General
Our
approach is that the SOX process can be very beneficial to the company by
improving the control mechanisms in connection with the processes that have an
impact on the financial statements, as well as by improving the overall control
environment of the organization.
Our
firm has been rendering SOX (article 404) services since 2004 (the year in
which the Sarbanes Oxley Act went into effect) to companies traded in the U.S.,
and ISOX services to companies traded on the Tel Aviv Stock Exchange. In
rendering these services, the firm incorporates the expertise of its employees
in the areas of accounting, internal auditing and information systems auditing
which provides the capability of analyzing accounting and operational
processes, identification of control faults in manual and automated processes,
and providing operational recommendations for the improvement of internal
control mechanisms. Among our clients in this area are ClickSoftware
(NASDAQ:CKSW), DSPG (NASDAQ:DSPG), DSP Ceva (NASDAQ:CEVA), Sapiens(NASDAQ &
TASE :SPNS), Commtouch (NASDAQ:CTCH), LivePerson (NASDAQ:LPSN),Magic Software
Industries (NASDAQ:MGIC), Attunity (NASDAQ:ATTUF), BluePhoenix (NASDAQ: BPHX),
Formula(TASE: FVT) and RadView (NASDAQ:RDVWF (.SOX and ISOX services are rendered in accordance with the law
that is relevant to the client being audited and in accordance with generally
accepted principles. In performing the audit, we utilize, when necessary,
advanced auditing techniques, including computerized audit tools. In our
opinion, the combination of experience in internal and information systems
auditing and information systems analysis grants the audit we perform added
value, to the benefit of the audited organization.
Audit process
Determining the scope of the audit
On
the basis of an analysis of the financial statements, conducting interviews
with the relevant parties at the client, and obtaining additional material, we
are able to identify the material accounts and the processes that impact these
accounts, as well as the sites that are relative to SOX-related work. In
addition, we will perform a risk assessment in order to determine the risk
level of the accounts and the processes. The results of this stage of the work
constitute the de facto work framework necessary for the SOX project.
Documentation of the process and controls
• We document the major
processes and sub-processes which have a material impact on the financial
statements.
• The
documentation of each process includes a verbal description, flowcharts and a
table that maps the controls.
• Control
problems may already arise in the documentation phase, such as the absence of
controls or controls that were not designed adequately enough to achieve their
desired goals. These problems will surface in the documentation stage, providing
us with the opportunity to improve them as early as possible in the process.
Testing the effectiveness of the controls
This
phase includes:
• Testing for the
existence of gaps between the controls set out by management and the actual
implementation of the controls. These tests address only those controls that
passed the previous stage since there is no reason to test controls that were
found to be unsuitable.
• Preparation of a
document that describes the tests that were performed, the results thereof and
recommendations for improvement.
Re-testing
On
the event that control problems are identified, we will, at the request of the
Company, retest the controls that have been remedied by the company.
|