Article
The SOX compliance journey: Preparing for compliance
Jan. 15, 2025 · Authored by Chad Miller, Mumta Taneja, Erin Clayville, Matt Reierson, Jim Schoppe
Successfully achieving Sarbanes-Oxley (SOX) 404 compliance is complex, challenging and can seem daunting. Many companies underestimate the necessary scope of documentation, evaluation and testing efforts, as well as staffing requirements.
Drawing on our experience assisting many organizations with their SOX 404 readiness efforts, we have prepared an example “SOX readiness roadmap,” which may be executed over a one-or two-year period, based on the needs of the organization.
Familiarize yourself with the SOX 404 compliance readiness basics below and download our guide for expanded insights, including a sample 12-month readiness roadmap.
Key SOX activities and timeline
- Document company's significant business processes affecting financial reporting
- Identify risk, controls and areas of improvement in internal controls over financial reporting (ICFR)
- Make code of ethics and business conduct policy publicly available
- Establish "whistleblower" hotline
- Evaluate need for enhanced financial reporting function
- Implement a CEO/CFO certification process
- Implement a process to test internal controls and report on testing
- Remediate internal control gaps where necessary
- Management's assessment on internal controls over financial reporting
- Auditor's attestation and report on management’s assessment of internal controls over financial reporting
