Skip to Content

Are your internal controls still effective? Find out with our SOX compliance checklist

May 13, 2022 Article 3 min read
Matthew Bohdan Amanda Carrigan
Frequent internal control reviews are essential to maintain compliance with Sarbanes-Oxley (SOX) Section 404. Our checklist will help you identify control gaps to keep your people, process, and technology on track for compliance, risk management, and financial operational excellence.

Man sitting in an empty glass conference roomNo matter when your fiscal year ends, it’s important to review the health of your internal controls regularly to ensure they’re working properly. If left unaddressed, challenges in the areas of people, process, and technology can combine and compound, increasing the risk of fraud and material misstatements.

Avoid risk with an internal controls SOX compliance checklist

If you lack confidence in your internal controls — or worry you “don’t know what you don’t know” — now is a crucial time to pause, reflect, and assess. You’ll also want to consider how recent and upcoming organizational changes could impact your current controls, and what new skill sets, segregation of duties (SOD) considerations, and IT controls might be needed to better protect your business.

That’s why we’ve created an internal controls SOX compliance checklist, which reporting companies — as well as those planning to go public — can use as a framework to organize key activities into quarterly milestones and check progress throughout the year. Beyond compliance, this template will also support the development of a stronger control environment, which has big-picture benefits: enhanced risk management, increased control awareness, financial operational excellence, and executive peace of mind.

Internal Controls SOX Compliance Checklist 

In addition to the tool, here are some guidelines to help you stay on track:

Focus on what’s most important for internal controls and SOX 404 compliance

Examine your organization at a high level to determine the need for adjustments and the presence of risk management shortfalls:

  • Evaluate if departures of key professionals have affected the ability to keep up with requirements and responsibilities.
  • Establish and reinforce themes of ownership and accountability through proactive discussion with staff.
  • Develop, review, and update the annual risk assessment to ensure all necessary changes have been addressed and incorporated.

Establish and adjust internal controls

  • If your control environment has already been established, identify temporary and permanent changes that have altered business operating conditions. If you’re in the process of establishing your control environment, be sure you make the appropriate considerations.
  • Confirm the existence and effectiveness of mitigating controls to address obvious internal control shortfalls.
  • Monitor and evaluate all control activities early and often to ensure consistent and effective operation.
  • When looking ahead to year-end, be sure to invest time in identifying, documenting, and disclosing critical changes on periodic financial statements, subject to the appropriate level and precision of review. Factor in any discontinued operations, M&A activity, divestiture of business, debt relief, etc.

We find it helpful for our clients to address these internal control challenges first through a high-level, systematic framework, and our internal controls SOX compliance checklist will serve as a guide as you make that assessment. If you find that you have more unchecked boxes than you expected, there’s still time to act, regardless of your proximity to the year-end mark.

Healthy business risk starts with proper segregation of duties.

Related Thinking

Business professionals meeting in a modern company cafe area.
March 29, 2022

SOX compliance: Challenges boil down to people, process, technology issues

Article 4 min read
Top down view/photo of business professionals meeting around a very large conference table.
March 29, 2022

Stressed about SOX? Fixing these common mistakes will help

Article 5 min read
Group of coworkers in a business meeting.
March 21, 2023

Turning risk into opportunity: Five questions to ask

Article 8 min read