How to Knock the SOX off Compliance: a Sarbanes-Oxley Roadmap

Businesses required to comply with the Sarbanes-Oxley Act (SOX) can come across a number of uncertainties and questions about what needs to be done in order to be compliant. In short, SOX compliance requires companies to have an internal control environment in place over financial reporting to ensure that financial information from a company fairly depicts the financial condition and the results of the company’s operations. For SOX to be completed both efficiently and effectively, organizations need to have a framework in place. From there, they will begin to experience benefits that can be felt by the entire company.

Organizations should consider the following elements to implement and maintain a successful SOX framework:

  • Strategy - Includes defining the needs of the company and the mission they’ll follow as they implement their SOX processes. Also, in this first step a risk assessment is performed to identify risks that could affect the business.
  • Structure – Defines the department setup, including stakeholders and internal audit, as well as the budget for the engagement.
  • People - Understanding which employees will be involved in the SOX process, which includes employees and third-parties who will be responsible for coordinating the SOX efforts.
  • Technology – Applications or tools that will be used to complete the SOX processes and make the audit more efficient.
  • Process - Includes documented methodologies and procedures to define clear guidance on how the SOX process should be completed.

SOX can be complicated and sometimes difficult to manage, but there are certain things companies can implement and focus on to ensure that their SOX procedures are completed appropriately and in a timely manner. A big item of focus should be communication throughout the SOX engagement. Good communication can affect so many aspects of the audit and can help streamline the engagements. Examples of how communication can affect SOX includes:

  • Communicating with employees to ensure they know their roles/responsibilities and what is needed at different points throughout the engagement.
  • Communication with stakeholders to determine that the engagement is on track or if new areas need to be tested. Status meetings and communication of deficiencies, once identified, can help keep everyone informed and on schedule.
  • Communication with external auditors is essential in planning for the SOX engagement, determining the approach, expectations for the testing, and ensuring everyone is in agreement with management action plans.

Another important task, is to promote a culture and mindset of continuous improvement, which involves constantly looking for ways to improve SOX audits and not always relying on what was done in prior years. This can be accomplished through the following techniques:

  • Optimization of key controls to ensure that appropriate controls are in scope
  • Assess the design and scope of controls annually
  • Review the use of technology and innovation in SOX engagements, such as the utilization of data analytics to develop better findings or recommendations for the stakeholders, or the use of robotic process automation (RPAs) to increase efficiencies.

When companies take the time to implement a SOX program using a well-designed framework – and address items like communication and continuous improvement – they can begin to experience many different benefits, including efficiencies related to the optimization of controls, an increased reliance on automated controls that lead to a reduction of the total compliance effort, and the strengthening of existing controls through continuous improvement, all of which can bring about an overall change in corporate culture that helps people throughout the organization become more aware of the controls in place and why they’re necessary.

To learn more about Schneider Downs SOX Team, visit our deditcated Sarbanes-Oxley Solutions page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Successfully Transitioning Significant Processes During Business Succession
Fraud Risk Assessments – What your Organization Should Consider
Prop 24 passes in California What is it? What does it mean for privacy?
Ransomware Attack Disrupts Popular Sports Gambling Sites
The Hardware Failure That Took Down The Tokyo Stock Exchange
The FFIEC’s Take on Addressing Pandemic Planning within Business Continuity Processes

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102