Print this issue
 View PDF
Send your comments

The Japanese have developed a Sarbanes-type requirement for Internal Controls over Financial Reporting for their public companies.

New Japanese standards for evaluation and auditing of internal controls over financial reporting ("J-Sox" or "the Standards") were finalized on February 15, 2007. Based on the Standards' requirements, all listed companies in Japan are to prepare and submit internal control reports on a consolidated basis starting with the fiscal years commencing on or after April 1, 2008. It is important to note that most Japanese companies have a fiscal year ending March 31.

J-SOX requirements are similar to U.S.-SOX in relation to Sections 302 "Corporate Responsibility for Financial Reports" and 404 "Management Assessment of Internal Controls." Both regulations are aimed at evaluating internal control systems relating to financial reporting, assure the proper expression of external financial reporting and prevent the recurrence of investor deception. There are approximately 3,800 listed Japanese companies and the internal control evaluation process extends to business units that comprise two-thirds of consolidated revenue.

There are, however, a number of similarities and differences which need to be addressed by companies, especially with subsidiaries located in both Japan and the U.S. Overall, J-SOX requirements require a broader initiative than U.S.-SOX. The Internal Control Reporting System in Japan looked to avoid both the burden and confusion surrounding U.S.-SOX.

Certain items of note for J-SOX are:

• Internal controls over financial reporting will include not only the financial statements and their footnotes, but also items that are disclosed in other areas of Securities Reports.
• Evaluation of certain controls at affiliates accounted for in accordance with the equity-method of accounting.
• Evaluation of entity-level internal controls including book closing and financial reporting processes at all business units.
• Companies are to focus on processes related to the closing of the books and reporting, and the significant processes related to the business objectives of the company.
• A material weakness is reported if the effect of the misstatement is greater than 5% of consolidated pre-tax income.

Other specifics for J-SOX in reporting and evaluation of internal controls over financial reporting, distinguishing the Standards from U.S.-SOX, are:

Overall:

• Internal control assessment reports will be audited and certified by independent accountants, who will attest to the reports' reliability or lack thereof. Under U.S.-SOX requirements, in addition to assessing a company's management-generated internal control assessment reports, the certifying accountants must also perform an audit of the effectiveness of the company's financial reporting related internal control system. The U.S. requirement will come into alignment with J-SOX with the approval of AS 5.
• The managers of a company are responsible for designing and implementing an internal control system, and they must assess the effectiveness of that system.
• Management reports on the accuracy of disclosures and the company's internal controls.

Information Subjected to the Rules:

• Consolidated financial statements and their footnotes in the financial section of Securities Report.
• Disclosures that have a significant impact on the reliability of financial statements in other sections of the Securities Report.

Internal Control Framework:

• J-SOX framework includes an objective of "safeguarding of assets" in addition to three COSO objectives.
• J-SOX framework includes an element of "Response to IT" in addition to five COSO elements.

Evaluation Steps for J-SOX:

• Determine the scope by reasonably considering the materiality of the quantitative and qualitative impacts to the financial reporting.
• Evaluate company-level internal controls. The list of elements is similar to COSO, with the addition of "Response to Information Technology."
• Evaluate process-level internal control over closing and financial reporting. Controls are divided into company-level controls and process-level controls. The company level controls should be evaluated at all business units.

It is imperative for Japanese companies to recognize the issues in order to evaluate and establish effective internal controls and to be prepared for the compliance due date.

Our five phase approach provides guidance for successful compliance of J-SOX requirements within your organization. (Download the PDF)

Planning & Scoping

• Evaluate and Compare J-SOX to US-SOX Requirements on a Company Level
• Establish Materiality Threshold Metrics
• Assess Risk at the Company Level with Emphasis on Safeguarding of Assets and IT Control Environment

Control Assessment

• Evaluate company-level internal controls
• Evaluate process-level internal controls over closing and financial reporting
• Evaluate process-level internal controls other than closing and financial reporting processes

Risk Assessment & Control Design

• Determine and Rate the Inherent Risk
• Review Internal Control System Designed and Implemented by the Management
• Align the Control Activities to the Risk at the Company Level
• Identify Key Controls

Testing & Evaluating Controls

• Develop Test Plans based on the Significance and Type of Control
• Review Test Plans with Management with Consideration of Implemented Internal Control System
• Perform Test Execution

Deficiency Assessment & Conclusion Report

• Evaluate Identified Control Deficiencies
• Communicate Identified Control Deficiencies to Management
• Prepare Conclusion Report
• Provide Response to IT