Amper assists the complex needs of both public companies and private companies as Executive Management and Audit Committees aiming to reduce their companies risk profile.

Optimize your risk management strategy based upon industry, risk tolerance and the uniqueness of your business. Specializing in superior risk management processes
corporate governance
internal audit
information technology risk
• regulatory requirements and financial reporting

Amper is a full service accounting firm providing clients with access to senior leadership and our risk advisory services and expertise spans a wide range of internal audit, information systems audit and security, compliance and business process improvement services.

The Sarbanes Oxley Compliance is designed to support the internal control and financial statement assertion requirements mandated by the SOX act. Learn more about Sarbanes Oxley Compliance (SOX)

SAS No. 70 Service Organization Reporting guides CPAs on reporting a service organization's internal controls and using a service auditor's report. The AICPA SAS No. 70 standard requires a significant amount of professional judgment and skill in the process of preparing the SAS 70 report. Read more about understanding internal controls and SAS 70

Amper delivers a top-down, risk-based approach to SOX controls deployment. Questions to consider for risk management strategy:
• What are the 3 greatest risks and what is the risk mitigation strategy for them?
• Is there a formal approach to consistently assess the risk implications of significant organizational changes?

Management executives should optimize their risk management strategy based upon risk tolerance, industry, and the unique nuances of their particular business.


Contact Us        Locations             search
 Spring/Summer 2008 Issue

 Winter 2008 Issue

 Fall 2007 Issue

 Winter 2007 Issue

Amper Announces Peter Bible as Partner-In-Charge of the New York Office

Reducing Risk and Growing Revenues

Employee Benefit Plan Alert: Fiduciaries must focus on Plan Fees

The Pension Protection Act of 2006

The Potential Liability of Self-Funded Health Insurance Plans

Amper, Politziner & Mattia Is Pleased to Welcome New Partners to the Firm

A Simpler Strategy Can Yield a Better Result

 Fall 2006 Issue

 Spring 2006 Issue

 Winter 2005 Issue

 Summer 2005 Issue

 Summer 2004 Issue

 Spring 2004 Issue

 Winter 2004 Issue

 Fall 2003 Issue

 Summer 2003 Issue

 View PDF
Winter 2007

Reducing Risk and Growing Revenues
Do Brakes Enable a Car to Go Faster?

Amper has grown out of an increasing demand by our clients to help navigate the ever-evolving world of corporate governance, internal audit and information technology risk.

Just as NASCAR drivers depend on superior braking systems, executives of highperformance companies depend on superior risk management processes that encompass their operations, regulatory requirements, financial reporting and information technology. Just like great braking systems provide controls necessary to accelerate faster with confidence, great risk management processes enable organizations to drive change through their organization more quickly, and with confidence that significant risks will be identified and resolved properly. Quite frequently, new risks encountered as part of normal business operations or organizational change are not properly identified and resolved, causing significant disruption.

Amper's practice is designed to provide our clients the tools, techniques, and know-how they need to develop and deploy a comprehensive approach to the risk management process and to enable high-performance of their company. Our risk advisory services and expertise spans a wide range of internal audit, information systems audit & security, compliance and business process improvement services. As a full service firm, Amper, Politziner & Mattia provides our clients a unique blend of Big-4 talent and capabilities, with the focus of a regional firm, such as access to senior leadership, excellent reputation and a consistent delivery team. Amper's team has been selected by many clients for their deep functional and industry expertise and obsession for client satisfaction. As part of our approach to generating ROI, we understand that within every engagement lies the opportunity for business process improvement. As a result, Amper helps enable companies to increase productivity and reduce long-term operating costs.

"High performance organizations have sophisticated risk management processes built into their business processes."

General Trends Similar to most auto races, track design and regulations designed to level the playing-field and ensure safety can often be seen as a hindrance to performance. Likewise, Sarbanes-Oxley continues to dominate headlines and remains a challenge to public corporations. There is a historic convergence occurring between Governance, Risk and Compliance (GRC) which has elevated the importance of internal audit/risk management departments and brought them to the table as key contributors to strategic decisions being made by senior management and boards. As a result, Amper has seen a strong demand by CFOs for internal audit cosourcing, information system security, SAS 70 and business process improvement services. The passage of the Sarbanes-Oxley Act in 2002 fundamentally changed the definition of good corporate governance for all companies, whether public or private. Sarbanes-Oxley has become the de facto U.S. standard for an acceptable level of internal controls, documentation, monitoring and testing. Companies have the responsibility of making sure they have implemented this high standard of internal controls or otherwise risk being viewed as negligent, reducing their ability to continue to operate in an open market, meet the requirements of their investors and avoid litigation. To help companies comply and capitalize on this new environment, Amper instituted a focused, top down, riskbased approach, designed around a common sense approach of aligning the risk management requirements to the unique environment of our client's specific organization.

