Sarbanes Oxley Advisory Services

Sarbanes Oxley Advisory Services

KPMG's Sarbanes Oxley Advisory Services (SOAS) can help an organization with the implementation and maintenance of sustainable SOX 404 compliance programs through readiness assessments, through documentation and testing assistance and through sustainability assessments. In each of these services KPMG firms' professionals work closely with clients to establish compliance programs, transfer knowledge and provide training to support a successful SOX 404 compliance program.


KPMG’s SOAS services can be tailored to individual client needs through readiness assessments, through documentation and testing assistance and through sustainability assessments.

  • Readiness assessments are used to determine how well prepared the organization is to implement a SOX 404 compliance program. It is designed to highlight gaps, and make recommendations, to help clients ensure implementation of a successful SOX 404 compliance program.
  • Documentation and testing assistance is designed to help management support their assessment of their organization’s compliance with SOX 404 requirements.
  • Sustainability assessments are designed to help clients evaluate and improve on their initial SOX 404 compliance efforts.


For each of these services, KPMG takes a risk-based approach to identify the internal controls over financial reporting risks (ICFR) that the organization either has in place, or needs, to address its key financial reporting risks and to support the implementation of its chosen control framework (e.g. COSO).

SOAS projects for our member firms’ clients are based upon our global SOAS methodology and supplemental materials — e.g. the point of view (POV) documents that have been created as a result of the SEC’s Interpretive Guidance for management. SOAS projects are delivered by our Internal Audit Risk & Compliance Services (IARCS) personnel, supported by appropriate subject matter professionals, throughout the KPMG network.


KPMG’s SOAS services can help clients:

  • prepare for an initial compliance program that takes advantage of the most recent guidance to create a cost effective approach to SOX 404 compliance that is suited to the organization.
  • create clearer links between risks and management’s decisions and judgments about how those risks are managed through a company’s approach to ICFR.
  • reduce documentation and testing hours through the use of a more focused testing strategy that accounts for the impact of new or existing direct and monitoring entity-level controls and only testing process level controls that are directly related to identified financial reporting risks at the assertion level.
  • identify and implement year-on-year improvements to the SOX 404 compliance to reduce costs and improve effectiveness of a client’s on-going SOX 404 compliance efforts.

Connect with us