Compared with traditional initial public offerings (IPO), special purpose acquisitions companies (SPACs) have rocketed in popularity in recent years as a faster route to going public.
According to Grant Thornton’s research, SPACs raised more than $26 billion in investment capital in January 2021 alone.
After going public, the SPAC (created for acquisition as a legal entity with no commercial operations) must seek a suitable target to acquire. Once the SPACs have taken over the privately-held company, the SPAC entity fulfilled its purpose.
Despite their utility in simplifying the process of going public, SPACs come with potential hidden risks when complying with regulatory Sarbanes-Oxley Act obligations (SOX).
SPACs vs Traditional IPO: SOX Compliance Risks
Typically, SPACs face SOX compliance risks that IPOs are better prepared to handle. Traditional IPOs take a longer route to initial public offerings that involve greater financial due diligence before achieving the required investment.
Consequently, SPACs companies going public can be surprised with urgent SOX compliance requirements they’re not prepared for.
Despite the differences in the routes for going public, SPACs and traditional IPOs are subject to the exact SOX compliance requirements.
SPACs Management must be cautious not to let the perceived ease and convenience blind them from personal regulatory mandates that the Sarbanes-Oxley act places on them.And the surprises don’t end there—once SPACs discover their SOX compliance obligations, another little surprise may lay in store—IT General Controls (ITGC).
SPACs, ITGC and IT Audits
ITGCs are ongoing processes designed, implemented, and monitored to ensure the integrity of financial information sourced from a company’s information technology systems and environment.
SOX compliance is dependent on SPACs being able to produce the right ITGC documentation generated through an internal IT audit.
Your ITGC obligations won’t wait; you shouldn’t either
Unless you’re using ITGC automation, designing, implementing, and monitoring ITGC doesn’t come easily, so leave plenty of time.
Doing the basic groundwork and preparing ITGC for successful SOX IT audits requires fundamental changes in mindset and culture.
CFOs and CISOs of SPACs going public must ensure this culture change is consistently advocated for so that it trickles down into relevant teams and remits.
If you’re starting your SOX audit and ITGC journey:
Study the Sarbanes-Oxley act: Sections of specific importance and relevance include sections 302, 404, and 906, though we recommend not limiting your research only to these sections.
Build a relationship with SOX industry insiders: This may be an external auditor registered with the Public Company Accounting Oversight Board (PCAOB), or it might be us—before we automated ITGC, we used to be Big 4 auditors, so we’re ideally positioned to share a detailed insider perspective on what you need to do.
Build and educate your IT & MIS teams: Don’t assume the Accounting department will care for things. SOX compliance and ITGC responsibilities run deep into an organization—from Payroll to Sales, IT and beyond.
Closing Advice for SPACs Seeking SOX Compliance
Don’t panic. Automate what you can: Don’t rush the process if you discover your SOX and ITGC requirements late. Gather the correct information to share with the right stakeholders to raise awareness and make a case for automating ITGC.
Create a coherent plan: If you decide not to automate ITGC, you’ll have much work to be completed quickly. Even if you already have a reasonably healthy control environment. Once you’ve built your IT audit team and strategy, work backward from your compliance deadlines—ensure time to fill ITGC gaps identified and allocate the right resources to fix them.
Test your ITGC before your auditor does: Your new ITGC may look great on paper, but it may also be inconsistently performed. Ensure to test and monitor ITGC standards over time before requesting an external opinion.
DO SOX IT Audits Faster and Automate ITGC Monitoring, With AudITech
Due to the complexity involved in manual ITGC audits, the processes implemented to overcome SOX compliance risk can create other increased risks of error and oversight.
By simplifying and automating ITGC, AudITech protects organizations from those increased risks while providing a fast track to confident SOX compliance readiness.
Request a demo and discover the fast, simple, valuable route to ITGC and SOX compliance peace of mind.