In 2009, our client was preparing for a potential IPO filing. Because of the uncertainties in the market, the company wanted to prepare for the eventual IPO, but not over do it. The company engaged Frank, Rimerman Consulting to assist with IPO readiness.
Frank, Rimerman initially helped complete several items on the company’s to-do list, such as reviewing equity documentation and calculations, formalizing accounting policies and procedures, and assisting in preparing the S-1 filing. The company also needed to start thinking about SOX compliance, and was seeking a cost-effective plan that could be scaled into full compliance for SEC purposes should the IPO become a reality. This company was a great candidate for our SOX Lite program, which is geared towards privately owned companies who are considering an IPO in the near future. We assessed the company’s internal control structure and created a roadmap for management and the Board of Directors to follow that would lead to SOX compliance. The purpose was to identify project resources, determine a timeline, and build a plan to be in compliance with SOX requirements under the SEC regulations for an IPO.
Our evaluation included a detailed risk assessment to identify the company’s financial risks in the reporting process. Through discussions and interviews with company’s management and finance staff, we identified certain critical business processes that required immediate attention. The assessment also identified the lower risk areas to be included in the project plan at a future time. Working closely with the client team, we identified key controls that were already in place and recommended additional controls to correct missing or ineffective controls.
The next step was a gap analysis of the company-wide entity controls, including IT general controls, to provide management with a plan for remediating gaps, redesigning processes, and formalizing policies. Because of the company’s rapid growth, there was a shortage of accounting staff, which caused a number of issues—for example, segregation of duties conflicts, insufficient reviews and analysis for proper monitoring of operations, and many policies weren’t formalized although the company was complying informally in many ways.
We discussed our findings and recommendations with management and submitted a report to the Board. We then assisted with remediation efforts and outlined a plan for future full compliance (which included addressing the lower risk areas and full compliance tests of effectiveness). Our documentation was maintained in our web-based compliance tool, which is available to our clients for instant reporting and tracking of remediation efforts and status. The SOX Lite process was completed in less than six weeks and the company is now confident that its control environment is well designed.