HOW SHOULD WE DO IT?

It is essential that you build the risk control framework properly at the start. In its latest guidance, the SEC has focused on starting with a good risk assessment as the most important way to give investors assurance while keeping costs under control.

For most non-accelerated filers, this is a task that they should not do on their own. Determining what the risks are, their importance, how they should be controlled and how those controls should be tested, requires expertise that most companies don’t have.

The Goldilocks principle applies to finding the right number of risks and controls…too few and your company must trumpet the fact that it is a risky proposition for an investor (which will drive your stock price down.) Too many and you are spending an exorbitant amount of time and money with your in-house team or with consultants to unnecessarily document test and perform controls. You then spend even more money on auditors checking and re-performing your work.

Like Goldilocks, you want to get it just right.

Once a good Risk Control Framework is developed, you can proceed, most CFOs who have successfully implemented a Sarbanes Oxley compliance strategy find it is important to get your auditors involved early.

WHAT DO WE HAVE TO DO BY WHEN?

COUNTDOWN TO COMPLIANCE / TIMELINE: