Making Sense of COSO, ERM and Business Risk Assessment

Every company is exposed to a wide range of risks. It is crucial for organizations to understand and manage the risks it faces. But what’s the right approach to identify and manage your company’s risks? Let’s take a look at some of the basic principles and objectives of risk management — COSO, ERM, and business risk assessment — to see if we can help provide some guidance.

Read More “Making Sense of COSO, ERM and Business Risk Assessment” >

Why You Need a Good ERM Program

All companies face and manage a variety of risks every day. Some risks are extremely important and others not so much. So how do you know which ones are which? Having a good enterprise or business risk management program helps to identify, measure and prioritize the organization’s risks. This is best done using a defined methodology and with the oversight of senior management and the Board of Directors. Additionally, a good ERM program promotes a common understanding within the organization of the company’s risks and their potential consequences.

Read More “Why You Need a Good ERM Program” >

Are You Up to Speed on the Latest PCAOB Hot Topics?

As the watchdog for professional services firms that audit public companies, the Public Company Accounting Oversight Board (PCAOB) continues to take on new areas of focus through its inspections.  If you thought you were caught up with the PCAOB hot topics for SOX compliance – you may want to think again.  It’s never too late to get up to speed on what’s trending though.  Here is a brief summary of what our clients at AC Lordi are experiencing.
Read More “Are You Up to Speed on the Latest PCAOB Hot Topics?” >

What Is the Impact of SOX 404(b) over SOX 404(a)?

Section 404 of the Sarbanes-Oxley Act is one of the more complicated parts of the legislation. Section 404(a) requires that the management of publicly-held companies assess the effectiveness of their internal control over financial reporting (ICFR). Section 404(b) requires a publicly-held company’s independent auditors to attest to, and report on, the company’s internal control over financial reporting. But what exactly are the differences between 404(a) and 404(b) with regards to requirements and the extent of the effort necessary for compliance?
Read More “What Is the Impact of SOX 404(b) over SOX 404(a)?” >

What’s the Difference Between SOX and ERM?

The Sarbanes-Oxley Act of 2002 (SOX) was enacted on the heels of a number of accounting scandals and acts of corporate malfeasance to provide a variety of regulations for publicly traded companies.  In addition, these external factors have driven an increased interest by regulators in Enterprise Risk Management (ERM) to effectively identify, assess and manage risk.  Because both of these are risk-based initiatives and part of good corporate governance, we often get questions on exactly how they differ.

Read More “What’s the Difference Between SOX and ERM?” >

What You Need to Know About SOX Requirements for Reverse Mergers

For most newly public companies, the Securities and Exchange Commission (SEC) offers relief from certain Sarbanes-Oxley (SOX) requirements allowing time to prepare for the more vigorous aspects of SOX compliance for up to nearly two years. But what if you end up a public company as part of a reverse merger? Can you still get the same relief?

Read More “What You Need to Know About SOX Requirements for Reverse Mergers” >

A 3-Step Process to Ensure Key Reports Are Accurate and Complete

Management, in every type of business, use Key Reports as a basis for making decisions and for financial reporting (not just operational). Key Reports are now being tested due to the need for reliance on the accuracy and completeness of the source data within the reports. Every day businesses rely on the information in these reports, which is why it is so important to validate the accuracy and completeness of the data.  Read More “A 3-Step Process to Ensure Key Reports Are Accurate and Complete” >

How to Identify and Document Management Review Controls (Part 1)

The process for identifying and documenting management review controls (MRCs) can be extremely challenging for many companies. It takes significant resources and focus to initially implement. If done properly though, it can return substantial value, helping you to better evaluate the controls within your Sarbanes-Oxley compliance program and serving as an important roadmap in the event of employee turnover. In Part 1 of this post, we will see if we can better define exactly what qualifies as MRCs.

Read More “How to Identify and Document Management Review Controls (Part 1)” >