Not all companies need to go public, but for some it opens a new level of funding and stature. It’s a huge step that requires a great deal of planning and work. Operating as a public company in the U.S. demands a very stringent level of compliance that can require building out additional processes, controls and technology that weren’t necessary as a private company but are essential to planning and executing an initial public offering (IPO).
You need to develop a Sarbanes-Oxley (SOX) compliance strategy—a framework that will help you reduce time, save money and minimize risk, including personal liability of the CEO and CFO, who must certify compliance. Even if you are already a public company, you will need to periodically reassess and possibly update your SOX compliance processes and strategies.
What is involved?
Developing a SOX compliance program is a complex, time-consuming process that requires coordination, specific skills and scrupulous documentation. But as with any huge business task, the key is to tackle it in an incremental fashion. The typical approach contains six distinct stages, each of which results in a set of deliverables to drive the next step in the process. Success requires deep preparation, though, and some of your earliest goals will be to conduct a top-down risk assessment and to calculate materiality—at what dollar level might an error in an account balance materially impact the economic decisions made by the company?
How long will it take?
You should expect to spend 18 months or more readying your organization for SOX compliance. If you are preparing for an IPO, leading practice is to start this process no later than six months prior to your offering, as you have one year from the date of your IPO to document and assess internal controls and provide an independent auditor’s attestation report.