KPMG's Sarbanes Oxley Advisory Services (SOAS) can help your organisation with the implementation and maintenance of sustainable SOX 404 compliance programs through readiness assessments, documentation and testing assistance, and sustainability assessments. In each of these services, our professionals work closely with you to establish compliance programs, transfer knowledge, and provide training to support a successful SOX 404 compliance program.
How we can help
- KPMG’s SOAS services can be tailored to your needs:Readiness assessments are used to determine how well prepared the organisation is to implement a SOX 404 compliance program. It is designed to highlight gaps and make recommendations to help ensure implementation of a successful SOX 404 compliance program.
- Documentation and testing assistance is designed to help management support their assessment of their organisation’s compliance with SOX 404 requirements.
- Sustainability assessments are designed to help evaluate and improve on initial SOX 404 compliance efforts.
For each of these services, we take a risk-based approach to identify the internal controls over financial reporting risks (ICFR) that the organisation either has in place, or needs, to address its key financial reporting risks and to support the implementation of its chosen control framework (e.g., COSO).
SOAS projects for our member firms’ clients are based upon our global SOAS methodology and supplemental materials — e.g., point of view documents that have been created as a result of the SEC’s Interpretive Guidance for Management. The projects are delivered by our local Internal Audit Risk & Compliance Services (IARCS) team who are supported by subject matter professionals throughout the KPMG global network. Our services can help you:
- Prepare for an initial compliance program that takes advantage of the most recent guidance to create a cost- ffective approach to SOX 404 compliance suited to the organisation.
- Create clearer links between risks and management’s decisions about how those risks are managed through your approach to ICFR.
- Reduce documentation and testing hours through the use of a more focused testing strategy, accounting for the impact of new or existing direct and monitoring entity-level controls, and only testing process level controls directly related to identified financial reporting risks at the assertion level.
- Identify and implement year-on-year improvements to the SOX 404 compliance to reduce costs and improve effectiveness of ongoing SOX 404 compliance efforts.