Home | > | Software | > | SOX 404 Tool | > | SOX 404 Tool FAQ |
Product-specific Q&A 1. What is included in the 404 Compliance Tool? 3. How can the 404 Tool help me achieve compliance with Sarbanes-Oxley 404? 4. Does it work for initial compliance or ongoing compliance? 5. What is the initial cost? Are there any additional costs? 6. Can multiple people use the product concurrently? 7. Can I share your templates? 8. What framework is the product based upon? 9. How does the Tool address the different stages of compliance? Sarbanes-Oxley 404 Q&A 15. Who needs to comply with Sarbanes-Oxley 404? 16. When do I need to comply with Sarbanes-Oxley 404? 17. What kinds of tasks are required for Sarbanes-Oxley 404 compliance? 18. What is the end result of Sarbanes-Oxley 404 compliance? 19. Who regulates 404 Compliance and where can I get more information? 20. What about FDICIA (for Financial Institutions)? 21. What if I am not required to comply with SOX 404 but I still need to test my controls? Tool Requirements Q&A 22. What do I need to install the Tool? 23. How do I install the Tool? 24. What if I need the Tool in a hurry? 25. What if I need additional help? 404 Jump Start and Service Q&A 26. What does the SOX 404 Jump Start Edition include? 27. How do I get Started with the SOX 404 Jump Start Edition? 28. How do I buy the SOX 404 Jump Start Edition and Service? 29. How do I get Consulting Help for SOX 404 and use of this Tool? 30. What do I need to do once I receive the Tool? Other Q&A 31. Do you provide sample systems? 32. Do you provide checklists? 33. Tool Updates and Ongoing Support? Product-specific Q&A: 1. What is included in the 404 Compliance Tool? The Sarbanes-Oxley 404 Compliance Tool includes a set of linked Word & Excel templates and software to reduce manual effort. The planning and documentation sections are primarily Word files. The testing and remediation sections are predominately Excel files. The Excel components have buttons that create files based on your selections. You first enter company information and detail the systems and processes relevant to your business. You then use buttons to create customized files for each system where you define the risks and controls relevant to that system. Under each system process, you define and evaluate risks and controls. Each risk and control will require testing and we provide buttons to create statistically valid testing samples based on the evaluated risk. See the demo or the 404 presentation for more information. In following years, you use the same templates and update the testing as required. We also provide related Tools including the FDICIA Tool and the Internal Controls Tool for differing markets. See the Tool Comparison page for more details. The Excel components contain embedded code, which automates certain features. So, yes, it is software. We call this product a Tool because it includes template files that you use in your documentation and boilerplate text used in your financial statements as it relates to management’s controls attestation. You use industry-standard Microsoft® Excel and Word tools that you already know and use every day. 3. How can the 404 Tool help me achieve compliance with Sarbanes-Oxley 404? Our product was designed specifically for use in 404 compliance (see the 404 Background page for more information on the SOX law and related information). In fact, we designed it for use with our own consulting clients. The idea is to provide the user with a framework that you can then customize to fit your exact needs. Our Tool includes Word Templates and Excel workbooks that automate much of the manual process and incorporates best practices. 4. Does it work for initial compliance or ongoing compliance? Both. We don’t think you should have to buy one system for the first year and another system for future years. Unlike other 404 Compliance products, this Tool is intended to meet key requirements for both initial and ongoing compliance. This product does more than simply document your controls, it helps evaluate and test them (see item 9). Once you configure the templates to fit your company, you only need to change settings as your circumstances change. The initial setup effort is leveraged for future year’s compliance. Once you have completed the first year, you simply copy the entire directory of files already customized for your business into a new directory for the next year. Sarbanes-Oxley isn’t going away after the first year implementation. The sooner you have a system in place for on-going compliance the better off you will be. 5. What is the initial cost? Are there any additional costs? The base SOX 404 product is $1,799 (US Dollars). You may purchase by online payment with PayPal, FAX us a completed order form and we bill you or simply send us an order form with a check and we will send the CD to you after receipt. The license is per Company or legal entity. CPA and consulting firms or other companies that wish to use our products for their customers will need to contact our sales team for more details. There is a $299 per year ongoing maintenance cost to cover the support contract and software product updates. Ongoing technical support services are covered under the provided support contract. This contract provides you with a support account and contact and support will be provided per incident as covered under the terms of the agreement. Postal Mail delivery is $39.95 for shipping and handling (non-refundable) for CD orders. Additionally, California shipments will require the addition of 8.75% for sales tax for CD shipments. If you need to return the CD version of the Tool (unopened and returned within 30 days from delivery), you can return the package for a refund of the product less a 10% restocking fee (credit given in form of payment). If you have opened the CD case, we regret that we cannot accept returns. Customers in Canada and Europe will require special shipping and handling considerations. Please contact us and we will provide details. We're sorry but international orders from other nations can only be accepted on a case-by-case basis. Please contact sales@procognis.com if you are outside of the United States and wish to order our product and we will work out the shipping and customs details. 