In 2004, when SOX compliance was first mandated for publicly-traded companies, we successfully helped our client pass their first audit.
We began by understanding the regulations, its requirements and the implications to the auditee (our client). We estimated the effort/hours needed and built a project plan based on the reporting deadline.
Next, we performed a materiality and risk assessment to focus the audit effort on the higher risk areas and reduce the work on low risk areas. We gained an overview understanding of our client’s business and operations. From there, we created audit work programs tailored to our client’s processes and procedures. We sent documents and data requests. We scheduled and conducted interviews to understand policies and
procedures in detail. We documented the procedures and controls and assessed the design of the controls to mitigate the risks identified.
Then, we selected sample transactions to test and verify that the controls operated as intended. Where needed, we suggested changes to improve the control environment. Once management implemented the recommendations, we reevaluated the test results. We then finalized and
reported the results to management.
We managed the project from beginning to end. Throughout the audit, we worked closely with management and external auditors to ensure collaboration and communication. We held weekly status meetings with process owners and reported summary progress to senior management and to the Audit Committee.