Sarbanes-Oxley Compliance (SOX) Leading experts in SOX compliance consulting. It's what we do every day. Protiviti has been a long standing and recognised global thought leader in SOX and Committee of Sponsoring Organisations (COSO) compliance. Our publications, benchmarking studies and global seminars are widely recognised in the marketplace and continually provide the latest regulatory and industry trends. Our clients benefit by having access to leaders with deep industry and subject matter expertise for whom SOX compliance is a principal focus.We have served hundreds of clients with their SOX compliance consulting needs that range from program builds and turn-key execution, to rationalisation and transformation. Whitepaper August 28, 2024 3 min read EMPOWERING THE PROGRESS OF SOX INNOVATION WITH ANALYTICS AND AUTOMATION Key takeaways and findings from a SOX Compliance Poll of Audit and Finance Executives and Professionals Read more Sarbanes-Oxley (SOX) act Pro Briefcase Public company readiness – year one SOX Establish a roadmap to comply with SOX 404 by right sizing your SOX program and infusing leading practices to build an effective, efficient, and sustainable control framework and program. Pro Building office SOX diagnostic Assess your SOX compliance program to rationalise your controls and validate your overall approach. Our diagnostic services build upon years of SOX compliance activities and the application of SEC and PCAOB guidance. Pro Document Consent Ongoing SOX compliance Assess the effectiveness of your SOX program to ensure it adjusts to the changing needs of your organisation. Conduct training and awareness for executives, process, and control owners to ensure the requirements of the Sarbanes-Oxley (SOX) act are met. Establish a controls-mindset in the organisation. Pro Document Stack IT SOX compliance Understand how technology impacts your control environment and identify optimisation opportunities by evaluating control design and operating effectiveness of application and IT general controls, as well as the impact of major technology projects (e.g., ERP implementations). Pro Rightmark Square SOX transformation & innovation Test faster and more accurately by leveraging our testing accelerators, proprietary data-driven control testing tools, and Control Testing and Innovation Center services, as well as our network of global delivery centers. Pro Workflow Flowchart J-SOX Our J-SOX compliance teams help Japanese public companies improve the efficiency of their internal controls over financial reporting process. Pro Screen System Integration UK corporate reform Prepare for the forthcoming UK SOX requirement through establishing internal control programs and complying with regulatory requirements. Efficiency. Effectiveness. Sustainability. Our approach Protiviti assists companies in designing SOX programs that deliver upon compliance objectives, without putting undue strain on the organisation. We are experts and have years of proven SOX compliance consulting experience, working with organisations ranging from newly public to the largest global organisations. Our global network of SOX specialists continually monitor developments and changes within the landscape. Protiviti's approach includes:Risk assessment, scoping & project managementWalkthrough & control design assessmentTesting of operating effectivenessAggregation & evaluation of deficienciesMonitoring and validation of remediation activitiesReporting of results to managementExternal auditor liaison Efficiency. Effectiveness. Sustainability. Leadership Lauren Brown Lauren is the country lead for Protiviti Australia. With over 14 years' experience in governance, risk, and internal control, she specialises across multiple industries including health, higher education, government, consumer products, and energy. She is an active ... Learn More Rich Turley Rich is a Sydney-based managing director at Protiviti Australia, where he helps organisations enhance business value through technology-enabled risk and assurance solutions. He leads internal audit and risk advisory services for ASX-listed companies and major Australian ... Learn More Prakash Rajandran Prakash is a seasoned risk and audit professional at Protiviti Australia with over 18 years of experience spanning internal audit, risk management, and technology. He has successfully led complex assurance programs across asset-intensive industries and has led the ... Learn More Key partners We partner with leading software companies to provide direction in the realm of SOX compliance consulting and deliver an automated testing approach with speed and convenience. Featured insights BLOGS The Cybersecurity Blind Spot in SOX Compliance and How to Fix It 8 min read Recent ransomware attacks and new SEC cyber disclosure rules have increased the focus on cyber resilience across nearly all industries. As a result, many companies have invested substantial resources to help manage and mitigate cybersecurity risk to... WHITEPAPER The Next Phase: AI and Human Collaboration Powering Internal Audit Transformation 6 min read AI is reshaping internal audit function. Protiviti's whitepaper 2025 offers insights on agile auditing, AI-human collaboration, and risk management. Read now. BLOGS How Microsoft Copilot Can Supercharge Internal Audit 8 min read These days, it’s easy to get caught up in the routine of risk assessments, planning, fieldwork, and reporting during the audit lifecycle. Microsoft’s Copilot for M365 is changing the game for internal audit teams across Australia. By automating... SURVEY Risk insights for internal audit teams 2 min read In a dynamic business landscape filled with uncertainty, CAEs perceive most of the macroeconomic, strategic and operational risks organisations face to be higher magnitude threats compared to CEOs, CFOs and other C-suite respondents to our latest Top... SURVEY From AI to Cyber - Deconstructing a Complex Technology Risk Landscape 4 min read Protiviti’s global internal audit survey 2024 highlights the challenges and technology risk trends faced by internal auditors worldwide. Download the report. WHITEPAPER EMPOWERING THE PROGRESS OF SOX INNOVATION WITH ANALYTICS AND AUTOMATION 3 min read Key takeaways and findings from a SOX Compliance Poll of Audit and Finance Executives and Professionals... IN FOCUS Understanding the Global Internal Audit Standards 2 min read A three-part blog series and webinar, featuring commentary, insights and points of view from Protiviti leaders and SMEs on key challenges and risks companies are facing today, along with new and emerging developments in the market.The final updated... NEWSLETTER Setting the 2024 Audit Committee Agenda 2 min read Compared to prior years, our suggested 2024 audit committee agenda has taken a bit of a turn due to ongoing and recent market and regulatory developments.A complex business environment: The 2024 audit committee agenda includes important enterprise,... Previous Article Pagination Next Article Case Studies