6. Can multiple people use the product concurrently? Yes. Not only can multiple people work concurrently, we advise it. Sarbanes-Oxley compliance is a big project and one of the ways you can keep costs down is by spreading the work out to your accounting or internal audit staff. Initially, one person should configure the product to describe your systems, processes, risks and controls. This includes assessing the control environment and setting an overall testing level. With the push of a button, an Excel workbook with embedded software is created from a template for each system you define. We would then recommend assigning the different systems (individual Excel workbooks) to various compliance team members. Team members should work from a common or shared directory but other arrangements will also work (see product documentation). 7. Can I share your templates? No. Our templates are proprietary. By purchasing the Tool, you have been granted a license to use them for one company. If you have multiple subsidiaries, each must purchase a separate license. 8. What framework is the product based upon? The product is based on the COSO framework. COSO is the industry-standard internal control framework (COSO is an abbreviation for Committee of Sponsoring Organizations of the Treadway Commission, seriously!). Among other things, the framework defines internal control as a process designated to provide reasonable assurance regarding the reliability of financial reporting. With COSO, the control environment serves as a foundation for structuring internal financial controls. Within the control environment, management assesses risk (risk-based system) and implements mitigating control activities. Information is captured and communicated and the entire system is “monitored” (i.e. tested) for effectiveness. See the 404 Background page on definitions and more information on COSO. Section 404 requires that management’s evaluation of internal controls be based on a suitable, recognized control framework. We based our product on COSO as it is the most widely recognized framework. 9. How does the Tool address the different stages of compliance? Our product has four major stages: Planning, Documenting, Testing, and Evaluating. Planning Documentation Testing Evaluation Our system is risk based. Once a risk has been identified, it is scored as to how likely it is to occur and its significance to the company if it did occur. This produces a risk score. The user identifies what control mitigates the identified risk and designs the test plan. The sample size is determined based on the risk score and company-wide testing level. The user then enters the beginning and ending numbers for the population. This could be invoices generated, checks cut, months in a year, or anything you can quantify numerically. Once this has been identified, the push of a button creates a statistically valid list of selections to test. Most companies are expected to have some deficiencies, especially during initial compliance. All deficiencies should be corrected and re-tested if time permits. Re-testing is performed by remediation provided via a separate test sheet. If time runs out, you will need to evaluate if the remaining deficiencies rise to the level of a material weakness. Deficiencies in areas of high risk should be addressed first. Our system defines three classes of deficiencies: deficiency, significant deficiency and material weakness. Deficiencies/Material weaknesses are determined based on risk score and evaluation of testing. The product can be purchased from our website at www.procognis.com/404.php. It can be purchased by credit card, via FAX purchase order or you can print and mail an order form with check.You may purchase the Internal Control, FDICIA, or our Sarbanes-Oxley 404 Tools with the order form. Please see the Tool Comparison page for side-by-side comparisons of the available tools. If you would like more information, see our Product Demo. This demo walks you through the compliance process using our software via screen-shots and verbal descriptions. Technical support is available via email on a per-incident basis. If encounter technical issues, simply email us at support@procognis.com. We will make every effort to resolve your technical or usage issues. If you need extra help in getting the templates customized for your entity, we also offer a Jump Start Edition or actual onsite consulting services. Contact us at info@procognis.com for more information. Download
our Section 404 overview whitepaper (420KB) 14. Does the 404 Tool support Rotation plans? Can I choose to enable or disable them company-wide or system by system (or both)? Yes! We support rotation plans (staggered testing dates that allows you to alternate testing for low risk-scored controls). Rotation plans can potentially save massive amounts of time during compliance for controls that are not deemed likely or significant (see the 404 Tool demo). You can enable rotation plans for all systems (by setting the system wide default) and you can select whether you wish to enable or disable rotation plans for each individual system. You can also change this selection during the testing period if the need arises. Sarbanes-Oxley 404 Q&A: 15. Who needs to comply with Sarbanes-Oxley 404? Sarbanes-Oxley applies to publicly traded companies. These companies must now include in their annual reports (Forms 10-K and 10-KSB) a discussion of the effectiveness of their internal controls over financial reporting. Subsidiaries of public companies must also comply with the Sarbanes-Oxley rules. See the 404 Background page for more information. Compliance work may be done on a consolidated basis with the parent company controlling documentation and testing or it may be done on a decentralized basis, where each subsidiary performs their own work and reports their results to the parent company. 