SOX and IFC assessments

SOX and IFC Assessments

Need for robust internal controls within an organization is just no more a good practice, it is the law!. While for those entities based or registered in the US or any of their subsidiaries abroad, the Sarbanes Oxley Act of 2002 (SOX) has been the defining moment that required reporting and certification of internal controls both by the management and the auditors. Similar legislation as applicable today in the Indian context is the Reporting on Internal Financial Controls (IFC) as mandated by the Companies Act 2013.

Both the above discussed legislations when mandated for a given organization requires periodic reporting on the state of internal controls by the management and the auditor. The scope of reporting typically included coverage on operational, financial and compliance aspects including those controls that are embedded in an IT environment, which is most typically the case.

PKF Consulting assists clients to manage the complexity of identifying and documenting the IT controls including periodic testing and reporting on the same under the SOX and IFC regulations respectively, as may be applicable. Typical scope of work included the following:

  • Risk Assessment and Scoping.
  • Documentation of internal controls including gap assessment.
  • Testing of internal controls to assess operating effectiveness.
  • Controls rationalization to optimize controls and reduce costs and efforts.

Get In Touch

For more information on how our services can help your business get in touch.