Overview of J-SOX
In the U.S., the importance of Internal Control is emphasized after Enron Case and Worldcom Case, and SOX Act was established in July, 2002. Such a trend in the U.S. and Livedoor Case propelled the demand for regulations to reinforce Internal Control, which resulted in the legal renovations including the establishment of Companies Act and amendment of Certified Public Accountant Law. Among these regulations, specifically, Internal Control Reporting System defined in Financial Instruments and Exchange Law is called J-SOX, which will be enforced on 2008. The major parts of its contents basically follow SOX Act.
Contents of J-SOX
J-SOX mandates listed companies to have evaluation by executive officers and audit of evaluation results by certified accountants etc. concerning "Internal Control concerning financial reports."
- Evaluation done by executive officers about "Internal Control concerning financial reports" (Creation of Internal Control reports)
- Audit regarding "the evaluation done by executive officers about "Internal Control concerning financial reports" done by certified accountants etc. (Internal Control audit)
Financial Instruments and Exchange Law（Amended on June 13th, 2008) 4-4-1 in Article 24 (Excerpt)
Among companies that are required to submit securities reports, companies that are issuers of securities prescribed in Section 1 in Article 24 or other companies which is prescribed in ordinances must submit, to Prime Minister, reports of the evaluation of the system to ensure the accuracy of statements used for financial calculations and other information regarding the corporate group and the concerned company based on the criteria prescribed in Cabinet Office Ordinance, which is called "Internal Control reports" hereafter, along with the securities report.
Companies are required to establish and maintain Internal Control concerning the process creating financial documents. Companies must be audited by third-party auditors, such as certified accountants and audit corporations. Executive officers have to evaluate Internal Control concerning financial document creation process, and the result must be submitted as "Internal Control reports."
Target of J-SOX
However, in case there are consolidated subsidiaries and affiliate companies 20%-50% of whose shareholder voting rights are owned by the company (equity method affiliates), the listed company's evaluation should include those companies.
For the sake of J-SOX compliance, the three tools shown below (Three-piece Set) are recommended.
- "Business description document"
- "Risks and the control's responses to them (RCM)"
- "Flowcharts of business (Business Flow Diagram)"
The concrete procedure for the compliance is as follows.
- Determination of basic plans and policies
- Executive officers determines basic plans and policies of Internal Control concerning financial reports (the scope, participants in charge, schedule, procedures, etc.) in company-wide level and business-process level based on the decision of board directors.
- Establishment of Internal Control
- Execute Internal Control concerning financial reports in company-wide level and business-process level based on the plans and policies
- Evaluation of Internal Control
- Check if the executed Internal Control is effectively working or not
- Improvement of the flaws and deficiencies
- If any flaws or deficiencies of Internal Control are detected in the evaluation phase, appropriate countermeasure should be taken. If those flaws and deficiencies of Internal Control are fixed by the evaluation date of the Internal Control reports (the last day of the term), we can conclude that Internal Control is effectively working.
- Audit by auditors (certified accountants and audit corporations)
- Get audited by auditors concerning the execution status of Internal Control
- Creation and submission of Internal Control report
- Internal Control report must be created for each business year and submitted to the prime minister. The specific contents are shown below.
- Corporate information, such as the company name, the name of the representative of the company, etc.
- Framework for Internal Control
- Scope of the evaluation, the date of the evaluation, the procedure of the evaluation, etc.
- Evaluation result
- Evaluation results are created based on the following categorization and perspectives.
- Internal Control concerning financial reports is valid.
- Although some part of the evaluation was not able to be executed, Internal Control concerning financial reports is valid. The information about the evaluation procedures that were not executed and the reasons.
- Significant flaws are found, and Internal Control concerning financial reports is not valid. The detail of the significant flaws and the reasons why those flaws was not able to be fixed by the end of the term.
- The evaluation result of Internal Control concerning financial reports can not be manifested because some of the important evaluation procedures was not able to be executed. The information about evaluation procedures not executed and the reasons.
- Special affairs