Sarbanes-Oxley Requirements

Solution Preview

Please see response attached, which is also presented below. I hope this helps and take care.

RESPONSE:

Let's take a closer look:

1. How have control systems been changed by Sarbanes-Oxley requirements in a hospital organization? Could you please provide an example of how it has effected the managing of hospital documentation?

A governance threat is eminent when the company's internal controls have material weaknesses. Internal or external auditors have an obligation to publicly report the fact that the company is not in compliance with various sections of the Sarbanes-Oxley law. Under the Sarbanes-Oxley Act (SOX), your management must demonstrate that adequate internal controls have been established to safeguard confidential information from being compromised (i.e., during the "blackout").
Under Sarbanes-Oxley, a public company's audit committee will be responsible for hiring and firing auditors, approving their fees, and pre-approving both non-audit and audit services. Audit committees are expected to do more in-depth probing and discussion of significant accounting, auditing, and financial reporting issues. How has this effected the managing of hospital documentation?

For example, the formation of formal audit committees is one way the SOX effects hospital management of internal control. Since most non-public health systems have an audit oversight function at the board level, it may not be formalized in a discrete Audit Committee as is required by SOX. In fact, only 25% of health system trustees who responded to a 2002 Governance Institute poll indicated that their boards had formal Audit Committees. Another 5% responded that an audit sub-committee of their finance committee carried out the audit oversight function. Another 62% said the audit oversight function was a responsibility of the finance committee, according to the Governance Institute poll. However, the establishment of formal audit committees is not only becoming a best practice, but a necessity, as is financial expertise on that committee.

Sarbanes-Oxley Act Requirement

Certification of Annual and Quarterly Reports: The CEO and CFO must certify that:

--The financial report does not contain any misrepresentation of material fact or material omission.
?The financial information is fairly presented.
?They are responsible for internal controls.
?They have reported any significant deficiencies in internal controls and/or fraud involving management to the audit committee.
?They have indicated any material changes in internal controls.

Internal Controls Reports and Auditor Attestation Related to Internal Controls:
?Each annual report must include an "internal control report" stating that management is responsible for an adequate internal control structure and containing an assessment by management of the controls' effectiveness over financial reporting.
?This includes preparation of a formal risk assessment, documentation of the control environment and external certification of the system of internal controls.

EXAMPLE: Not-for-Profit Healthcare Organizations

Most recommend certifications be required on an annual basis, at a minimum, and quarterly if financial Statements are available to outside parties. The ...