J-SOX Versus U.S. Sarbanes Oxley Act Specifics of J-SOX Requirements
The Japanese have developed a Sarbanes-type requirement for Internal Controls over Financial Reporting for their public companies.
The Financial Instruments and Exchange Act (J-SOX) is the set of Japanese standards for evaluation and auditing of internal controls over financial reporting also referred to as "the Standards") were finalized on February 15, 2007. Based on the Standards' requirements, all listed companies in Japan are to perform risk assessments and prepare and submit internal control reports on a consolidated basis starting with the fiscal years commencing on or after April 1, 2008. It is important to note that most Japanese companies have a fiscal year ending March 31.
J-SOX requirements are the Japanese equivalent to U.S. SOX in relation to Sections 302 "Corporate Responsibility for Financial Reports" and 404 "Management Assessment of Internal Controls." Both regulations are aimed at evaluating internal control systems relating to financial reporting, assure the proper expression of external financial reporting with requirement of financial-report certifications by the CEO and CFO, and prevent the recurrence of investor deception.
There are, however, a number of similarities and differences which need to be addressed by companies, especially with subsidiaries located in both Japan and the U.S. Overall, J-SOX requirements require a broader initiative than U.S. SOX. The Internal Control Reporting System in Japan looked to avoid both the burden and confusion surrounding U.S. SOX.
- Internal controls over financial reporting will include not only the financial statements and their footnotes, but also items that are disclosed in other areas of Securities Reports.
- Evaluation of certain controls at affiliates accounted for in accordance with the equity-method of accounting.
- Evaluation of entity-level internal controls including book closing and financial reporting processes at all business units.
- Companies are to focus on processes related to the closing of the books and reporting, and the significant processes related to the business objectives of the company.
- A material weakness is reported if the effect of the misstatement is greater than 5% of consolidated pre-tax income.
Other specifics for J-SOX in reporting and evaluation of internal controls over financial reporting, distinguishing the Standards from U.S. SOX, are:
- Internal control assessment reports will be audited and certified by independent accountants, who will attest to the reports' reliability or lack thereof. Under U.S. SOX requirements, in addition to assessing a company's management-generated internal control assessment reports, the certifying accountants must also perform an audit of the effectiveness of the company's financial reporting related internal control system. The U.S. requirement will come into alignment with J-SOX with the approval of Accounting Standard No. 5 (AS-5).
- The managers of a company are responsible for designing and implementing an internal control system, and they must assess the effectiveness of that system.
- Management reports on the accuracy of disclosures and the company's internal controls.
- J-SOX does not restrict consulting roles offered by external auditors to the same client.
Information Subjected to the Rules:
- Consolidated financial statements and their footnotes in the financial section of Securities Report.
- Disclosures that have a significant impact on the reliability of financial statements in other sections of the Securities Report.
J-SOX Internal Control Framework:
- J-SOX framework includes an objective of "preservation of assets" in addition to three COSO objectives.
- J-SOX framework includes an element of "Response to IT" in addition to five COSO elements.
Evaluation Steps for J-SOX:
- Determine the scope by reasonably considering the materiality of the quantitative and qualitative impacts to the financial reporting.
- Evaluate company-level internal controls. The list of elements is similar to COSO, with the addition of "Response to Information Technology."
- Evaluate process-level internal control over closing and financial reporting. Controls are divided into company-level controls and process-level controls. The company level controls should be evaluated at all business units.
It is imperative for Japanese companies to recognize the issues in order to evaluate and establish effective internal controls and to be prepared for the compliance due date. We have developed a 5-phase approach which will provide guidance for successful compliance of J-SOX requirements.