Listed entities in the US subject to the provisions of the US Sarbanes-Oxley Act, face a daunting compliance task. It requires management to annually assess and assert to the effectiveness of the organisation’s internal controls and procedures for financial reporting.

Section 404 of the Act (SOX 404) is of particular concern. Section 404 (s404) also requires a company's external auditor to report on management’s evaluation of these internal controls and procedures. SOX covers various aspects of company management and governance.

How we can help

KPMG offers SOX compliance services including SOX Assistance Services and a Control Assessment Template. We help companies to:

  • Prepare a cost-effective, tailored s404 compliance program; 
  • Create clear links between risks and management decisions within an ‘internal controls over financial reporting risks’ framework;
  • Reduce the documentation and testing burden; and
  • Identify and execute year-on-year compliance with s404 compliance.

In choosing KPMG to help them with SOX compliance, organisations gain access to methodologies and software whilst working with financial reporting and compliance professionals.

Typical models in which we can help include:

Outsourcing - Build, operate and maintain the SOX compliance program including the performance of walkthroughs / test of design, test of operating effectiveness, control deficiency evaluation, and reporting. The work will be completed under the ownership and guidance of management.

Co-Sourcing - Provide assistance on an ‘as needed’ basis typically for technical areas of specialisation (e.g., tax, IT), industry knowledge and global resource.

Secondment - Staff engaged on a temporary basis to act as an internal controls specialist.