Sarbanes-Oxley compliance

Our point of view

The world is changing:

The evolving regulatory environment (e.g. PCAOB, SEC, JOBS Act, etc) continues to create new challenges;
Resources and skills have not kept pace with external and organisational change;
Reactive programmes have not taken advantage of opportunities to streamline activities; and
Organisations are failing to react to changes in approach by independent auditors.

We are aware that many sectors continue to face issues around the quality of their existing SOX compliance framework, while the associated cost of compliance continues to increase both in real terms and by taking key talent away from higher-value activities.

Our experience shows that high-performing companies sustain an effective balance between quality and cost over the long-term. Furthermore, those that take a strategic approach to establishing a clear vision, maintain the right risk focus, integrate their compliance structure and enable flexible talent models and technology are clearly demonstrating the most cost-effective and highest quality SOX performance.

Download the Guide SOX Compliance Solutions

When to act

At PwC, we understand that many companies could benefit from an increased focus on SOX compliance and there are a range of common scenarios that may prompt them to seek additional support in this area. These triggers include:

Dealing with change - companies moving from a reactive to sustainable SOX programme, considering long-term strategies, leading practices, culture of continuous improvement to deliver effective, efficient and sustainable SOX compliance;
Maturity and managing cost - companies with a less complex SOX setup that are looking to rationalise their SOX programme to make it more cost effective;
Dealing with a problem - companies that are seeking to design and implement appropriate controls to remediate SOX material weaknesses or significant deficiencies;
Auditor challenge - companies that face challenges from auditors concerning their existing SOX programme; and
An inorganic event - companies that are considering an IPO or that are purchased as part of a business acquisition that need to become 'SOX ready'.

What good looks like

Based on our analysis and experiences of working with leading compliance programmes that have consistently performed and sustained quality and cost-effective SOX compliance, PwC has identified a set of common characteristics typical of organisations successful in this area. We see these as the Attributes of SOX Excellence:

Improved quality of the overall programme and internal controls over financial reporting, in line with most recent regulatory expectations;
Reduced level of effort by balancing cost through conscious decisions around strategy, structure, people, processes and technology;
Enhanced reliability increasing the use of management's work by the independent auditor from enhanced competence and objectivity of testing;
Increased alignment of organisational governance, risk and compliance efforts;
Talent redeployment from compliance activities to more strategic business priorities;
Increased ownership resulting in higher levels of engagement with SOX responsibilities; and
Change management supporting clear and detailed planning of SOX compliance implementation and reporting.

When combined, these attributes promote sustained benefits for our clients over the long term. We aim to ensure the creation and support of cost-efficient, flexible compliance solutions that meet the needs of our partners.

How we can help

At PwC, we are the auditor of more than 30 per cent of all UK-headquartered businesses registered with the SEC. This provides us with a unique insight into the requirements of companies across a wide range of sectors when it comes to the specific details of SOX compliance solutions.

We offer a range of tools, resources and accelerators towards a sustainable state whereby SOX compliance program quality is delivered at the lowest total cost, including:

SOX compliance programme benchmarking;

SOX compliance programme benchmarking;
SOX implementation for pre-IPO/post-JOBS Act companies;
SOX rationalisation to ensure the right controls at the right level to cover the right risk. This may, for example, allow a focus on standardisation, efficiencies and use of technology to digitalise the SOX process [PwC SOXbotics]; and
Management and Board updates/training sessions on SEC and PCAOB developments, SEC comment letters, US GAAP and IFRS developments.

For more information regarding how our services can support your business in the area of SOX compliance, please contact one of our experts. We can provide a comprehensive breakdown of our service offering in line with your specific requirements.

Strategic SOX Programme Assessment

Many organisations see a high level benchmarking exercise as the path towards SOX effectiveness. However, we have found that this approach often creates misleading results that may not enable effective decision-making. Identifying and then realising optimal enhancements and savings requires an understanding of the organisation’s environment and deep expertise to trigger opportunities at the source.

We can benchmark the performance of your SOX compliance programme against companies of various complexities and sectors to provide you with leading insights that go beyond the control framework.

Digitising your SOX programme

In many organisations today, most SOX activities are performed manually. And for many the process is inefficient, resource-intense, and may lead to a lack of employee engagement over time.

Digitising your SOX programme can lead to higher quality at lower cost - through streamlined and automated processes; greater assurance over control effectiveness; and sophisticated, analytics-based risk assessment and decision-making.

PwC can help you move along your digital SOX journey by providing seamless access to digital expertise, SOX know-how, and a range of leading technology. This technology includes intelligent automation software like RPA, machine learning and artificial intelligence, workflow solutions, and proprietary technology such as PwC’s Enterprise Insights (a cross system analytics solution that helps companies assess risks within their enterprise system data) and SOX Scoping Central (a tool that automates top-down SOX risk assessment and scoping, creating a truly risk-based approach to ICFR documentation and testing).

SOX IPO readiness

Going public is a chance to grow and capture new market opportunities. With ever-changing regulatory requirements and extensive internal financial scrutiny now mandatory, it’s clear that a successful IPO today takes more due diligence than ever. Having an advisor with the right experience and insight can make the difference in helping you achieve your objectives and navigate key decisions to deliver an effective SOX compliance program for years to come.

SOX and cyber security

We provide a comprehensive range of cyber security and data privacy services to help you assess the potential impact on your SOX programme, build and manage your cyber security defences and respond to incidents. Our services are designed to help you build confidence, understand and react to threats and vulnerabilities, protect what's important and secure your environment. We advise senior management and Boards on shaping a strategic response to cyber risk. We also help our clients address the legal issues around breaches and data privacy, and build a culture and environment where people understand how to behave securely. We help you manage risks and build confidence in your digital future.