Quick Path

Streamlined Sox Compliance

Changes in the corporate structure via mergers, acquisitions, divestitures, and IPOs will often impact Sarbanes-Oxley compliance requirements, forcing executives to evaluate their compliance program. 

Leading these organizations through the evolving Sarbanes-Oxley Compliance (SOX) process is part of our core consulting practice. Our consulting teams have worked with the SOX compliance requirements since the Act’s inception in 2002 and have guided our clients through the ever-changing compliance landscape. 

The unique combination of our experience and our methodology allows corporations to achieve compliance goals cost-effectively while adapting to structural changes. 

“Our SOX auditors have years of audit and management experience, and backgrounds in audit, accounting, and financial reporting. When you work with us, we bring you deep understanding of engagement management, project management, business process improvement, and risk management—so your business can move forward with certainty.”

Sargon Youmara

Partner – Sikich Governance, Risk and Compliance

Proprietary SOX Methodology

Our proprietary SOX compliance methodology was designed specifically for organizations facing change. Our methodology is a top-down, risk-based approach that meets SOX Section 404 requirements. It streamlines compliance efforts, utilizes the COSO Framework, and is consistent with standards established by the PCAOB. 

  • Risk Assessment
  • Entity Level Review
  • Control Document
  • Control Testing
  • Company Assessment

Internal Control Testing

Organizations subject to the reporting requirements of the SEC are required to include a report on the company’s internal control over financial reporting in their 10-K. In order to obtain reasonable assurance regarding the operating effectiveness of controls, key controls must be tested to validate their design and operating effectiveness.


In today’s world, every business is a technology business. We’ll help you define key controls and compliance metrics as they apply to IT. Typical SOX ITGC testing includes:

  • Logical access controls over infrastructure, applications and data 
  • System development life cycle (SDLC) controls 
  • Program change management controls 
  • Data center physical security controls 
  • System and data backup and recovery controls 
  • Computer operation controls 
  • Segregation of duties 

Internal Control Consulting

When internal controls in either financial reporting or information technology have failed testing and are deemed as deficient, knowing what to do next can be overwhelming. When you’ve made the the decision to remediate the deficiency, we can work as your trusted advisor to create and implement effective internal controls that will protect the integrity of your financial statements.


Foreign SOX requirements like J-SOX and K-SOX might apply to your business. We can provide audit staff in select local countries who understand local SOX requirements, language, and business culture. If you’re a foreign-listed company with operations in the US, we can help you complete US SOX Compliance.

Experienced SOX Advisors


Our SOX auditors have experience in a range of industries and often work as the primary liaison with the public accounting firm on behalf of the management team and the audit committee.


We understand every business’ SOX needs are different—and evolving. We’ll create a customized SOX compliance program for your organization, no matter what stage it’s at.


We take pride in our consultant’s tenure. You’ll work with the same consultants project after project, building long-term partnership. You can expect a reliable partner who truly understands your business

Ready to Get Started?

We help organizations design and implement innovative strategies that are streamlined, efficient, and cost-effective. Let’s discuss how we can help you and your organization.