The Sarbanes-Oxley Act Section 404 also commonly referred to as SOX Compliance or SOX 404 is a standard established as a stringent protocol for internal controls that affect the financial reporting and security within publicly traded companies. The Act was passed in the wake of increasing financial scandals in the industry. Compliance refers to the annual audit requirement wherein public companies are required to provide evidence of accurate and data-secured financial reporting. The compliance governs the financial operations and disclosures of corporate entities and any of their contracted financial service providers. Our Compliance experts at VISTA InfoSec can help your organization with the implementation and maintenance of SOX compliance programs.
We can help your team with the process of SOX Audit through proven methodologies of assessment and implementation including scoping, risk assessments, documentation, and SOX Compliance testing. Our methodologies are designed around the industry’s best practices and techniques. By adopting a risk-based approach, we identify the internal controls over financial reporting risks and effectively address the risk and support the implementation with a proven control framework. Our team will work closely with your organization to offer tailored services that meet your unique SOX compliance needs on schedule, and in the budget, assuring the highest quality.
Understand your business operations, controls, and systems to define the scope that applies to your organization.
Assess your organization vis-à-vis the SOX standard to identify areas that need to be addressed.
Conduct a brief Awareness Training program on SOX for your organization.
Identify your critical information assets and accordingly classify them for creating a separate asset inventory.
Conduct a comprehensive Risk Assessment to identify weak areas and loopholes that could impact the business-critical assets of your organization.
Our experts rank the risks identified and accordingly help you strategize appropriate Risk Treatment measures.
Create the policy and procedure document set with inputs and validation acquired from your team.
Our process and tech team will work in collaboration with your team to help you at every stage of the compliance process.
User Training program for all personnel covered in scope on their specific responsibilities. We will provide your team with all the training documents.
After a reasonable gestation period, a separate team of experts conducts a Pre-assessment of your setup and measures implemented.
Once all controls are confirmed to be in place, we will audit your processes to confirm adherence to the SOX requirements.
If required we can extend our continual support by offering you Managed Compliance Services to help your organization stay certified.
Sarbanes-Oxley which is also commonly referred to as SOX compliance or Sarbox is an annual assessment that determines the effectiveness of an organization's internal financial auditing controls. SOX compliance is not just a legal obligation but also a good business practice that is expected of all US public companies.
SOX compliance mandates companies undergo annual audits and ensure that the reports are available to all stakeholders. Companies hire independent auditors different from the internal auditors to prevent a conflict of interest for the SOX audits.
SOX Compliance applies to all publicly traded companies in the United States as well as wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the United States. SOX also regulates accounting firms that audit companies that must comply with SOX. Further, it is important to note that although SOX does not apply to private companies but if the private companies plan an Initial Public Offering (IPO) should also prepare to comply with SOX before they go public.
SOX Audit cost for an average-sized company starts at $15000. Pricing for a SOX Audit usually depends on several factors, including the Scope of the Audit, Business Applications, Technology Platforms, Number of Locations to be included in the audit, and other related factors.
In addition to the lawsuits and negative publicity, a corporate officer who does not comply or submits an inaccurate certification is subject to a fine of up to $1 million and ten years in prison. In case submitting the wrong certification was on purpose, the fine can increase up to $5 million and twenty years in prison.
On average it takes 3-4 weeks to complete a SOX Audit with reporting. However, the timeline also greatly depends on the time taken for implementing the remediation suggested in the gap analysis.
While it is not applicable for privately-owned companies to comply with SOX, but publicly traded companies in the US must comply with SOX compliance.