Edelkoort Smethurst Schein CPA’s LLP will provide a company with all of the resources (Project Lead) or part of the resources (Project Support) needed to implement and maintain C-SOX certification.
The road to Bill 198 compliance can be very time consuming and expensive. Furthermore, failure is not an option in terms of compliance. Therefore it is important to carefully plan and manage the project. The number of resources required and length of time needed to complete a Bill 198 project depends on the size and complexity of the company.
Project Lead – leading the entire project from inception to certification would include;
- Top-down review of financial statements to determine overall project scope.
- Assessment of key risks to financial reporting
- Documentation of business processes, general IT controls and entity controls.
- Identification and tabulation of key controls matrix / control weaknesses.
- Sample (walkthrough) to validate the processes and controls.
- Internal control gaps remediation.
- Design tests.
- Conduct ongoing independent tests.
- Overall feedback on control environment and best practices.
Throughout the process we would work closely with the company’s process owners, management team and others to ensure that a tight schedule is maintained using daily updates and weekly progress reports. We would work with your team to ensure that corrective action will result in the elimination of all key internal control gaps. Feedback to senior management and steering committees can be accommodated by the progress reports or in person sessions as required. After the control framework has been finalized, it will be necessary to test the controls by drawing samples throughout the year to confirm that the controls are indeed working as expected. This in essence is certifying that the company’s controls are designed properly and that they are operating effectively. It is important that the test designs are done with care. The tests will greatly impact the resources required for ongoing testing, provide consistency in testing, and ultimately ensure that any potential significant deficiencies or material weaknesses are identified. We will provide test designs and provide the independent resources to perform ongoing tests.
Project Support – depending on the size project or organization, a company may already have a project team in place or may have completed a substantial portion of the work required. In these situations, a company may need only selected services. Examples of this would be in the areas of designing tests or independent testing. Independent 3rd party testing for the effectiveness of internal controls is a good way for companies to augment their resources, and provide additional assurances to management and other stakeholders. In that way, services can be specifically tailored to a company’s needs.
It should be noted that Bill 198 and SOX regulations are relatively new and evolving, and it is therefore important to keep abreast of the latest developments.
Remember also that Bill 198 pertains to only publicly traded companies – those listed and traded on the TSX. However, the rationale for ensuring strong internal controls, sound corporate governance, and overall risk management is applicable to any organization. We would be pleased to discuss a SOX “Lite” project and other risk management programs for non publicly traded organizations.
Feel free to call for a consultation about services.