top of page

Sarbanes-Oxley (SOX) Compliance

Most SOX software focuses on the management of your SOX documentation and the linking of SOX procedures to risk.  CTRLmatters focuses on a continuous program improvement approach that test internal controls by executing hundreds of analytics across multiple business processes on a regular basis. These analytics can provide direct support to a corporation’s SOX compliance activities and immediate remediation. By centrally managing the automated testing of internal controls you can reduce your SOX effort and cost, and more fully engage all three lines of defense. Companies that use analytical testing techniques can realize tangible benefits in their SOX compliance process. Some of these benefits include, reduce external audit costs, increased operation efficiency, and reduced SOX compliance costs. 


CTRLmatters examine both automated and semi-automated (IT-dependent) controls, as well as business process specific controls.  The analytics increase assurance by testing entire transaction populations for compliance with financial controls; examine IT-related controls and transactions to assess risk and identify outliers in financial and IT activities. The following highlights a few examples of how CTRLmatters analytics supports the detailed testing of controls required by SOX:


  • Accounts payable – analysis of duplicate payments, payment methods and terms, Purchase Order controls, invoice number practices, and user authorizations

  • ERP Overview – input and data entry controls, IT configuration, user authorizations, access controls, separation of duties, master data maintenance, and unusual GL accounts

  • Financial Monitoring – trial balances, sensitive transaction processing by users, unusual transaction types, journal voucher analysis, losses/write-off/suspense account analysis

  • Contracting – unit price variance analysis, vendor-employee relationship analysis, contract date analysis

  • Payroll – duplicate payment, unauthorized employees


CTRLmatters provides supporting evidence that the corporation:


  • provides compliance and control personnel with sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions;

  • has systemic processes in place to detect the misconduct in question, such as reports identifying relevant control failures;

  • understands and addresses the root cause analysis of the misconduct at issue;

  • undertakes ongoing analysis to detect and prevent misconduct;

  • has policies or procedures in place that should prohibit misconduct and has business functions with accountability of policies and procedures 


SOX compliance is a costly and onerous task.  By applying analytics in an automated framework, CTRLmatters reduces the time and costs involved while also improving the level of protection to the enterprise. Reach out to see how CTRLmatters can improve your SOX compliance program today. 

Challenge graphic.png
bottom of page