The operational experience, information and insight to help the CFO work more strategically
 

Rapid International Growth Testing European Markets - HSP Overseas Direct SOX Compliance HSP Global Assessment Logistics Assistance & VAT Issues
 

SOX Compliance

This venture-backed client asked High Street Partners to help assess the requirements and impact of Sarbanes-Oxley (SOX) on the company’s international operations, which consisted of sales offices in China, Japan and the UK, employing a total of 14 people. The West Coast communications company was considering an IPO within six months.

Business Challenge
In the executive offices and corporate boardrooms of fast-growing technology companies, there are currently few more complicated and frustrating subjects than SOX compliance. Unfortunately, many advisors have provided little clarity to date for smaller technology companies, and their interests sometimes seem out of step with client goals.

For example, before approaching High Street Partners, this client had received conflicting, confusing and potentially expensive advice. From one source, the client had received guidance that their international operations would need to be structured in accordance with SAS 70 requirements. Another had advised that the company’s control processes, documentation standards, and testing procedures for their international operations would need to be the same as those required of a Fortune 500 company. All such services could be provided by the firms proffering the advice.

Our client thus came to us convinced that the firm faced a challenging spectre in SOX work, despite its relatively nascent overseas operations. With good cause, they worried about the increased headcount required to take on the additional tasks, the exorbitant fees they anticipated for the proposed services, and the opportunity cost of devoting experienced resources away from more productive or strategic initiatives.

High Street Partners' Solution
Our first requirement was to calm our client’s nerves by providing frank, clear guidance related to what SOX does and doesn’t require of a smaller technology company looking to go public. After clearing the air, we then undertook a comprehensive assessment of the firm’s overseas entities, advised the firm on best practice for conducting an internal review of process and control, and recommended a detailed consultation with the firm’s audit team in preparation for the upcoming engagement.

Specifically we helped the client understand the following: SOX Section 404 relates to the management of a publicly traded company in the US and requires an assertion from that management that its internal controls over financial reporting are effective. In order for management to demonstrate support for this assertion, companies are required to document and evaluate all controls that are deemed significant to the financial reporting process.

In addition to an opinion on the fair presentation of the organization's financial statements (required of a public company), a company’s independent auditor is required to issue its own opinion of management's SOX 404 assertion.

During the planning phase of an annual audit, a company’s audit team will typically identify the procedures the client will need to undertake to fulfill their SOX 404 requirements. These findings are based on issues like overall materiality, current practice, and other tangible and intangible factors that tend to vary from industry to industry and client to client.

At this time, the independent auditors may conclude that the processes related to one or more international subsidiaries are material and will be tested under 404. They may also deem them immaterial; in which case, overseas entities will still be addressed as a part of the overall audit, but will not fall under the additional SOX testing requirements. Since 2002, the international operations at a vast majority of newly public technology companies (traded <5 years) have not fallen under the testing and documentation requirements of SOX 404 during the annual audit, as they are typically not deemed material.

Where the processes are deemed material for SOX 404, and a company uses a Local Service Provider (LSP) to help support one or more of their international operations, and this provider processes transactions, management may wish (but is not compelled) to look to the LSP for information on the design and operating effectiveness of their internal controls.

If management does wish to look to their third party provider to fulfill the SOX internal controls requirements, they can, of course, choose to work only with providers certified under a SAS 70 service auditor's report. One possible downside to this approach is its restrictiveness, as SAS 70 certification does not automatically confer on a provider other critical attributes: a high quality of work, a focus on client service, or a pursuit of overall cost effectiveness.

An alternative to requiring SAS 70 certification of a service provider is to rely on the company’s own internal controls. This involves an internal review of all information and documentation provided by the outside provider, to a level which can be appropriately documented and tested. This practical and less costly solution is effective in most cases.

Effective Outcome
Based on a now clear understanding of SOX requirements relating to internal controls and an enhanced knowledge of necessary processes, the client undertook an in-house review, and became comfortable that the internal control processes related to their consolidation of their international operations were indeed adequate. This “spirit” of the Sarbanes-Oxley Act is its most important aspect, and the requirements simply a means of supporting this conclusion.

At our urging, the client next initiated a conversation with their auditors, then in the pre-audit planning stage. After reviewing the client’s thinking, plans and findings, the audit team indicated that there was little likelihood the company’s international operations would be deemed material enough to require the more stringent SOX 404 testing procedures for the foreseeable future, and that their current providers and processes would likely be sufficient. Assuming this initial conclusion is confirmed during the actual audit, this approach will save tens of thousands of dollars in unnecessary fees.

As an additional measure, we also provided the client with a list of quality providers in China, Japan and the UK who hold SAS 70 certification. If future developments do necessitate SOX testing and documentation, the client and HSP will be prepared to transition work to these alternative providers in an appropriate timeframe.

In the executive offices and corporate boardrooms of fast-growing technology companies, there are currently few more complicated and potentially frustrating subjects than SOX compliance.
  		 
     
CORPORATE FAQ | SEARCH | LEGAL | SITE MAP