Sarbanes-Oxley (SOX) Compliance
Failure to comply with SOX regulations can lead to a reduction in stock price, being struck off the stock exchange, fines and even prison.
ZR Consultants (ZRC) are SOX subject matter experts. For over 20 years, we have implemented & managed SOX functions, across the UK, Europe & the USA. ZRC can assist organisations with SOX through readiness assessments, documentation and testing assistance and through sustainability assessments.
We can also advise on the upcoming UK Audit & Governance Reforms (“UK SOX”) & ESG integration into Audit programmes.
Our approach to SOX delivery includes looking at your organisations existing systems and processes to see how well prepared they are to implement a SOX programme and identifying any gaps and making recommendations. We can also assist in establishing and resourcing a new SOX function as well as supporting an existing SOX or IA function.
Our services are tailored to our customers needs, but typically cover:
Production of comprehensive group methodologies covering all aspects of risks, controls, testing and remediation designed to support an organisation with their SOX compliance.
Collaboration with an organisations external auditor to clearly identify the entities and processes in scope and agreeing materiality thresholds.
Implement a robust Programme plan ensuring all stakeholders are regularly aware of progress, risks and issues enabling management to make better decisions.
Communication & Training
Delivery of SOX training / drop-in sessions to support Control / Process owners.
Production of high-quality narratives, process flows and risk & control matrixes capturing key SOX IT and Business controls designed to help management continuously assess their Sox compliance and improve effectiveness with SOX compliance.
Design & Operational Testing
High quality and comprehensive, walkthroughs and testing, ensuring outputs can be relied upon by external auditors.
Ensuring remediation of all deficiencies by working with the business to ensure robust and practical plans are implemented reducing year on year costs.
Managing relationship with external auditors and ensuring any findings are effectively challenged and adequately reported.
Other Specialist Areas
Specific guidance and support around technical areas such as User Access violations, IPE’s (Information produced by entities), ITGC’s (IT general controls), ITAC’s (IT application controls), EUC’s (End user computing) etc.