Sarbanes-Oxley Compliance Audits

The Sarbanes-Oxley Act of 2002 (SOX) is legislation passed by the U.S. Congress to protect shareholders from accounting errors and fraudulent practices. SOX include the following key Sections:

  • Section 302 - Corporate Responsibility for Financial Reports
  • Section303 - Improper influence on conduct of audits
  • Section 401 - Disclosures in Periodic Reports
  • Section 404 - Management Assessment of Internal Controls
  • Section 409- Real Time Issuer Disclosures
  • Section 802- Criminal penalties for Altering Documents
  • Section 906 - Criminal penalties for CEO/CFO financial statement certification
  • Section 1107 - Criminal penalties for retaliation against whistleblowers

Sarbanes-Oxley impacts public companies, privately held companies raising capital in the public sector, and companies in the process of going public. Section 404 of the Sarbanes-Oxley Act is particularly challenging to companies due to its many requirements with respect to internal controls over financial reporting.

Schneider Downs specializes in the implementation and ongoing support of SOX programs that align with the Security Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB) standards and guidance. We apply a risk-based, top-down approach that drives both efficiency and effectiveness into the program.

Detailed Approach to SOX Compliance

Schneider Downs’ dedicated IT, financial, and operational audit professionals have experience working with a wide variety of industries of all sizes. We partner with you to assist your company in implementing and maintaining a comprehensive SOX program.

Our SOX approach includes evaluating the design and testing the operating effectiveness of controls.

During our review of the design of the controls, we will take a top-down, risk-based approach to ensure that your organization has identified the significant risks to material misstatement and has put in place the proper key controls to adequately mitigate these risks. We will work collaboratively with management to ensure that the key SOX controls identified are adequate for this objective. Once we are certain that we have identified the adequate key controls, we will then work with management and perform walkthroughs of these key controls. We will document tests of one and work to understand the processes that management has put in place to mitigate the noted risks.

After we have gained sufficient understanding of the design of the key SOX controls, we will work with management to plan and execute our tests of operating effectiveness for the key SOX controls. Our testing will be designed to be comprehensive in nature, and we will select sample sizes as appropriate based on the frequency of the controls in place. We will work collaboratively with management to obtain the evidence necessary to form our opinions and conclusions surrounding the operating effectiveness of the key controls.

Our testing will conclude with a report that we will generate for management that outlines the results of our testing the design and operating effectiveness, along with recommendations to improve the control structure.

case studies

 
big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
 
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

Continuous Monitoring and Auditing – A Growing Automation Trend in Internal Audit

Continuous monitoring and auditing are automated feedback tools used to monitor processes, transactions, IT systems and controls on a frequent or continuous

read more >

Six Tips for Writing Effective Internal Audit Reports

You’ve successfully planned and executed your audit. Now, it’s time to communicate your findings to the client, board, or committee. Here are

read more >

Brian Krebs Sheds Light on Cybercrime at Pittsburgh’s Premiere Cybersecurity Event

On December 9, 2019, I was honored to represent the Pittsburgh Chapter of ISACA and Schneider Downs as the leader of Pittsburgh’s Information Security

read more >

FinTech and the Risk of Convenience

Financial Technology (FinTech) companies strive to work with financial institutions and consumers to provide the ability to conveniently access financial

read more >

Seeing is Believing. The Benefits of Data Visualization.

Every day, companies collect massive amounts of data, including information regarding website traffic, customer inquiries, or sales data. With all this

read more >

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102