EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
Our multi-disciplinary teams help European foreign private issuers and US companies with European subsidiaries implement a robust Sarbanes-Oxley (SOX) framework to meet their business needs and SOX regulatory requirements.
More companies are listing on the US stock exchange, and regulators such as the US Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB) are intensifying regulatory oversight. But many companies have not modified the way they manage internal controls since implementing internal control over financial reporting (ICFR) programmes as part of their Sarbanes-Oxley Act (SOX) implementation.
SOX and ICFR controls need to respond to the challenges of ever-changing business and regulatory landscapes. Our multi-disciplinary teams are helping European foreign private issuers (FPIs) and US companies with European subsidiaries implement a robust SOX framework which meets their business needs and SOX regulatory requirements.
We helped a US-based entertainment client with European subsidiaries implement SOX across the UK, Ireland, Spain, Portugal, Italy, Germany and Austria in 12 months. Local EY teams carried out work to make sure the best culture and language fit was achieved, and our London SOX Solutions Centre team led and co-ordinated the project to secure a consistent approach and the highest standards. We helped with SOX scoping; process and control documentation and testing; remediation of control deficiencies and SOX Certification; and delivered live web-based training to over 200 employees across Europe.
Our SOX services
SOX/ICFR scoping and readiness assessment
We work with organisations to perform a risk-based SOX scoping exercise and readiness assessment to determine how well prepared they are to implement a SOX 404 compliance programme. This is designed to highlight gaps and areas of focus and ensure successful implementation.
Documentation
We help organisations with process documentation and risk and control identification. Our approach highlights gaps and areas to improve in order to establish a robust SOX compliant framework in line with SEC and PCAOB requirements. Our innovative SOX tools can be tailored to an organisation’s needs while maintaining consistent, SOX-compliant documentation.
Certification
We design and help deploy an effective and efficient SOX certification process across the organisation.
We assess a SOX-mature organisation’s existing controls framework, identify unmitigated risks, and find solutions to cover these with sufficient controls.
Our automated SOX dashboards are used for ongoing status tracking and reporting, allowing an organisation to perform SOX testing procedures (IT and non-IT) to consistently evaluate controls. Our team’s SOX knowledge and experience, and the enhanced competence and objectivity of testing can increase the effectiveness of an organisation’s independent auditor.
We work alongside an organisation to design, select and implement SOX-compliant remediation actions to efficiently and pragmatically mitigate risk and control deficiencies.
Our online and face-to-face training and communication activities help organisations raise their SOX awareness and provide the knowledge essential for SOX compliance.
We help organisations with PMO activities across their SOX programmes, including SOX governance set up and reporting, budget and resource tracking and testing, and remediation status tracking.
Our team can help automate the SOX programme using EY’s SOX VUE tool, and automate control performance via Robotic Process Automation.
Download report: Unlocking value beyond compliance in your SOX program