16. When do I need to comply with Sarbanes-Oxley 404? When you need to comply is a function of your company’s year-end and public float market valuation. Accelerated filers, generally those companies who have a public float market value in excess of $75 million (USD), must comply for all annual reports after November 15, 2004. Those not meeting the definition of an accelerated filer must comply for all annual reports after July 15, 2007. This means that calendar year end companies must be in compliance by December 31, 2004 (over $75 million in public float) or by December 31, 2007 (under $75 million market value). Foreign issuers who meet the defintion of a accerlated filer must be in compliance for annual reports filed after July 15, 2006. Specific compliance requirements as it relates to your company should be verified with your SEC counsel. See the 404 Background page for more information. 17. What kinds of tasks are required for Sarbanes-Oxley 404 compliance? Section 404 requires that controls be evaluated as to design as well as operating effectiveness. This means that controls must be designed correctly and functioning as designed. In order to verify functioning, a certain level of substantive testing must be performed. The major tasks include planning, documenting systems, evaluating risks, identifying mitigating controls, testing, correcting deficiencies, and evaluating the results of the work performed. Our Sarbanes-Oxley Compliance Tool allows you to streamline this effort (please see the 404 Compliance Tool product description). 18. What is the end result of Sarbanes-Oxley 404 compliance? After all the compliance work has been done, company management will make an assertion regarding the effectiveness of their internal controls over financial reporting, including the disclosure of any material weaknesses. In addition, the company’s external auditors will attest to management’s assertion. Both reports must now be included in the company’s Form 10-K or 10-KSB. 19. Who regulates 404 Compliance and where can I get more information? The Securities and Exchange Commission (SEC) governs the preparation of annual reports and other SEC filings, which includes the rules regarding Sarbanes-Oxley Section 404 compliance. The SEC rules can be viewed at http://www.sec.gov/rules/final/33-8238.htm. See the 404 Background page for more information. 20. What about FDICIA (for Financial Institutions)? FDICIA applies to Financial Institutions with assets greater than $500 million (USD) and under the umbrella of the FDIC. Our FDICIA Compliance Tool is a related product to meet the specific requirements of these institutions. See the FDICIA Compliance Tool, the Tool Comparison page and the FDICIA Compliance Tool FAQ. We allow our SOX 404 customers to convert their licenses to FDICIA (or vice-versa) for a $19.95 service charge. As soon as we receive a check for $19.95 (plus $5.95 shipping and handling) and your request to change license type, we will ship a new CD set to you. 21. What if I am not required to comply with SOX 404 but I still need to test my controls? With the recent corporate governance scandals, many entities whom are not required to comply with SOX (such as government agencies, non-profits, privately traded companies) are either choosing to or are being required by an outside party to document and test their internal controls. For those entities, we provide our Internal Control Compliance Tool to meet their specific compliance requirements. The Tool includes all of the elements of the 404 Tool, but has been tailored to the needs of these entities. Tool Requirements Q&A 22. What do I need to Install the Tool? You will need Microsoft (R) Office XP (2002 or later) with the Word and Excel programs installed. The Tool uses Word and Excel files so these programs must be available to use the Tool. The Operating system you use must be supported by Office XP (all recent Windows operating systems, see the Microsoft Office website for more information). The Tool uses Visual Basic scripts to perform automation task so you must enable Visual Basic scripts (instructions provided with the Tool on how to enable scripting). The Tool also requires about 200MB of disk space to allow for file storage and new file creation for each year of compliance. In addition, if you order the CD you will need a CD drive. 23. How do I install the Tool? The CD version is installed by copying the product directory from the CD into a shared or personal directory. Instructions are provided with the CD. 24. What if I need the Tool in a hurry? We can provide a rush delivery service for the CD version if you are in a hurry. If you select rush delivery service, we will ship the package using a next-day delivery option as soon as your order has been received and processed. We will make every effort to ship your package as soon as possible with or without rush delivery. 25. What if I need additional help? Our consulting division can provide customized templates based upon your public filings (companies filing publicly via EDGAR) and customer interaction. If you are interested, please contact our consulting division via email at consulting@procognis.com. 404 Jump Start and Service Q&A 26. What does the SOX 404 Jump Start Edition include? The Jump Start Edition includes the following key items to save you implementation time:
The Jump Start Edition is intended to save you time but you are ultimately responsible to ensure that the settings and documentation you use in your compliance effort accurately matches your company. The service is intended to jump-start you into the compliance process and we strive to fill in as much information as possible. But the final details and testing along with the appropriate review can only be performed onsite. 27. How do I get Started with the SOX 404 Jump Start Edition? You first purchase the SOX 404 Jump Start Edition and complete, sign and mail the downloaded service contract to the address provided. After we receive this signed contract, we will ship the CD package to you (please allow 2-3 weeks for shipping). When you receive the CD package, you will copy the directory structure and files to your chosen drive (following the provided instructions). You will then edit the Templates to customize them for your company (including company name, address, etc.) and review the systems and planning documentation, adding any that may be specific to your company or industry. After you have reviewed and accepted the system list, you will review each system and assign risk scores to each risk identified under each step (most system have about seven or so steps). This risk scoring and assessment includes evaluation and review of the controls. After this review and edits for company particulars is complete, you then copy the customized and edited Templates for this compliance year and start your testing and remediation, if needed for any failed tests, leading to the final report on compliance. The enclosed documentation provides this information and additional details. 28. How do I buy the SOX 404 Jump Start Edition and Service? The SOX 404 Jump Start Edition and Financial Services Edition costs $3499 (USD) plus $39.95 shipping and handling and consists of the Consulting Service and the Product Tool. Payment can be by PayPal or invoice. California sales will need to pay Sales Tax at 8.75% (CD delivery). To begin, simply send us an order form with a check and we will send the CD to you after we receive the complete and signed the consulting agreement (please allow 2-3 weeks for delivery). The license is per Company. Once you have purchased the Tool and the sign the consulting agreement, you own the license for it. Ongoing technical support services and updates are included with the annual maintenance package (the annual package is $599 per year and includes 3 hours of consulting help by email annually). After delivery, returns will only be accepted on unopened packages within 10 days of receipt, less shipping and handling. We're sorry but returns will not be accepted if the CD package has been opened. 29. How do I get Consulting Help for SOX 404 and use of this Tool? After payment and the signed consulting agreement has been received, you will receive the CD package and a special email address for up to three hours of consulting time per year (continued annually under the maintenance package, invoiced on or about the purchase anniversary date). Email to this address will be reviewed and we will provide assistance up to three hours per annual period. Additional time is available at $150/hour and is billed under the consulting agreement terms. 30. What do I need to do once I receive the Tool? You will copy the files from the CD onto a working drive. The CD will have a customized quick start guide that you can follow to get started using the Tool for your compliance project. The guide will walk you through the initial phases of compliance and use of the Tool with the Jump Start templates. Other Q&A 31. Do you provide Sample Systems? The product includes extensive samples along with an appropriate list of systems to help explain how to use the product for your company. See the Tool Demo PDF for an example of this sample output. However, we cannot know the specific systems and steps for your company without some detailed knowledge. The PCAOB has been very clear that using boilerplate or generic systems and controls is not an appropriate technique for compliance to SOX (see the Executive Summary on our news page). Our consulting division can provide customized systems based upon your public filings and customer interaction. If you are interested, please contact our consulting division via email at consulting@procognis.com 32. Do you provide Checklists? The product documentation and templates contain detailed instructions on how to proceed with compliance. Following the instructions combined with professional judgement and knowledge of your company will produce an efficient the compliance effort. The PCAOB has been very clear that using boilerplate or generic checklists is not an appropriate technique for compliance to SOX (see the Executive Summary on our news page). 33. Tool Upgrades and Ongoing Support? The SOX 404 Tool is sold for $1,799 per license and will include a contract covering ongoing maintenance, support and software upgrades/updates. This support agreement will be provided for the first year under the purchase price and we will bill $299 to your company annually in following years for support services and upgrades. The support contract provided with the packge details the terms and how support requests will be handled. Upgrades and/or updates to the SOX 404 Tool base will be provided by download free-of-charge to customers covered under this plan. Existing customers of our SOX 404 Tool (purchased prior to July 1, 2007) can also purchase the support package receive the same benefits. These customers will simply need to pay the first year's contract fee and agree to the terms. |
|
Financial Reporting Solutions
©2004,
2005, 2006. ProCognis, Inc. All Rights Reserved. Modified
May 23, 2011
Service
Agreement & Privacy Policy