Sarbanes-Oxley Compliance (SOX) Leading experts in SOX compliance consulting. It's what we do every day. Protiviti has been a long standing and recognised global thought leader in SOX and Committee of Sponsoring Organisations (COSO) compliance. Our publications, benchmarking studies and global seminars are widely recognised in the marketplace and continually provide the latest regulatory and industry trends. Our clients benefit by having access to leaders with deep industry and subject matter expertise for whom SOX compliance is a principal focus.We have served hundreds of clients with their SOX compliance consulting needs that range from program builds and turn-key execution, to rationalisation and transformation. Whitepaper August 28, 2024 3 min read EMPOWERING THE PROGRESS OF SOX INNOVATION WITH ANALYTICS AND AUTOMATION Key takeaways and findings from a SOX Compliance Poll of Audit and Finance Executives and Professionals Read more Sarbanes-Oxley (SOX) Pro Briefcase Public company readiness – year one SOX Establish a roadmap to comply with SOX 404 by right sizing your SOX program and infusing leading practices to build an effective, efficient, and sustainable control framework and program. Pro Building office SOX diagnostic Assess your SOX compliance program to rationalise your controls and validate your overall approach. Our diagnostic services build upon years of SOX compliance activities and the application of SEC and PCAOB guidance. Pro Document Consent Ongoing SOX compliance Assess the effectiveness of your SOX program to ensure it adjusts to the changing needs of your organisation. Conduct training and awareness for executives, process, and control owners to ensure the requirements of Sarbanes-Oxley (SOX) act are met. Establish a controls-mindset in the organisation. Pro Document Stack IT SOX Understand how technology impacts your control environment and identify optimisation opportunities by evaluating control design and operating effectiveness of application and IT general controls, as well as the impact of major technology projects (e.g., ERP implementations). Pro Rightmark Square SOX transformation & innovation Test faster and more accurately by leveraging our SOX testing accelerators, proprietary data-driven control testing tools, and Control Testing and Innovation Center services, as well as our network of global delivery centers. Pro Workflow Flowchart J-SOX Our J-SOX compliance teams help Japanese public companies improve the efficiency of their internal controls over financial reporting process. Pro Screen System Integration UK corporate reform Prepare for the forthcoming UK SOX requirement through establishing internal control programs and complying with regulatory requirements. Efficiency. Effectiveness. Sustainability. Our approach Protiviti assists companies in designing SOX programs that deliver upon compliance objectives, without putting undue strain on the organisation. We are experts and have years of proven SOX compliance consulting experience, working with organisations ranging from newly public to the largest global organisations. Our global network of SOX specialists continually monitors developments and changes within the landscape. Protiviti's approach includes:Risk Assessment, Scoping & Project ManagementWalkthrough & Control Design AssessmentTesting of Operating EffectivenessAggregation & Evaluation of DeficienciesMonitoring and Validation of Remediation ActivitiesReporting of Results to ManagementExternal Auditor Liaison Efficiency. Effectiveness. Sustainability. Leadership Adam Johnston Adam is the country market lead for Hong Kong. With over 15 years’ experience, he has spent much of his career consulting to Fortune 500 organisations, helping them solve complex transformation, and resourcing programs and projects. Adam’s specialisation is ... Learn More Key partners We partner with leading software companies to provide direction in the realm of SOX compliance consulting and deliver an automated testing approach with speed and convenience. Featured insights WHITEPAPER The next phase: AI and human collaboration powering internal audit transformation 6 min read AI is reshaping internal audit function. Protiviti's whitepaper 2025 offers insights on agile auditing, AI-human collaboration, and risk management. Read now. SURVEY Growth, talent, resilience and AI are top-of-mind for CAEs 5 min read Protiviti’s 2026 Top Risks Report highlights key insights for Chief Audit Executives on AI, cybersecurity, compliance, and risk management. WHITEPAPER Setting the 2026 Audit Committee Agenda 4 min read As organisations grapple with rapid technological change, evolving regulations, and increasing risks in areas like AI, cybersecurity, and data privacy, audit committees are being called on to broaden their view of enterprise risk and governance. With... Previous Article Pagination Next Article Case Studies Internal audit group converts SOX testing to real time, extends coverage tenfold using RPA As internal audit organisations look for effective ways to perform their work in a more agile manner, including how to leverage methodologies, data and technology to add value and become strategic advisers to their business partners, many are finding that the use of robotic process automation (RPA) checks a lot of boxes. RPA integration into internal audit functions is expanding and improving productivity across many different sectors. In a recent successful engagement, Protiviti was retained by the internal audit team of a Fortune 500 organisation to help automate functions within their department. The objective was to use RPA to reduce manual effort, improve testing coverage and increase the reliability of Sarbanes-Oxley (SOX)-related IT controls testing. The engagement team reviewed the SOX IT controls library to identify controls that would be best suited for automation. The goal of the exercise was to find automation candidates that would yield higher value with relatively low effort. The controls were evaluated and categorised according to value or potential benefits (e.g., time savings, enhanced risk monitoring) and automation complexity (e.g., system dependencies that could make the automation process difficult).