Internal audit group converts SOX testing to real time, extends coverage tenfold using RPA As internal audit organisations look for effective ways to perform their work in a more agile manner, including how to leverage methodologies, data and technology to add value and become strategic advisers to their business partners, many are finding that the use of robotic process automation (RPA) checks a lot of boxes. RPA integration into internal audit functions is expanding and improving productivity across many different sectors. In a recent successful engagement, Protiviti was retained by the internal audit team of a Fortune 500 organisation to help automate functions within their department. The objective was to use RPA to reduce manual effort, improve testing coverage and increase the reliability of Sarbanes-Oxley (SOX)-related IT controls testing. The engagement team reviewed the SOX IT controls library to identify controls that would be best suited for automation. The goal of the exercise was to find automation candidates that would yield higher value with relatively low effort. The controls were evaluated and categorised according to value or potential benefits (e.g., time savings, enhanced risk monitoring) and automation complexity (e.g., system dependencies that could make the automation process difficult). Frequently Asked Questions What is the Sarbanes-Oxley Act (SOX) and how is it relevant in Australia? + The Sarbanes-Oxley Act of 2002 is a U.S. federal law enacted to protect investors from fraudulent financial reporting by corporations. It introduced strict reforms to improve the accuracy, transparency, and accountability of corporate financial disclosures.While it is not an Australian regulation, the Sarbanes-Oxley Act is highly relevant to Australian companies listed on U.S. stock exchanges or operating as subsidiaries of U.S.-listed entities.These organisations must comply with SOX requirements, including internal controls over financial reporting (ICFR), to meet U.S. regulatory standards and maintain robust financial reporting and compliance frameworks. What are SOX controls and how are they tested? + SOX controls are policies and procedures designed to ensure the accuracy and reliability of financial reporting. These controls typically cover key processes such as revenue recognition, financial close, and access to financial systems, forming part of an organisation’s internal controls over financial reporting (ICFR) framework.SOX controls testing involves evaluating both the design and effectiveness of controls to determine whether they are appropriately structured and operating as intended. This includes:Control design assessment – confirming that controls are properly designed to address identified risksControl effectiveness testing – validating that controls are consistently performed over timeAudit testing procedures – gathering evidence through walkthroughs, sampling, and documentation reviewRegular SOX controls testing supports audit requirements, helps identify control gaps, and enables timely remediation to reduce financial reporting and compliance risks. Who needs to comply with SOX in Australia? + In Australia, SOX compliance applies to organisations that are:Listed on U.S. stock exchanges (including foreign private issuers)Subsidiaries of U.S.-listed companiesDual-listed or multinational organisations operating across Australia and the U.S.Businesses preparing for a U.S. IPO must also align with SOX compliance requirements, particularly around ICFR and financial governance. What are the penalties for non-compliance with SOX? + For Australian companies subject to SOX compliance, penalties are enforced under U.S. law. Executives who knowingly certify inaccurate financial reports can face fines of up to $1 million and up to 10 years in prison. Willful violations can result in fines of up to $5 million and imprisonment of up to 20 years. What is J-SOX? + J-SOX stands for Japanese Sarbanes-Oxley, and it refers to the internal control requirements introduced under Japan’s Financial Instruments and Exchange Act (FIEA) in 2006. It was modeled after the U.S. Sarbanes-Oxley Act (SOX) and aims to strengthen corporate governance and ensure the accuracy and reliability of financial reporting in Japan. J-SOX is often relevant for Australian organisations operating in Japan or across APAC, particularly those managing multi-jurisdictional compliance frameworks. How can Protiviti Australia help with SOX compliance? + Protiviti Australia provides end-to-end SOX advisory and SOX consulting services to help organisations establish, manage, and enhance their compliance programs.Our approach supports organisations across all stages of the SOX lifecycle, including:Designing and implementing ICFR frameworks aligned with SOX requirementsPerforming SOX controls testing, including design and operating effectiveness assessmentsIdentifying control gaps and supporting remediation activitiesAssisting with documentation, audit readiness, and ongoing compliance monitoring By combining deep technical expertise with practical delivery capability, Protiviti helps organisations strengthen their internal controls, improve financial reporting processes, and maintain sustainable SOX compliance in line with global regulatory expectations. What is ICFR and why is it important for SOX? + Internal Controls over Financial Reporting (ICFR) refers to the set of processes, policies, and controls designed to ensure the accuracy and reliability of an organisation’s financial statements.Effective ICFR supports SOX compliance by:Reducing the risk of errors, fraud, or financial misstatementsEnhancing transparency and consistency in financial reportingProviding assurance to regulators, auditors, and stakeholdersEnabling executives to confidently certify financial results For organisations in Australia subject to SOX, establishing robust ICFR frameworks is critical to meeting compliance obligations and maintaining investor confidence. What is the difference between SOX and internal audit? + SOX and internal audit are closely related but serve different purposes within an organisation’s governance and risk management framework.SOX is a regulatory requirement that mandates specific controls, testing, and reporting processes to ensure the integrity of financial reporting. It focuses primarily on compliance with the Sarbanes-Oxley Act and the effectiveness of ICFR.Internal audit, on the other hand, is an independent function that evaluates the effectiveness of an organisation’s risk management, controls, and governance processes across a broader scope. This includes operational, financial, and compliance risks beyond SOX requirements.While internal audit teams often play a key role in supporting SOX compliance, such as performing control testing or identifying improvement opportunities, SOX compliance itself is a management responsibility. Together, both functions contribute to stronger governance, risk oversight, and organisational resilience.
