IT Sarbanes-Oxley (SOX) Compliance
Jeff Krull
CPA, CISA
Partner
Matt Gilbert
CISA, CRISC
Principal
Atit Shah
CISA
Principal
Joe Shusko
CISA, PMP
Principal
Mallory Thomas
CPA, MBA, CIA, CITP, CISA
Partner
Your organization benefits from Baker Tilly’s deep knowledge of how your information technology (IT) systems contribute to an overall compliant SOX environment, work collaboratively with your external auditor and help you avoid common pitfalls.
Bringing industry-leading expertise to your IT SOX compliance efforts.
SOX compliance demands rigor and attention to detail in order to facilitate a streamlined and efficient control environment. More and more, achieving this level of compliance demands reliable controls of systems and data. Organizations need resources and IT expertise in a strategic collaborator to bring nuanced understanding of all SOX related aspects, along with a fresh perspective tailored to the organization’s needs.
Baker Tilly can plug into your existing program seamlessly by combining IT and business process control knowledge to support your SOX compliance program. We are more than just ITGC testers and our teams have extensive experience transitioning from prior service providers efficiently and effectively to ensure your IT SOX program proceeds smoothly, with timely, higher-quality results and comprehensive testing that supports an external audit reliance approach.
Many organizations find that insourcing IT SOX talent is cost prohibitive. At Baker Tilly, we work closely alongside internal resources and become an extension of your team, providing you with an experienced team in a flexible and cost-effective manner.
Working well with the external audit firm is also essential in SOX compliance. We understand PCAOB auditing standards as well as the methodology of other firms and will build great relationships with your external auditors so that we are aligned early.
How we’ll work together
The needs of your company are evolving and perhaps your need for supplemental resources to assist with SOX compliance may vary at times. Our teams are well-positioned to assist you with your SOX compliance program.
As your partner, you will have access to a deep bench of talented specialists who understand your SOX requirements and can help you navigate compliance nuances. We establish strong working relationships and serve as a Value Architect(TM) your internal audit function, your auditors and your control operators. We are well versed in supporting your compliance effort across all lines of defense.
In each engagement, we:
- Perform detailed planning to anticipate concerns and stay ahead of external audit expectations
- Understand your control environment to serve as a trusted business advisor and recommend enhancements to your control environment
- Leverage technology to drive efficiencies in testing
- Apply our experience as external auditors and familiarity with PCOAB auditing standards to anticipate audit needs and advise management on creative solutions to identified gaps
Some firms mandate that a percentage of work be outsourced to overseas delivery centers in attempts to guarantee cost savings for clients. This forced offshoring often means engagements are completed by individuals who don’t understand your culture, controls, environment or unique risks. At Baker Tilly, we don’t have such mandates and we’re proud to source your IT SOX needs with local teams, familiar with your market, industry and unique compliance requirements. This allows us to leverage the right team members with the right experience, training and oversight to deliver a consistently high-quality work product.
Industry specialization
As your organization continues to grow and the risks related to your company evolve, it is important to incorporate industry trends related to SOX compliance into the risk management process. We will use our industry specialization to help our clients improve their operations. With teams that are familiar with industry-specific technologies, our clients work with knowledgeable professionals who understand their companies and can create innovative solutions to help them overcome their unique challenges.
IT SOX services
By offering the following services, we identify ways to enhance efficiency and effectiveness in the program and provide meaningful, actionable recommendations that can be easily implemented across all three lines of defense.
- Testing in support of ongoing SOX 404 compliance or IPO readiness
- Control optimization for IT SOX compliance program
- Developing an information technology control framework
- Identification and evaluation of IT dependencies such as automated controls, key reports and segregation of duties
- Evaluating IT compliance activities to support an effective control monitoring function
- IT risk assessment activities around both traditional IT controls as well as those cybersecurity controls relevant to financial reporting
- Segregation of Duties implementation and evaluations
A transformational partnership
Together, Baker Tilly and AuditBoard provide clients with a solution that augments the transformation and optimization of their financial management, risk and compliance functions. The pairing combines deep advisory experience and insight with advanced audit technology to enhance GRC management.
In this episode of Agents of Change, Heather Acker, risk advisory managing partner, and Richard Chambers, senior internal audit advisor at AuditBoard, share their perspectives on internal audit and the future of the profession.
