XELLERATION - A Consulting & Technology Solutions Provider

The Sarbanes-Oxley Act features numerous sections; however, three of them—302, 404 and 409—offer the greatest potential impact on companies and how the companies conduct business.

Section 404 requires an Internal Control Report to be included in all annual financial reports. Created by a company's auditor, the document must present management's assertions about the design and operational effectiveness of internal controls at year end. Management must also evaluate the effectiveness of internal controls over financial reporting and disclosure controls on a quarterly basis.

With Section 302, the CEO and CFO of a company are responsible for the accuracy, documentation and submission of financial reports and internal control structure to the SEC. Certifications signed by those two principal officers must be included in the annual or quarterly reports.

Information must be accumulated and summarized for timely assessment and disclosure in accordance to the SEC's rules and regulations. When Section 404 compliance is required in about a year, companies must be able to disclose on a near real-time basis—up to 48 hours—any changes in their financial condition or operations.

Information System

In general, Section 404 is the tallest mountain to climb, with key areas regarding IT controls:

Change Management
Companies must provide visibility over changes in the IT environment and enable the ability to initiate, authorize, manage and implement all IT changes through a systematic change process.
Backup
A process must be deployed to identify critical data and to duplicate, store and recover data as needed.
Security
A process must be deployed to ensure the integrity of information and secure applications, databases, operating systems, internal network access and perimeter network.
Documentation
Companies must deliver thorough documentation to cover change management, back up and security policies and processes.
Remediation
Companies must have solutions to fill gaps in change management, backup and security.

How do we go about providing SOX Compliance?

We normally carry out a brief assessment for about 2-4 weeks to carry out a quick discovery on the relevant issues and then come up with a plan that is responsive to the client’s needs.

Our Competence in SOX

Our SOX Compliance Services are being provided by a team under leadership of Dilshad Khaleeque. Dilshad is an MBA with 23 years of experience including 10 years of business consulting with Price Waterhouse, about 10 years of IT consulting and 6 years of supply chain management. He has enormous risk management and internal control experience including financial and enterprise risk assessment.

In the past 5 years with Xelleration, he has provided IT technology risk assessment, IT control Process Audit and Re-engineering, and compliance audit. He has renowned CISA and CISSP certifications to his credit.