Advisory Services
Internal Control Advisory and Sox 404 Compliance Services
Internal Control Advisory
Companies, who are not subject to Sarbanes-Oxley Section 404 compliance, might want to have an independent review of their system of internal control. The following services can be provided to companies across all industries:
​
-
Review or implementation of a recognized framework of internal controls (COSO)
-
Review of key business processes to improve efficiency and effectiveness of key processes with focus on risks and controls
-
Assist with formalization/enhancement of policies and procedures
Training Awareness and Education
MTAAS can provide training and awareness sessions regarding internal controls. Our training material can familiarize your in-house staff with internal control frameworks, different types of internal control, etc.
Our approach to training consists of four steps:
​
-
Obtain an understanding of your organization and training needs
-
Translate this understanding into an effective training design
-
Deliver training, done by professionals with substantial technical knowledge, quality and professional practical experience
-
Provide post event support by monitoring effectiveness
SOX 404 Compliance Services
​
The U.S. Sarbanes-Oxley Act of 2002 requires CEO’s and CFO’s of SEC listed companies to make periodic certifications on whether financial statements are true, complete and fairly stated. In addition, it requires management to evaluate and report their conclusions on the effectiveness of the company’s control procedures. To comply, CEO’s and CFO’s need a process to determine their confidence in the effectiveness of the company’s systems of control. The process also needs to be acceptable to the external auditors who will be required to attest to management’s assessment of internal controls over financial reporting. The following service modules are offered in response to the Sarbanes-Oxley Act of 2002:
​
Internal control framework assistance
​
MTAAS can benchmark your existing internal control framework against a recognized framework (Turnbull or COSO) and perform a gap analysis. We will work with management to design and document a uniform control framework and approach that is consistent with your risk profile to help management assess, test, re-mediate, monitor and track controls. Finally we will work with you to design a control self-assessment and certification process that meets your needs.
​
Internal controls over financial reporting process documentation
​
SOX 404 requires process documentation of the internal controls over financial reporting. MTAAS can assist you in the design and documentation of these controls. We will work with you to develop an entity-level business model and document your internal controls, to comprise risk and associated internal control requirements. Using the entity-level model, we help identify the processes that require enhanced control and can make recommendations accordingly. Experienced MTAAS professionals can assist you in developing detailed process and control documentation such as narratives, flowcharts and process-level workflows.
​
Internal control monitoring
​
By internal control monitoring, MTAAS will review the effectiveness and test the controls that management will certify as effective. We will work with you to identify the controls that you think are most critical. We will review their design and then develop test procedures aimed at assessing the effective operation of such controls. Routinely identifying and testing key controls provides management with a mechanism of monitoring internal controls.