From: Diane Allen
Request by SEC for comments on proposed Ė Managementís report on internal controls over financial reporting
I appreciate the opportunity to provide input on the proposal from the SEC. I am the SOX Compliance Manager at 3M Company, a Fortune 500 company with revenue in excess of $22 billion.
In general, I support the idea of the interpretive guidance for management regarding its evaluation of internal controls over financial reporting.
My experience is that good communication and relationships between the auditor and registrant are critical to ensure maximum benefit at the lowest cost. I believe this will continue to be the situation with the new guidance as well, specifically in the determination of risk assessment. The guidance provides several factors for consideration of risk. Risk will be assessed by management and by the auditor. Management may choose to do some work in areas it does not consider high risk just in case the auditor considers it to be high risk, to allow the auditor the option to use some of that work performed by management. Good alignment in risk consideration factors is important to an effective SOX program.
Regarding the management guidance, I offer the following for consideration:
I appreciate the opportunity to provide input and look forward to realizing the benefits afforded by the change in management guidance.