SOX Compliance in Volatile Times: Game Plan for a Risk-First Approach

Is SOX compliance still a check-the-box exercise at your organization? Learn how to adopt a risk-first approach to SOX in AuditBoard’s SOX Management Playbook, the definitive guide to a more effective, efficient SOX testing program.

Though Sarbanes-Oxley compliance addresses financial reporting risks to significant accounts, disclosures, and assertions, many business processes touch upon operations and IT. 

In fact, operational, IT, and financial risks are often more interconnected than independent of each other. Viewed in this light, an effective SOX controls environment can give organizations an advantage in managing enterprise-wide risks. 

However, this can only be true if practitioners approach SOX from a risk-first perspective, rather than a check-the-box task that occurs in a silo. This is especially important in light of the rapidly changing risk environment following the events of 2020. If your risks are changing, so too should your processes and controls — including those that fall under SOX. 

In reality, in the process of ticking off SOX items, auditors can lose sight of the big picture. Several common examples include:

1. Neglecting to coordinate with other assurance functions to aggregate relevant information from all assurance activities, leading to gaps in coverage. 
2. Rolling forward SOX controls from year to year without a proper review of management’s estimates and expectations. 
3. Designing the control before the risk when mapping out the RCM, despite a risk-first approach being more conducive to revealing control gaps and weaknesses. 

The Solution: A Risk-First Approach

Keeping risk top of mind is the first step to a more informed, effective, and efficient SOX program. For SOX and audit practitioners seeking practical ways to implement this in their SOX processes, The SOX Management Playbook explores how to build a more informed, effective, and efficient SOX program using a risk-first approach as its foundation. 

In the playbook, SOX practitioners will find carefully curated insights and resources intended to help drive efficient SOX programs. As the overview below shows, each section has been written with the goal of providing the most valuable considerations and best practices for each stage of the SOX lifecycle, as well as practical tools and checklists to help auditors drive efficiency throughout their engagements.

Download the full guide for leading approaches and useful tools to help you each step of the way, from planning and scoping to testing and reporting.