Last week I had the opportunity to speak with Protiviti managing director Paresh Raghani, who recently presented at the consultant firm's Webinar on Sarbanes-Oxley 404(b) compliance for small businesses.
Though the firm recommends a very systematic top down, risk-based approach to Sarbanes-Oxley compliance (in accordance with guidance from the Securities and Exchange Commission and the Public Company Accounting Oversight Board), Raghani repeated one piece of advice several times in our short conversation:
The best way for companies to achieve a very efficient, as well as a cost-effective compliance process is to work hand in hand with the auditors.
And he means hand in hand throughout the compliance process, not just during the external audit cycle. Protiviti has identified a six-step process for small businesses when it comes to Sarbox compliance. Those six steps, as Raghani laid them out, are as follows:
The key to surviving the auditor attestation phase is to understand the differences between what management is responsible for during the management certification phase and what the auditors will expect. For example, when it comes to documentation, Raghani gives this advice:
Create a pilot process, document the pilot process and make sure that you have an agreement with the auditor on the documentation standard so that as you continue, you are doing the right thing.
He also notes that though the SEC has granted several compliance deadline delays for small businesses in the past, he doesn't see another one coming. So if your small business hasn't started the process yet, you don't have time to lose.