Leading organizations through the evolving Sarbanes-Oxley Compliance (SOX) process is part of our core consulting practice.
Streamlined SOX Compliance
Changes in the corporate structure via mergers, acquisitions, divestitures, and IPOs will often impact Sarbanes-Oxley compliance requirements, forcing executives to evaluate their compliance program.
Leading these organizations through the evolving Sarbanes-Oxley Compliance (SOX) process is part of our core consulting practice. Our consulting teams have worked with the SOX compliance requirements since the Act’s inception in 2002 and have guided our clients through the ever-changing compliance landscape.
The unique combination of our experience and our methodology allows corporations to achieve compliance goals cost-effectively while adapting to structural changes.
Proprietary SOX Methodology
Our proprietary SOX compliance methodology was designed specifically for organizations facing change. Our methodology is a top-down, risk-based approach that meets SOX Section 404 requirements. It streamlines compliance efforts, utilizes the COSO Framework, and is consistent with standards established by the PCAOB.
Internal Control Testing
Organizations subject to the reporting requirements of the SEC are required to include a report on the company’s internal control over financial reporting in their 10-K. In order to obtain reasonable assurance regarding the operating effectiveness of controls, key controls must be tested to validate their design and operating effectiveness.
Our SOX consultants will test operating effectiveness of your controls. This includes:
Developing Testing Plans
We’ll develop test plans to validate the operating effectiveness of key controls to demonstrate that controls are operating effectively relative to all significant accounts and processes.
We’ll complete test procedures to identify, analyze, and document sufficient evidence to form an opinion regarding whether key controls are operating effectively.
Documenting Test Procedures
To ensure consistent and high quality work papers, we created our own work paper documentation standards, consistent with the expectations of the SEC requirement for evidential matter and the PCAOB.
Identification and Evaluation of Control Deficiencies
Control deficiencies are conditions identified through test procedures that indicate that a key control is not functioning effectively, and requires remediation. Each deficiency will be referenced to a specific work paper that provides evidence that a deficiency exists.
Year-end Follow-up and Roll-forward Testing
SOX section 404 requires Management’s assessment of internal controls to be “as of” the organization’s fiscal year-end. We will complete procedures to ensure controls are operating effectively as of each fiscal year-end.
IT SOX Compliance
The impact of IT must be carefully considered in an analysis of internal control over financial reporting. Our approach to IT risk and control management places a critical lens on the role technology plays in your organization, and how that impacts financials.
During an IT SOX compliance audit, our Information Technology Audit and Security consulting team reviews the controls in place for the IT systems that have a direct effect on the financial statements.
SOX ITGC Testing
In today’s world, every business is a technology business. We’ll help you define key controls and compliance metrics as they apply to IT. Typical SOX ITGC testing includes:
- Logical access controls over infrastructure, applications, and data
- System development life cycle (SDLC) controls
- Program change management controls
- Data center physical security controls
- System and data backup and recovery controls
- Computer operation controls
- Segregation of duties
Internal Control Consulting
When internal controls in either financial reporting or information technology have failed testing and are deemed as deficient, knowing what to do next can be overwhelming.
When you’ve made the the decision to remediate the deficiency, we can work as your trusted advisor to create and implement effective internal controls that will protect the integrity of your financial statements.
Foreign SOX requirements like J-SOX and K-SOX might apply to your business. We can provide audit staff in select local countries who understand local SOX requirements, language, and business culture. If you’re a foreign-listed company with operations in the US, we can help you complete US SOX Compliance.
Expereinced SOX Advisors
Our SOX auditors have experience in a range of industries and often work as the primary liaison with the public accounting firm on behalf of the management team and the audit committee.
We understand every business’ SOX needs are different—and evolving. We’ll create a customized SOX compliance program for your organization, no matter what stage it’s at.
We take pride in our consultant’s tenure. You’ll work with the same consultants project after project, building long-term partnership. You can expect a reliable partner who truly understands your business