When a multinational, technology corporation headquartered in California was looking for an outsourced Sarbanes-Oxley (SOX) compliance solution to replace its former internal audit team, the company turned to PBO Advisory Group. The communications and software provider with entities on five continents was already relying upon PBO Advisory for interim accounting services so the request for SOX compliance work was an appropriate extension of our services.
The company had recently gone through a restructuring to reduce expenses and head count. As a result, there was a reduction in workforce of six internal audit positions. Following the restructuring, the company significantly reduced the number of internal controls and reassigned duties to existing staff. With multiple ERP systems and supporting financial-related systems and a complex IT environment, the company had multiple risk points. At mid-year, the company switched external auditors resulting in a late start of the internal SOX 404 (a) internal control assessment. Additionally, the external auditors were also under time pressures to perform the first year SOX 404 (b) attestation.
The company’s management engaged PBO Advisory to perform the SOX 404 (a) assessment, which included:
Prior to arrival of the new external auditors, we had prepared a top-down risk-based assessment of the company and had determined which entities, accounts and internal controls were in scope. For the North American entities, our group evaluated the design and operation of the key internal controls and performed the testing. For the overseas entities, we assisted the in-country with the evaluation of the design of the key internal controls and performed final review of its testing. Any deficiencies were identified early enough for the company to remediate prior to year-end.
PBO Advisory, the company’s management, and the external auditors met to plan and coordinate the approaches and testing. The new external audit firm agreed with our scoping, and relied broadly on our testing of North America, and IT general control testing for North America and the overseas entities.