Sarbanes-Oxley Compliance

We are specialized in the functions of assessing, documenting, evaluating, testing and improving internal controls within the company. Typically, we coordinate with the external auditor to advise our clients on Sarbanes- Oxley and other compliance commitments. We document and test internal controls, using the COSO framework as a model. Wissen is well positioned to help registrants reengineer their SOX compliance efforts by leveraging top-down, risk-based approach to internal controls. Our solution addresses those areas that are both material and pose a risk to reliable financial reporting, including the risk of material misstatement due to fraud.

We have developed a five phase approach to manage Sarbanes-Oxley projects which has proved to be the most effective.

Phase I – Project Planning
At the commencement of our engagement, we suggest that Companies establish a Sarbanes-Oxley Steering Committee that represents the Company, Wissen and the external auditors (as an Advisor to the Committee). Throughout the engagement, Wissen will advise and confer with the Committee to resolve issues. We have adopted the use of timelines to determine objectives and to monitor progress in compliance efforts. We emphasize the importance of gaining a consensus among management, external auditor, Steering and Audit Committee through out the project.

Phase II - Entity Level Control Assessment
This assessment is intended to evaluate the Company’s internal control environment at a “high level,” enabling us to develop a detailed project plan, and determine which key business processes and controls to document. Our Entity Level Control Assessment is based on the five key elements of the COSO Framework of Internal Controls: Control Environment or “Tone at the Top”, Risk Assessment, Control Activities, Information and Communication and Monitoring.

Phase III – Scoping Work Plan
At the conclusion of Phase II, we are in a position to develop a detailed proposal for Phase IV and Phase V - the documentation and testing stage of the process. This process enables management to set more realistic expectations with the Steering Committee and the Audit Committee. Based on knowledge gained during the high-level assessment, we will prepare a matrix that identifies the scope of the internal control documentation exercise for the company and its affiliates. The completed Matrix is then distributed to the Steering Committee and Audit Committee to build consensus.

Phase IV - Documentation of Processes and Controls
In this phase, we conduct interviews, complete documentation, and identify key controls and remediation requirements. In order to document each process, “Process Owners” is interviewed to describe the process in detail. Based on our discussion, processes, key controls and findings are documented. Once we have a complete understanding of the process, based on our interviews and existing documentation, we assess the efficacy of the key internal controls and develop any recommendations. We support and recognize IT consideration during the documentation phase. We establish strict reporting and follow-up dynamics to ensure that Management implements our recommendations.

Phase V – Testing and Reporting
After the process documentation has been completed, we design a comprehensive test plan for all key controls within each area. Our tests are designed to validate if the controls are functioning as intended by management. Further, the tests serve as one of the key monitoring activities per the COSO framework. As such, we document the results of our tests to serve as evidence of such monitoring. We report the findings of our tests to the process owners as well as to management, and we identify deficiencies where appropriate. Once the testing is complete, we assist management in “binding and packaging” the documentation for external auditors for their review and testing.