Tuesday, 2 September 2014

[Framework] SOX vs J-SOX

This posts will discuss the key differences between Japan's J-SOX and US's SOX Framework.


BACKGROUND

Sarbanes Oxley Act of 2002 was enacted in esponse to accounting frauds and scandals. Below are key effects of SOX:-
1. Top management must individually certify the accuracy of financial information.
2. Severe penalties for fraudulant financial activity.
3. SOX increased the oversight role of boards of directors.
4. Independence of external auditors who review the accuracy of corporate financial statements are increased.


SOX MAJOR COMPONENTS
SOX elements consists of the following:-
1. Public Company Accounting Oversight Board (PCAOB)
2. Auditor Independence restricts auditing companies from providing non-audit services (e.g., consulting) for the same clients.
3. Corporate Responsibility

4. Enhanced Financial Disclosures. (Enhanced financial reporting requirements including off-balance-sheet transactions, pro-forma figures and requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates both audits and reports on those controls.)
5. Analyst Conflicts of Interest
6. Commission  Resources and Authority
7. White Collar Crime Penalty Enhancement
8. Corporate Tax Returns
9. Corporate Fraud Accountability


SOX PROVISIONS

Key SOX Provisions relevant to controls:-
1. Section 302 - Disclosure Controls
2. Section 404 - Assessment of Internal Controls


J-SOX'S SCOPE
1. Determine the scope by reasonably considering the materiality of the quantitative and qualitative impacts to the financial reporting.

2. Evaluate company-level internal controls. The list of elements is similar to COSO, with the addition of "Response to Information Technology."

3. Evaluate process-level internal control over closing and financial reporting. Controls are divided into company-level controls and process-level controls. The company level controls should be evaluated at all business units.


J-SOX VS SOX
1. IT & Process Driven
  • While SOX's guidelines are at a higher level, J-SOX emphasize on IT controls with an additional "response to IT" objective and listed "IT Support" as an internal control. Emphasis on IT controls could potentially results in less reliant on auditors.
  • Audit automation creates efficiency in the IA process with relevant software.
2. Consulting Roles
  • J-SOX does not restrict consulting roles offered by External Auditors to same client.
3. Preservation of Assets
  • J-SOX similar to COSO framework's "preservation of assets" objective has added a "preservation of assets" to its controls.
  • Depending on the perspective and where the controls are tested (entity/process level) it could skews towards operational controls rather than financial reporting controls.