SOX 404 IT Controls
IT SOX Compliance for Public Companies
SOX Section 404(b) requires that the management of public companies assess the effectiveness of the internal controls of issuers for financial reporting. It also requires a publicly held company’s external auditor to attest to and report on management’s assessment of its internal controls over financial reporting (ICFR). If your company’s market cap is over $75 million in assets, you are considered an accelerated filer and are required to document and test your ICFR. Companies under $75 million in market cap are not required to perform the testing.
PKM reviews management’s remediation of any previous IT SOX compliance findings and updates documentation to reflect the remediation efforts at each testing phase. We also have a quality assurance review process to ensure that the conclusions are accurate and documented appropriately.
A Seamless and Efficient Approach to your SOX 404 IT Controls
For the last 15 years, we have been assisting our clients with their IT SOX compliance. In many instances, our clients already have an internal audit department in place that documents and tests ICFR, but they do not have the proper resources to address their SOX 404 IT controls. In these situations, we have successfully integrated our audit process with what our clients already have in place to deliver an efficient and seamless execution. Often, we combine IT audits with IT SOX 404 testing to unlock efficiency, since there is usually overlap between the two audits.
For even greater efficiency, we also coordinate with our clients’ external audit firms to align our procedures with their specific needs. We ensure SOX IT testing work papers are always delivered to meet specific testing timeframes. By doing so, your external auditors can rely on our work and use it to supplement their testing and documentation requirements, which ultimately decreases the time demands of your employees.