IT Sarbanes-Oxley (SOX) Compliance
Jeff Krull
CPA, CISA, CITP
Partner
Mike Cullen
CISA, CISSP, CIPP/US
Principal
Emily Di Nardo
CPA, CITP, HITRUST CHQP
Partner
Matt Gilbert
CISA, CRISC, CMMC
Principal
Garrett Gosh
CPA, CITP
Partner
Madhu Maganti
CPA, CISA, M.S.
Partner
Andrew McCauley
CPA, CISA
Partner
Brian Nichols
CISSP, CIPP/US
Principal
Joe Shusko
CISA, PMP
Principal
Russell Sommers
CPA, CISA
Partner
Christopher J. Tait
MBA, CISA, CCSK, CFSA
Principal
Bosco Yuen
CPA, CISSP, CISA, CIA, CSX, CCSA, PMP
Partner
Your organization benefits from Baker Tilly’s deep knowledge of how your information technology (IT) systems contribute to an overall SOX-compliant environment. We work collaboratively with your external auditor and help you avoid common pitfalls.
Bringing industry-leading expertise to your IT SOX compliance efforts.
SOX compliance demands rigor and attention to detail to facilitate a streamlined and efficient control environment. Achieving this level of compliance requires reliable controls of systems and data. Organizations need resources and IT expertise in a strategic collaborator to bring a nuanced understanding of all SOX-related aspects, along with a fresh perspective tailored to the organization’s needs.
Baker Tilly can plug into your existing program seamlessly by combining IT and business process control knowledge to support your SOX compliance program. We do more than test information technology general controls (ITGC). Our team has extensive experience transitioning from prior service providers efficiently and effectively to ensure your IT SOX program proceeds smoothly, with timely, higher-quality results and comprehensive testing that supports an external audit reliance approach.
Many organizations find that insourcing IT SOX talent is cost prohibitive. At Baker Tilly, we work closely alongside internal resources and become an extension of your team, providing you with an experienced team in a flexible and cost-effective manner.
Working well with the external audit firm is also essential in SOX compliance. We understand PCAOB auditing standards and the methodology of other firms, helping us to build great relationships with your external auditors so that we are aligned early on.
How we’ll work together
You will have access to a deep bench of talented specialists who understand SOX requirements and can help you navigate compliance nuances. We establish strong working relationships and serve as a Value Architect™ your internal audit function, your auditors and your control operators. We are well-versed in supporting compliance efforts across all lines of defense.
In each engagement, we:
- Perform detailed planning to anticipate concerns and stay ahead of external audit expectations
- Understand your control environment to serve as a trusted business advisor and recommend enhancements to your control environment
- Leverage technology to drive efficiencies in testing
- Apply our experience as external auditors and familiarity with PCOAB auditing standards to anticipate audit needs and advise management on creative solutions to identified gaps
- Use our industry specialization to help our clients create innovative solutions that help them overcome their unique challenges
Some firms mandate that a percentage of work be outsourced to overseas delivery centers to guarantee cost savings for clients. This forced offshoring often means engagements are completed by individuals who don’t understand your culture, controls, environment or unique risks. At Baker Tilly, we don’t have such mandates and we’re proud to source your IT SOX needs with local teams, familiar with your market, industry and unique compliance requirements. This allows us to leverage the right team members with the right experience, training and oversight to deliver a consistently high-quality work product.
IT SOX solutions
By offering the following services, we identify ways to enhance efficiency and effectiveness in the program and provide meaningful, actionable recommendations that can be easily implemented across all three lines of defense.
- Testing in support of ongoing SOX 404 compliance or IPO readiness
- Control optimization for IT SOX compliance program
- Developing an information technology control framework
- Identification and evaluation of IT dependencies such as automated controls, key reports and segregation of duties
- Evaluating IT compliance activities to support an effective control monitoring function
- IT risk assessment activities around both traditional IT controls as well as those cybersecurity controls relevant to financial reporting
- Segregation of Duties implementation and evaluations
Our strategic alliances
AuditBoard
Together, Baker Tilly and AuditBoard provide clients with a solution that augments the transformation and optimization of their financial management, risk and compliance functions. The pairing combines deep advisory experience and insight with advanced audit technology to enhance GRC management. Read the press release.
In this episode of Agents of Change, Heather Acker, risk advisory managing partner, and Richard Chambers, senior internal audit advisor at AuditBoard, share their perspectives on internal audit and the future of the profession.
Workiva
Baker Tilly and Workiva create value-driven offerings to transform and optimize an organization’s governance, risk and compliance (GRC) functions and support their ESG journeys with enhanced reporting insights. Through our alliance, Baker Tilly and Workiva can help organizations streamline risk management processes and compliance reporting within a cloud-based platform. Read the press release.
