Flash Content

Sarbanes-Oxley Act Compliance and SSAE 16

The SEC provisions contained in the Sarbanes-Oxley Act (Section 404) require senior management of all public companies to evaluate and certify the effectiveness of their internal controls. This Act has broad implications and clearly raises the bar on the level of management's direct responsibility and liability for compliance, ensuring that:

  • Transactions are properly authorized
  • Assets are safeguarded against unauthorized or improper use
  • Reliable processes are in place
  • Transactions are properly and accurately recorded

API's workflow controlled process, combined with an image archival system, effectively control billing, accounts payable and accounting outsourcing activities. This control includes recording, tracking and reporting according to a companies specific business rules to ensure that established approval protocols are consistently followed. Additionally, an audit trail is created for each step throughout the process. Each billing or payable item logged is electronically linked to all of the associated support documents to essentially create a central data depository for comprehensive and quick access.

All of this information is logged and linked by transaction so that an order, invoice or payment cannot be completed without satisfying 100% of the business conditions which management has established. This ensures that all transactions are properly authorized prior to execution.

API's process automation offers an important foundation to establish reliable processes for data accuracy. API's business intelligence assists in both the prevention and detection of business fraud. Logging all information associated with a transaction - whether it represents an asset purchase or commodity purchase - allows for extensive testing and comparing. This testing and comparison of the API log with the customers ERP or legacy system matches the respective information and provides for utilization reviews of assets. Such reviews are extremely helpful in identifying underutilized or missing assets, as well as highlight unauthorized or improper transaction requests.

API's workflow process electronically records every step of every transaction and stores the associated support documents, which in turn provides insight to unlock hidden business trends and compare the operating performance of various business units.

For public companies required by Sarbanes-Oxley to report on controls over financial reporting and who are working with third party service organization, a SOC 1 Type II report from the third party service organization is essential to meet the required reporting standards. The SSAE 16 standard was developed by the American Institute of Certified Public Accountants (AICPA). The successful completion of the SOC 1 Type II audit provides the evidence essential in today's regulatory environment and in meeting requirements for a properly functioning control environment. An SSAE 16 examination signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. This allows these findings to be disclosed to their customers and their customer's auditors in a structured reporting format.

API is committed to providing our customers with Finance and Accounting Outsource (FAO) services with effective controls and consistent operational performance. API also understands the importance of our customer's knowing that not only that API's internal controls are in place, but that they have been tested and working. Consequently, API has an annual SOC 1 Type II review performed by a leading audit firm on an annual basis. Based on API's most recent SOC 1 Type II report, API customer's can be assured that the FAO services being provided is done so with internal controls that are effective and tested.

"Our partnership with API gives us the capability to consistently deliver on our promises and exceed customer expectations for service."
President and CEO

The Sarbanes-Oxley Act