing spreadsheets!

1579F Monroe Drive #515    Atlanta, GA    30324   Phone: (404) 607-9138