Case Study
SOX Management Testing & Remediation for a Travel Company
One of the largest online travel company in India, a foreign private issuer, listed on NASDAQ.
Challenges faced by the client
- A US SPAC acquired the company. The listing regulations require their auditors to attest and report on management’s assessment of the company’s internal controls.
- The company’s Emerging Growth Company (EGC) status expired in the year, and considering that it was the first year of 404(b) certification, the company needed support:
- In testing the control environment (including MRCs, IPE testing) and developing a mitigation plan for deficiencies identified.
- Identification of all applications impacting key processes, perform ITGC.
- Mitigation of MRC’s, which were ineffective due to lack of review evidence, precision levels applied, and follow-up action.
Our team's role
- The scope of the work involved:
- An assessment of the company’s current state of RCM’s
- Identifying design gaps
- Performing operating effectiveness testing of controls (including MRC, IPE, and EUC)
- Prepare management reporting, internal and external
- Subsequently, prepare a remediation plan for exceptions explicitly identified in the client's MRCs and IPEs.
The value our team added
- Based on the testing performed, along with management, our team identified and developed a mitigation plan for key areas requiring improvement in documentation and implementation of additional controls. Our team suggested/enabled improvements in documentation in MRCs and IPEs as per SOX requirements.