Skip to Content

Are your internal controls still effective? Here’s a SOX compliance checklist

April 29, 2021 Article 3 min read
Matthew Bohdan

Frequent internal control reviews are always important, but they’re even more critical following COVID-19-related changes to your business. Our internal controls SOX compliance checklist will help you identify gaps and keep your organization on track for Sarbanes-Oxley (SOX) 404 compliance reporting.

Man sitting in an empty glass conference roomTremendous disruption caused by COVID-19 led companies to focus more than ever on risk management, governance, and internal controls as they transitioned to a remote work environment. Whether the new normal for your organization involves a full return to in-person work, a continuation of remote work, or a hybrid approach, one thing that hasn’t changed is the need to maintain strong internal controls. This is especially true for public companies that need to meet SOX 404 reporting requirements.

Avoid risk with an internal controls SOX compliance checklist

No matter when your fiscal year ends, it’s important to review the health of your internal controls frequently to ensure they’re working properly and keeping your company protected from risk. Now is a crucial time to pause and reflect on how recent and upcoming changes could impact those controls. That’s why we’ve created an internal controls SOX compliance checklist, which reporting companies — as well as those planning to go public — can use to organize key activities into quarterly milestones and check progress throughout the year.

In addition to the checklist, here are some guidelines to help you stay on track:

Focus on what’s most important for internal controls and SOX 404 compliance

Examine your organization at a high level to determine the need for adjustments and the presence of risk management shortfalls:

  • Evaluate if organizational departures have affected the ability to keep up with requirements and responsibilities.
  • Establish or reinforce themes of ownership and accountability through proactive discussion with staff.
  • Develop, review, and, if necessary, update the annual risk assessment to ensure all necessary changes have been addressed and incorporated.

Establish or adjust internal controls as necessary

  • If your control environment has already been established, identify temporary and permanent changes that have altered business operating conditions. If you’re in the process of establishing your control environment, be sure you make the appropriate considerations.
  • Confirm the existence and effectiveness of compensating controls to address obvious internal control shortfalls.
  • Monitor and evaluate all control activities early and often to ensure consistent and effective operation.

When looking ahead to year-end, be sure to invest time in identifying, documenting, and disclosing critical changes on periodic financial statements, subject to the appropriate level and precision of review. Factor in any discontinued operations, M&A activity, divestiture of business, debt relief, etc.

We find it helpful for our clients to address these internal control challenges first through a high-level, systematic approach, so we designed the internal controls SOX compliance checklist to help you make that assessment. If you find that you have more unchecked boxes than you expected, there’s still time to act, regardless of your proximity to the year-end mark. For additional support and guidance, contact our team today.

Related Thinking

Turning risk into opportunity: Five questions to ask

Article 8 min read

Internal controls assessment improves financial accuracy

Case Study

Professional services firms: Are your internal controls up to par?

Article 4 min read