Sign In
Bookmark and Share

SOX 404 Compliance

Changes to SOX could mean lower 404 compliance costs

The Public Companies Accounting Oversight Board (PCAOB) has issued a new audit standard that allows auditors and management to exercise more professional judgment when assessing and evaluating internal controls.

Therefore you probably would benefit from our help taking a new look at your compliance with Section 404 of the Sarbanes-Oxley Act (SOX) or the Japanese parallel — JSOX.

You can rely on the experience we’ve gained doing internal audits and Sarbanes-Oxley compliance work for hundreds of U.S. and multinational companies. We provide a seamless response by collaborating with professional services firms in more than 72 countries.

Our SOX compliance team includes members who carry professional certifications, including Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), and Certified Public Accountant (CPA). 

Three-step process

We have a three-step plan to help you meet regulatory and internal risk management requirements for SOX 404 and JSOX.

Step One: Using a catalog of recommended controls, we will compare and assess your existing IT controls and related documentation. After studying this information, we will develop a “gap” analysis that will highlight opportunities to modify your risk control framework to take advantage of the new IT audit standards issued by PCAOB and to ensure JSOX or SOX compliance.

Step Two: We will assist you in developing documentation typically required for compliance with SOX 404. This includes an information security program, entity-level control framework, activity-level control framework, segregation of duties objectives, detailed control activity descriptions, information technology policies and procedures, key process documentation, and key spreadsheet policies.

Step Three: We will develop testing plans that are customized to your specific objectives and IT control activity descriptions. These include appropriate sampling, guidance, and clear documentation of any testing exceptions or deficiencies identified.

We understand how to explain our methodology to your external auditor so that he/she will be confident in the reports.

“Our telephone service was a monster to tackle, but Plante Moran’s communications review process was painless. The staff was great to work with and now we have a more efficient telephone service system in place, plus we’ve cut costs.”

Kim Donahey, Controller
Downriver Community Conference