• Services
  • Audit Services
  • Tax Services
  • Risk Advisory
  • Transaction Advisory
  • Other Services
  • Success Stories
• About KBA
  • Transactions
  • Partners and Principals
  • Testimonials
  • Distinctions
  • Privacy Policy
• News & Events
  • Press Releases
  • KBA Newsletters
  • Events
• Resources
  • Tax Updates
  • Financial Tools
  • Helpful Links
  • Articles
• Careers
  • Benefits
  • Opportunities
  • Employee Testimonials
• Affiliations
• Contact Us

KBA Group LLP has been working with public companies and helping them meet their reporting needs for 25 years.  We currently work with 20 public companies and understand the implications and requirements of Section 404.  Our risk advisory services team has the expertise to perform a full implementation or consult with your team as necessary to facilitate your 404 implementation. 

Section 404 Implementation Process

Below is a flowchart that provides an overview of the implementation process our professionals utilize to assist clients:

Planning and Scope

• Evaluate entity-level risk and identify company wide controls including tone at the top, enterprise-wide risk management, and fraud identification/ prevention, to facilitate a risk-based approach to Section 404 compliance. Note: The following components of internal control will be evaluated from an entity-level perspective: control environment, risk-assessment, information and communication, control activities and monitoring
• Assess materiality at both the financial statement level and the individual account balance level using quantitative and qualitative factors
• Determine locations for performing audit procedures
• Review risk assessment documentation, if any, and gain understanding of significant processes
• Evaluate controls that specifically address the risks of fraud
• Identify need for automated tools
• Establish time line

Evaluation at Process, Transaction and Application Levels

• Identify and document significant account balances, processes and financial statement disclosures and related rules
• Identify and document relevant financial statement assertions for each significant account balance and financial statement disclosure
• Identify and document processes that influence the selected accounts

Testing

• Perform procedures to evaluate the operating effectiveness of controls as documented
• Evaluate the results of the procedures
• Remediation
• Establish processes to evaluate the system of internal control over time

Prepare management report on internal controls.

Independent auditor prepares attestation report based on the auditor's testing.

About Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 has far-reaching implications for all public companies. The roles of public company management, the audit committee and the public accounting firm are affected in a multitude of ways. Those companies that address the issues arising from Section 404 and institute best practices today will be best positioned to attain their business objectives in the future.

In the Public Company Accounting Oversight Board’s (PCAOB) Proposed Auditing Standard relating to Section 404, both management and the external auditor are required to report annually on internal controls over financial reporting. The Proposed Standard impacts the scope of responsibilities for management, auditors and also affects what is required of the audit committee.

The Impact for Management

The Proposed Standard specifically describes the responsibilities required of management in performing its assessment of internal controls over financial reporting.  According to Section 404 (a), a public company’s annual report will contain management’s internal control report, which:

• States management’s responsibility for establishing and maintaining adequate internal control over financial reporting, and
• Contains an assessment, as of the end of the company’s most recent fiscal year, of the effectiveness of its internal control over financial reporting.

The Impact for Audit Committees

Audit committees are facing increased responsibility and accountability. In the Proposed Standard, the PCAOB emphasizes the importance of the audit committee's oversight role and requires the independent auditor to evaluate a number of factors related to the effectiveness of the audit committee.  According to Section 404 (b) a company’s auditors must attest to and report on:

• The internal control assessment made by management in accordance with the standards for report engagements issued or adopted by the Public Company Accounting Oversight Board.
• The report is to be prepared by the company’s independent auditor.

Audit committees and management need to be aware that the rules and deadlines for Section 404 compliance are still evolving.  Therefore, decisions made today may need to be reconsidered and changed in the near future.

Despite these uncertainties, companies must begin now to develop an understanding of their responsibilities and implement an action plan.  An early start is essential if companies expect to complete the entire evaluation process and provide sufficient time for their independent auditors to complete an audit of internal control.

For more information, contact Camille Irvin via email or call her at 972.788.0330.