Proposed Sarbanes-Oxley 404 Changes As many are probably aware, the Securities and Exchange Commission (SEC) issued a proposed interpretive guidance for management regarding their evaluations of internal control over financial reporting on December 20, 2006. This guidance has been long awaited and is being proposed to replace the original guidance which was made available to external auditors under the Auditing Standard 2 (AS2) in 2004. Following suite, on December 19, 2006, the Public Accounting Oversight Board (PCAOB) issued a proposed new standard, Auditing Standard 5 ("AS5") to replace the existing guidance for external auditors relating to their evaluation of an organization's internal controls. The implied purpose of these changes is to improve the efficiency and effectiveness of SOX-404 compliance.

Although these changes provide further clarification for all companies, smaller companies may derive additional benefits. The interpretive guidance seeks to require management to scale its evaluation of internal controls to fit its own unique operating environment and industry. Therefore, this clarification should provide smaller companies with a more flexible and scalable approach that is a better fit for their particular circumstances.

Accelerated filers and non-accelerated filers may be asking, "Will these changes really impact my organization's 404 compliance activities?" We feel that the answer to that is a resounding yes. One of the key provisions of AS5 is the emphasis on a top-down riskbased approach to custom tailor financial controls, rather than a checklist or one-sizefits- all approach that misses the mark. Amper has highly refined methods for delivering a top-down, risk-based approach to SOX controls deployment, which helps our clients maintain a cost effective and focused controls environment.

We believe that the emphasis on a top down, risk-based approach, partnered with the elimination of the requirement for external auditor review and opinion on management's process, used to evaluate internal controls, along with other proposed changes to the act, can provide significant efficiencies to management's compliance with the SOX-404 processes. Other key changes in the proposed guidance include:

  • Allows external auditors to use the work of others
  • Allows external auditors to use and rely on the knowledge gained from prior audits
  • Walkthroughs are only required for significant processes rather than for each major class of transaction in significant processes
  • A further clarification of definitions
  • Emphasis on the external auditor's judgment
We are confident that the PCAOB's proposed changes and the SEC's guidance will allow organizations to improve the effectiveness and efficiency of their SOX-404 compliance efforts. Still, it is important to remember that the new guidance has not in any way negated management's requirement to comply with the SOX Act. Though the revised guidance has provided filing extensions for certain companies, affected companies should take advantage of this opportunity to proactively prepare their compliance strategy to best address their regulatory and operating strategy for maximum effectiveness.

"Some people can't see the solution. Others can't see the problem."

Strategic Risk Management Questions
As it is critical for every professional driver to assess the track and understand how prevailing conditions should be addressed and compensated for prior to the start of a race, it is also critical for company leadership to look ahead and plan their risk management strategy. Some key questions to ask yourself regarding your risk management strategy are:

  • What are the three greatest financial and/or operational risks our organization faces and what is our risk mitigation strategy for them?
  • Do our people understand the risks we face and are they aligning our risk management strategy to address these risks?
  • Is our risk management strategy an enabler or hindrance to our growth strategy?
  • How damaging to our company's reputation or P&L would a material weakness, theft of information or fraud be?
  • Does our company have a formal approach to consistently assess the risk implications of significant organizational changes (e.g., policies, processes, management changes, technology and information systems, M&A, etc.)?
  • Is our management team focused on ensuring that risks within their ownership span are cost-effectively mitigated?

In Summary
A winning race team must excel not only at driving and have the right equipment and tools in place, but it must also have an efficient and effective organization, risk management strategy and pit crew to support the driver before, during and after a race. Amper is just one of the integral parts of any winning management team. Amper maintains the perspective that management executives should optimize their risk management strategy based upon industry, risk tolerance and the unique nuances of their particular business. Having effective systems and processes in place to be able to assess, measure, monitor and react to your business environment can enable your company to "go faster." As Albert Einstein said, "Make everything as simple as possible, but not simpler."

Amper leverages our more than 45-year heritage as a CPA firm with an entrepreneurial spirit, full service capabilities and extraordinary responsiveness to deliver real value to our clients. To receive a complimentary certificate titled "Sarbanes Oxley the Top 10 Mistakes to Avoid," please contact John Pennett.

   

Contact Us        Locations & Directions        Site map
Amper, Politziner & Mattia, LLP   •  1-866-99-AMPER  •  info@amper.com
web site design and online marketing solutions
by Set Now Solutions, LLC