The SOX audit will start with a meeting between the auditors and company management.
Sarbanes-Oxley is legislation passed by the US Congress that requires publicly traded companies to undergo rigorous audits of financial reporting and internal controls. These audits, known as SOX audits, are quite common and do not necessarily mean that a company is wrong in its accounting processes. The audit provides information to investors and other interested parties on how the company maintains general accounting standards and has adequate management controls over business and financial information.
The SOX audit will start with a meeting between the auditors and company management. During this meeting, the auditors will discuss the scope, duration, purpose, and expected results of the review process. Public companies have some permissions when hiring an auditor for the SOX audit process. However, the accounting firm performing the audit must be registered with government or accounting oversight agencies. This assures the public that the auditors performing the fieldwork and review have the proper education and training necessary to perform the audit. SOX auditors must also be separate from regular company auditors. If the same auditors perform both audits, there may be a conflict of interest.
A SOX audit tests variances and errors in a company’s financial reporting, the strength of internal controls, and governance in the accounting department. When testing variances and misstatements, the auditors will review the documents prepared by the company. Auditors can also recalculate financial paperwork and compare preparation instructions to standard accounting principles. While some variance is normally acceptable, variances or misstatements in excess of five percent are generally considered material.
Internal control reviews test which employees are responsible for certain activities, how many similar tasks an individual completes, which manager oversees multiple employees, who has access to accounting software, and what standards exist for discovering errors in accounting software. The SOX audit will largely focus on internal controls, as these are the procedures specifically designed to limit errors and prohibit fraudulent activities related to the company’s financial reporting.
The SOX audit will generally not provide company management with the corrective actions necessary to resolve accounting issues. While some guidance is certainly needed, SOX auditors will quickly confuse their independence by offering too many corrective actions when they enter the field of consulting services. Under SOX laws, auditors may not offer consulting services to their audit clients, as this will result in one accounting firm offering multiple accounting services.
Failure of a SOX audit will generally result in a required corrective audit. Most auditors will rate the audit on a 100 point scale, and anything less than 70 points will result in a new scheduled audit. The corrective audit will assess the areas in which the company failed during the initial audit and ensure that the company’s corrections are effective and continue in perpetuity to safeguard company information.