Does deployment QAD’s Enhanced Controls assure SOX compliance in an organization? The short answer is no. The long answer is QAD’s Enhanced Controls can assist your organization in building a comprehensive business model to attain SOX compliance.
Remember, SOX was authorized because a perception existed and still exists that Public Companies failed to properly exercise appropriate corporate governance which in turn led to fraudulent activities at certain public companies.
The Focus of the SOX Law is on Sections 302 and 404, Below is a list of significant bullets pertaining to the law.
• Section 302 specifies the CEO and CFO must personally certify they are responsible for internal controls’ and procedures’ design, effectiveness, conclusions, and disclosure
• They must disclose significant control changes, deficiencies, weaknesses, and fraud to their audit committee and external auditors
• Section 404 mandates that management evaluate and opine on their internal controls in their annual report
• The independent auditor must attest to management’s assessment of the effectiveness of financial reporting internal controls and procedures
The law requires management evaluation and auditor attestation to the presence and effectiveness of internal controls over financial reporting. Companies must report annually on internal controls in Form 10K and disclose:
• Management’s responsibility for establishing and maintaining internal controls and procedures for financial reporting
• Management’s conclusions as to the effectiveness of the internal controls and procedures for financial reporting
• A statement identifying the framework used by management to evaluate the effectiveness of internal controls
• A statement that independent auditors have issued a separate report attesting to management’s assertions
QAD’s Enhanced Controls is a piece of the technical infrastructure supporting the overall internal control framework. What does QAD’s Enhanced Controls do? It provides the company with an electronic audit trail. When a database table is targeted for enhanced controls, an audit database records data of changes to a target table for adds, deletes and modifications to the data table.
Insuring a strong compliance business model to support SOX compliance should include QAD’s Enhanced Controls or other database auditing tools.
For more information regarding this blog, feel free to contact me at avitullo@logan-consulting.com.
Andy Vitullo
Principal, Logan Consulting