No more extensions for non-accelerated filers.
It doesn’t look like the SEC will be offering any more extensions for the small public companies to comply with SOX. Beginning December 15, 2009 auditors are required to opine on Sarbanes-Oxley compliance for all non-accelerated companies. This is a challenging process for many enterprises and can be especially daunting for smaller businesses.

Without a good roadmap outlining the necessary steps, businesses may find themselves with more headaches than are truly necessary. A few thoughts:

1.  Risk assessment and scoping – focus on a high risk areas where a material error could occur. Many companies can eliminate small secondary locations and routine business processes from their SOX compliance effort.
2. Documentation of controls – be sure to align controls with financial reporting risks. A single, strong analytic control can mitigate several risks and reduce the sheer number of controls requiring documentation.
3. Test of effectiveness of the control structure – simplify the testing process using one set of sample documents to test several controls.
4. Evaluation and reporting – remember to evaluate deficiencies individually and in the aggregate. Any significant deficiencies must be reported to the audit committee, and material weaknesses will be reported to the SEC.

Here are few resources that will help you, including brownbag lunch or breakfast roundtable sessions we’re offering to teach best practices and provide materials. It’s free.

Register: Send requests to SOXInfo@frankrimerman.com or call 650-845-8187

SEC Guidance: http://www.sec.gov/rules/interp/2007/33-8810.pdf