All companies face and manage a variety of risks every day. Some risks are extremely important and others not so much. So how do you know which ones are which? Having a good enterprise or business risk management program helps to identify, measure and prioritize the organization’s risks. This is best done using a defined methodology and with the oversight of senior management and the Board of Directors. Additionally, a good ERM program promotes a common understanding within the organization of the company’s risks and their potential consequences.
Section 404 of the Sarbanes-Oxley Act is one of the more complicated parts of the legislation. Section 404(a) requires that the management of publicly-held companies assess the effectiveness of their internal control over financial reporting (ICFR). Section 404(b) requires a publicly-held company’s independent auditors to attest to, and report on, the company’s internal control over financial reporting. But what exactly are the differences between 404(a) and 404(b) with regards to requirements and the extent of the effort necessary for compliance?
Read More “What Is the Impact of SOX 404(b) over SOX 404(a)?”
The Sarbanes-Oxley Act of 2002 (SOX) was enacted on the heels of a number of accounting scandals and acts of corporate malfeasance to provide a variety of regulations for publicly traded companies. In addition, these external factors have driven an increased interest by regulators in Enterprise Risk Management (ERM) to effectively identify, assess and manage risk. Because both of these are risk-based initiatives and part of good corporate governance, we often get questions on exactly how they differ.