Sarbanes-Oxley Compliance Services

Sarbanes-Oxley Compliance Services

Print Divider Print Divider Branding

Since it was enacted, the Sarbanes-Oxley (SOX) Act has resulted in significant changes to the corporate governance and financial reporting requirements of public companies. Section 404 of the SOX Act requires public companies to certify to the effectiveness of their internal control over financial reporting. The external auditors of public companies must then provide an opinion on the effectiveness of each company’s internal control. In order to prepare for this certification, public companies must develop a compliance plan that includes the appropriate steps to ensure that significant risks have been identified and assessed and that key internal controls are in place to mitigate the significant risks. The process of preparing for Section 404 requires public companies to have specialized knowledge of the requirements of the SOX Act; the Committee of Sponsoring Organizations Internal Control – Integrated Framework (the “COSO Framework”); and the internal control auditing methodologies followed by financial statement audit firms.

LBMC has extensive experience with both Section 404 of the SOX Act, the COSO Framework as well as external auditing standards. We have assisted numerous companies of various sizes and in variety of industries with their SOX compliance requirements since the initial year of SOX compliance for accelerated filers in 2004. LBMC provides a variety of readiness services based on the needs of each company. The services that we typically provide include one of more of the compliance phases described below:

LBMC SOX Compliance Services:

  • Documentation and Assessment of Compliance with the COSO Framework
  • Risk Assessment Facilitation
  • Documentation of Significant Processes and Systems
  • Financial Reporting Risk and Internal Control Assessment
  • Internal Control Testing and Reporting of Testing Results
  • SOX Readiness Team

Documentation and Assessment of Compliance with the COSO Framework

We are able to assist clients with their documentation and assessment of their compliance with the COSO Framework.  We can assist clients with their completion of the COSO Framework templates and then assist with their assessment of control gaps.  In addition, we provided entity-level control testing services for key governance controls identified when assessing compliance with the COSO Framework. 

Risk Assessment Facilitation

We are able to assist clients by facilitating their financial Risk Assessment.  The purpose of the Risk Assessment is to identify the significant financial processes and systems that will be documented and tested as part of the SOX compliance process.  When assisting with a Risk Assessment, we follow a top-down, risk-based approach to ensure that future compliance efforts focus only on critical processes and systems.

Documentation of Significant Processes and Systems

We are able to effectively document an organization’s significant processes and systems in an efficient manner.   This phase of the SOX compliance process is often cumbersome due to the detailed interviews and documentation efforts that are necessary for all significant processes and systems.  We are trained to focus on the critical risks and internal controls as we assist with this phase of the SOX compliance process.  Our goal is to document an organization’s processes and systems in an efficient manner. 

Financial Reporting Risk and Internal Control Assessment

As we develop our understand of and document our clients’ critical processes and the related systems, we will assess the key risks inherent within each process to determine which key risks would most likely prevent the related processes from meeting their objectives.  We will then understand and assess the key controls in place to mitigate those risks.  We will then report any control gaps for remediation.

Internal Control Testing and Reporting of Testing Results

After the key internal controls are identified, we work with our clients to develop testing plans to assess the operating effectiveness of those controls.  During this phase, we will communicate frequently with the related financial statement auditor to ensure we are in agreement relative to the controls being testing, the frequency and timing of the testing, the documentation to the testing and the related testing sample sizes.  Communication is critical during this phase to ensure all parties are on the same page. 

During the testing, we provide frequent updates to client management to ensure all control deficiencies are known and corrected as soon as possible.  In addition, at the conclusion of testing, we will provide formal reporting to management and the related Audit Committee, if requested. 

SOX Readiness Services Leadership Team