Sarbanes-Oxley (SOX) Advisory
Supporting SOX compliance at any stage – it doesn’t matter if your organization is new to the SOX Act or if its long faced its requirements. Every SOX program can be optimized and less burdensome.
Section 404 of SOX mandates an internal control report that contains management’s assertions regarding the effectiveness of the company’s internal control structure and procedures over financial reporting. If subjective to Section 404(b), you must have an external auditor attest to, and report on, management’s assessment.
Section 302 requires the CEO and CFO’s certification, while Section 906 imposes criminal penalties for not fairly representing operations’ financial condition and results.
Despite efforts to the contrary, the total number of hours and level of commitment dedicated to SOX compliance have not decreased notably over the last 15 years. According to Protiviti’s SOX Compliance Survey, most organizations increased the hours logged for SOX compliance during their most recent fiscal year. External auditor scrutiny is also intensifying in response to actions of and guidance from the Public Company Accounting Oversight Board (PCAOB).
SOX compliance has been my bread and butter. I’ve helped companies of all sizes and maturity levels comply with the requirements.
Where do I help organizations?
- Pre-IPO SOX readiness
- SOX program implementation and optimization
- SOX documentation and testing
- 404(b) testing reliance
- Material weakness remediation
- General staff augmentation
%
Percentage of SOX costs spent on outsourced resources
Source: Protiviti SOX Compliance Survey
%
Percentage of organization relying on third-party service providers for SOX testing efforts
Source: Protiviti SOX Compliance Survey
My Implementation Approach
Awareness & Planning
- SOX introduction training for leadership, process owners, and control performers
- Project planning
- Preliminary risk assessment and scoping
- IT systems documentation
- Deliverables include training presentations, scoping memo, project plan and leadership deck
Current State Gap Assessment
- Process walkthroughs
- Entity level controls
- Mapping risks to controls
- Aseessing controls against best practices and frameworks (COSO, COBiT, PCAOB, etc)
- Remediation planning for identified gaps
- Deliverables include RACMs, flowcharts, ELC mapping, gap assessment, and remediation plan
Implement & Enhance Controls
- Prioritization efforts
- Re-designing and improving controls
- Additional training
- Updating process documentation for enhancements and remediation efforts
- Deliverables include job aids, policies and procedures, and updated process documentation
Compliance Testing
- Update scoping
- Test of design
- Test of operating effectivess
- Reporting
Deliverables
