Sarbanes-Oxley Compliance (SOX)
The Sarbanes Oxley (SOX) ACT 2002, is US legislation that requires all organisations listed on the US Stock exchange to ensure that management has implemented a robust review of their material internal processes and controls. The main objective of SOX is to detect any material mis-statements to the Financial statements.
"Failure to comply can lead to a reduction in stock price, being struck off the stock exchange, fines and even prison."
There is a lot of talk about implementing the same level of rigour to companies listed on the UK stock market and pro-active organisations have already started rolling out UK SOX equivalent programme in order to benefit from the savings and benefits that arise from such a review - learn more about UK SOX.
We have successfully delivered SOX for a number of clients including Barclaycard, Barclays, UK Secured Lending, Unilever, Booking, Sysco and Brakes. Please see our previous projects for some examples, as well as what our clients say about us .
We are SOX subject matter experts and our work has been highly appraised by the Big 4 who have reduced the level of independent testing required as a result of the high quality of our test papers and approach. We have also worked on a number of Big 4 clients, delivering services on their behalf.
Our Team has been responsible for addressing the cultural challenges presented by first and second year SOX and providing training on PCOAB hot topics such as ITGC’s, IPE’s, ITAC’s, Management review controls and Segregation of duties (SOD).
We have a very structured approach to SOX and will work with all stakeholders and your external auditors to ensure you identify the right SOX controls and that any identified deficiencies are appropriately remediated.
Our services are tailored to our customers needs, but typically cover:
Training and Tools
› We have a complete SOX toolkit which consists of high quality test papers, process flows and narratives that can be tailored to suit your business.
› Carry out training sessions, drop in sessions and provide updates on any PCAOB hot topics.
› Evaluate your current SOX Programme to identify and further efficiencies.
› Put into place regular governance forums.
› Track, monitor and report on progress of all testing and remediation.
› Identify, manage and action any risks and issues threatening the delivery of the programme.
› Our SOX Experts can help define and document your SOX methodology or your Operational risk methodology.
› Ensuring that all key subjects are covered, such as; materiality, sample sizes, sample selection, evaluation of deficiencies, IT applications etc.
› We will review your Financial statements to identify and agree what your materiality threshold is.
› Define and agree all processes that are in scope for SOX and agreed them with your external auditors.
Process Documentation & Workshops
› Our SOX experts will plan and deliver high-quality workshops with all process and control owners.
› The outputs of which will be high-quality Process flows, Narratives and the Risk and control matrix for both the IT and Business processes.
Design Effectiveness and Operational Effectiveness Testing
› Carry out walkthroughs / testing of all key SOX controls.
› Ensure outputs can be relied upon by External Auditors.
› Quality assurance over test papers.
› Agree all deficiencies with the Business.
› Develop high quality action/remediation plans.
› Manage, track and report on all deficiencies.
› Ensure any potential significant deficiencies are appropriately remediated and evidenced.