If you’re not prepared for it, a SOX audit might be one of the most nerve-wracking trials that you face as an organization.
The goal of the Sarbanes-Oxley Act is to crack down on financial fraud and inaccurate accounting practices, thereby protecting the company’s investors, employees, and customers. During an audit, SOX auditors will go over your financial statements with a fine-toothed comb, searching for any errors, discrepancies, or unexpected changes.
In this article, we’ll discuss how you can prepare for a SOX audit—as well as how you can put yourself in a better position for SOX compliance from the very beginning.
8 Steps to Prepare for a SOX Audit
IT research and advisory firm Gartner has drawn up a list of steps for organizations who are subject to a software audit. We’ve taken the liberty of adapting these steps to the related case of a SOX audit:
- Receive the audit request: First verify that the SOX audit request is actually legitimate by contacting the sender directly. Aim to respond to the request as soon as possible, within two weeks at most.
- Notify the audit team: Large organizations that are likely to face a SOX audit should have an internal audit compliance team made up of various managers, executives, and finance and IT professionals. This team should begin the process of preparing for the audit.
- Inform the business and key stakeholders: The key stakeholders for a SOX audit include the finance, IT, and legal departments. Research what the penalties may be if you are found non-compliant, and report your findings to these key stakeholders.
- Sign a non-disclosure agreement before the kickoff meeting: During a SOX audit, your auditors will be able to view a variety of sensitive and confidential data. Protect your business by requiring the auditors to sign an NDA before you begin.
- Agree on the scope and methodology of the audit: Understand the scope and methodology of the SOX audit by speaking with the auditors in advance. Which divisions and departments will be included in the audit, and what kind of files and documents will the auditors need access to?
- Carry out the audit and investigate any discrepancies: Assist the auditors throughout the investigation and answer their questions openly and honestly. If they discover a discrepancy during the audit, work with them to help uncover the cause.
- Finalize the audit and sign the resolution agreement: Once the audit is complete, sign the final resolution agreement. If you have been found compliant, make sure that the document includes language stating such. If not, the document should include steps for remediating this non-compliance and deadlines by which to complete them.
- Learn from the audit through continuous improvement: There’s always something to learn from a SOX audit, even the successful ones. By taking the initiative in the periods between SOX audits, you can make them faster and easier for all parties involved.
Accelatis: Track Changes Before the SOX Auditors Arrive
One of the worst-case scenarios during a SOX audit is being unpleasantly surprised by changes in your IT environment. Discovering these unexpected changes may lead to fines and other penalties for your business, as well as a longer and more expensive audit process.
Time is of the essence when racing to prepare for a SOX audit. Finding the source of a single unauthorized modification can take days or weeks—time that you may not even have.
In order to proactively locate these changes and fix them before an audit, you need dedicated file tracking and change management software such as Datavail’s Accelatis platform. Accelatis is an application performance management (APM) tool custom-built from the ground up to track changes in your Oracle Hyperion environment.
Among the other features of Accelatis, you can generate SOX reports that track changes to:
- Security controls
- Organizational structure
- Production reporting
- Consolidation rules in Hyperion Financial Management
- User logins
Want to learn more about how Accelatis will help in the event of a SOX audit? Download our white paper
You Did What?? See Changes in Your FP&A and Close Systems (Before the Auditors Do).
When your Hyperion environments get out of sync, don’t let your workflow get out of sync too.