Perspectives

SOX compliance pain points for newly public companies

Achieve effective internal control over financial reporting

Congratulations – your company is now public. Now that the confetti has been swept up, you may have found that establishing and maintaining an effective Sarbanes-Oxley Act (SOX) compliance program presents a unique set of challenges related to internal control over financial reporting.

Read about possible post-public SOX challenges for Portfolio Companies

Pain point #1: Your company hasn’t set the appropriate tone at the top during SOX implementation

Clear and comprehensive SOX compliance communication from the top is imperative. For many, public-company internal control over financial reporting (ICFR) and SOX compliance requirements can be perceived simply as a burden. Company leaders have both the responsibility and the opportunity to encourage a mindset shift that leads to a better understanding of how SOX compliance can help manage (and potentially reduce) risk. That includes driving an effective SOX compliance program that’s about more than mere compliance.

Pain point #2: Your SOX compliance program lacks adequate resources

The lack of proper resources is often a contributing factor to other issues such as improper segregation of duties in the design and operation of internal controls and not being able to properly execute an effective monitoring program. As a result, the operational inefficiencies and necessary remediation efforts that companies face can ultimately lead to an increase in overall costs. Company leaders should revisit their resource pool and address shortages by hiring in-house and/or engaging an outside service provider as needed. Many companies find that outside providers are most effective when they work with designated internal project managers.

Pain point #3: Your company fails to perform a robust risk assessment

A model SOX program starts with a robust, multi-stakeholder risk assessment that provides opportunities to identify account balances and risks as well as needed improvements to the internal control program. Conducting a robust risk assessment is imperative for effective SOX compliance and should incorporate changes in accounting processes, information technology (IT), organizational structure, or financial performance.

Pain point #4: Your SOX compliance program simply isn’t sustainable

Several factors can indicate that the current state of your company’s SOX compliance program may be at risk of unsustainability. One way to address unsustainability is to conduct SOX modernization analysis, especially if the current system of internal control remains closely aligned with the structure before going public. SOX modernization provides long-term benefits that may help align with workforce transformation and support a company through change.

Pain point #5: Your IT environment is ineffective

A public company most likely needs reliable information technology (IT) controls to support internal control over financial reporting. When there are issues associated with general information technology controls (GITCs), they can lead to unaddressed risks associated with information technology (RAIT). Since most business processes rely on data obtained from IT systems, IT issues may have an immense impact on your system of internal control.

Read the complete article to learn more about possible post-public SOX challenges and how to address them.

We can help with your SOX challenges

We’re ready with strategies and insights for addressing SOX pain points and putting your company on the path to an effective SOX compliance program. Contact us!


Kajal Shah Partner, Accounting Advisory & Transformation Services Deloitte & Touche LLP +1 408 857 6186	Stefan Ozer Partner, Accounting Advisory & Transformation Services Deloitte & Touche LLP +1 763 670 7797	Patrick Stultz Senior Manager, Accounting Advisory & Transformation Services Deloitte & Touche LLP +1 704 238 3157

SOX and ICFR Services

Supporting SOX implementation and management at any stage

Learn more ${cta2-copy}

Contact us

First name*

Last name*

Email*

Company*

Title*

Location*

How can we help?*

I agree to receive emailed reports, articles, event invitations and other information related to Deloitte products and services. I understand I may unsubscribe at any time by clicking the link included in emails.*

Yes No

The submission of personal information through this page is subject to Deloitte's Privacy Statement and Legal Terms. I have read and accept the terms of use.*

*Required

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances. This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.
+++ DO NOT USE THIS FRAGMENT WITHOUT EXPLICIT APPROVAL FROM THE CREATIVE STUDIO DEVELOPMENT TEAM +++

Viewing offline content

Tax

Consulting

Audit & Assurance

Deloitte Private

M&A and Restructuring

Risk & Financial Advisory

AI & Analytics

Cloud

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Spotlight

Topics

Industries

More from Deloitte Insights

Careers

Students

Experienced Professionals

Job Search

Life at Deloitte

Alumni Relations

SOX compliance pain points for newly public companies

Achieve effective internal control over financial reporting

Pain point #1: Your company hasn’t set the appropriate tone at the top during SOX implementation

Pain point #2: Your SOX compliance program lacks adequate resources

Pain point #3: Your company fails to perform a robust risk assessment

Pain point #4: Your SOX compliance program simply isn’t sustainable

Pain point #5: Your IT environment is ineffective

We can help with your SOX challenges

Contact us

Recommendations

SOX and internal control over financial reporting services

SOX modernization

Link your accounts

Viewing offline content

SOX compliance pain points for newly public companies

Achieve effective internal control over financial reporting

We can help with your SOX challenges

Contact us

Latest news from @DeloitteAcctg

Sharing insights, events, research, and more

Recommendations

Link your accounts

You previously joined My Deloitte using the same email. Log in here with your My Deloitte password to link accounts. | | Deloitte users: Log in here one time only with the password you have been using for Dbriefs/My Deloitte.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.