We are living in a turbulent world. But the SOX compliance requirements remain fairly static. It’s not as if the SEC is going to relax the requirements for companies to assess the condition of internal control over financial reporting, or that the PCAOB will reduce the requirement for the external auditor to provide their independent assessment.
Yet, there are issues and challenges that we need to consider.
Protiviti has done a decent job summarizing some of them in SOX Risk Assessment in the Time of COVID-19. (The text in italics is my addition to the author’s writing.)
I will come back to points of difference, even omission, later. Here are some highlights:
- “Though forecasts may still be in the process of being reworked, they may prove to be the more suitable starting point” in determining materiality and which accounts and locations should be in scope. Note: that has always been best practice.
- “Usual measures such as net income before tax are likely to be substantially lower for FY20 and even negative for some companies. In such situations, other measures such as EBITDA or revenue may need to be used and several materiality scenarios assessed.” This should be discussed with the external auditor. There is existing guidance on what to do when results are abnormal, including when there…
