SOX requires all publicly-traded American companies, as well as publicly-traded non-American companies, doing business in the U.S., to implement financial and operational controls around essential processes.
SOX Section 404 requires these publicly-traded companies to establish internal controls and procedures for financial reporting. Annual financial reports must include an Internal Control Report from management, including management’s assessment of the effectiveness of the company’s internal control over financial reporting.
A registered public accounting firm is required to attest to management’s assessment which means that these internal controls and procedures must be tested (audited) annually to verify they are in place and are operating effectively.
Public companies often engage experienced SOX consultants to work with them to prepare for these in-depth SOX annual compliance audits. SOX specialists help companies understand the focus and targets of the auditors, guide them in determining and documenting the IT General Controls and set in motion strong practices that minimise the need for remediation.
Sysnet’s team of information security professionals includes former SOX auditors, familiar with all steps of the Section 404 audits. If your company has gone public in the U.S., we would be delighted to work with you as a trusted advisor through the process of identifying your IT General Controls and preparing for your public accounting firm SOX Section 404 audit.
While only a registered public accounting firm can perform the formal audit, Sysnet’s consultants have previously held that audit role and are therefore ideally placed to help you understand all the requirements and detail needed to achieve the full level of compliance.