Sarbanes-Oxley (SOX) Compliance

Streamlined Sox Compliance

Changes in the corporate structure via mergers, acquisitions, divestitures, and IPOs will often impact Sarbanes-Oxley compliance requirements, forcing executives to evaluate their compliance program.

Leading these organizations through the evolving Sarbanes-Oxley Compliance (SOX) process is part of our core consulting practice. Our consulting teams have worked with the SOX compliance requirements since the Act’s inception in 2002 and have guided our clients through the ever-changing compliance landscape.

The unique combination of our experience and our methodology allows corporations to achieve compliance goals cost-effectively while adapting to structural changes.

“Our SOX auditors have years of audit and management experience, and backgrounds in audit, accounting, and financial reporting. When you work with us, we bring you deep understanding of engagement management, project management, business process improvement, and risk management—so your business can move forward with certainty.”

Sargon Youmara

Partner – Sikich Governance, Risk and Compliance

Proprietary SOX Methodology

Our proprietary SOX compliance methodology was designed specifically for organizations facing change. Our methodology is a top-down, risk-based approach that meets SOX Section 404 requirements. It streamlines compliance efforts, utilizes the COSO Framework, and is consistent with standards established by the PCAOB.

Risk Assessment
Entity Level Review
Control Document
Control Testing
Company Assessment

Internal Control Testing

Organizations subject to the reporting requirements of the SEC are required to include a report on the company’s internal control over financial reporting in their 10-K. In order to obtain reasonable assurance regarding the operating effectiveness of controls, key controls must be tested to validate their design and operating effectiveness.

Our Sox Consultants will test operating effectiveness of your controls. This includes:

Develop Testing Plans

We’ll develop test plans to validate the operating effectiveness of key controls to demonstrate that controls are operating effectively relative to all significant accounts and processes.

Testing Procedures

We’ll complete test procedures to identify, analyze, and document sufficient evidence to form an opinion regarding whether key controls are operating effectively.

Documenting Test Procedures

To ensure consistent and high-quality work papers, we created our own work paper documentation standards, consistent with the expectations of the SEC requirement for evidential matter and the PCAOB.

Identification and Evaluation of Control Deficiencies

Control deficiencies are conditions identified through test procedures that indicate that a key control is not functioning effectively and requires remediation. Each deficiency will be referenced to a specific work paper that provides evidence that a deficiency exists.

Year-end Follow-up

SOX section 404 requires Management’s assessment of internal controls to be “as of” the organization’s fiscal year-end.

Roll-forward Testing

We will complete procedures to ensure controls are operating effectively as of each fiscal year-end.

SOX ITGC
Testing

In today’s world, every business is a technology business. We’ll help you define key controls and compliance metrics as they apply to IT. Typical SOX ITGC testing includes:

Logical access controls over infrastructure, applications and data
System development life cycle (SDLC) controls
Program change management controls
Data center physical security controls
System and data backup and recovery controls
Computer operation controls
Segregation of duties

Internal Control Consulting

When internal controls in either financial reporting or information technology have failed testing and are deemed as deficient, knowing what to do next can be overwhelming. When you’ve made the the decision to remediate the deficiency, we can work as your trusted advisor to create and implement effective internal controls that will protect the integrity of your financial statements.

International
SOX

Foreign SOX requirements like J-SOX and K-SOX might apply to your business. We can provide audit staff in select local countries who understand local SOX requirements, language, and business culture. If you’re a foreign-listed company with operations in the US, we can help you complete US SOX Compliance.

Experienced SOX Advisors

Experienced

Our SOX auditors have experience in a range of industries and often work as the primary liaison with the public accounting firm on behalf of the management team and the audit committee.

Tailored

We understand every business’ SOX needs are different—and evolving. We’ll create a customized SOX compliance program for your organization, no matter what stage it’s at.

Consistent

We take pride in our consultant’s tenure. You’ll work with the same consultants project after project, building long-term partnership. You can expect a reliable partner who truly understands your business

Ready to Get Started?

We help organizations design and implement innovative strategies that are streamlined, efficient, and cost-effective. Let’s discuss how we can help you and your organization.