SOX / ICFR & Financial Controls
Internal-control-over-financial-reporting (ICFR) advisory for public and private companies operating in jurisdictions with formal financial-controls regimes including US-SOX, Canadian NI 52-109, India's Companies Act 2013 Internal Financial Controls requirements, J-SOX, and the financial-controls expectations embedded in European, Middle Eastern, Australian, and Singaporean corporate governance frameworks. The practice is anchored by senior practitioners with public-company SOX/ICFR experience and Big Four backgrounds, including a Chartered Accountant founder with prior in-house ICFR experience at a TSX-listed regulated utility.
Scope of Service
- SOX 404 readiness, compliance, and ongoing testing programmes
- ICFR design, documentation, testing, and remediation under applicable regional regimes
- Business process controls: design, testing, and rationalisation across order-to-cash, procure-to-pay, hire-to-retire, and record-to-report
- Risk-and-Control Matrix (RCM) development, maintenance, and optimisation
- IT general controls (ITGC) and IT application controls testing for ICFR purposes
- Segregation of Duties (SoD) analysis and remediation
- COSO Framework implementation, Internal Control, Integrated Framework (2013) and Enterprise Risk Management (2017)
- Internal audit: SOX-focused outsourced and co-sourced programmes; risk-based audit plans
- SOC 1 and SOC 2 reporting advisory: readiness, control design, audit preparation
- Fraud risk assessment, forensic advisory, and anti-fraud controls
- Regulatory compliance advisory for financial reporting
- Finance Transformation: finance function operating model design, automation, and controls integration
- Continuous Controls Monitoring (CCM) for financial controls
- Post-merger integration of financial-controls environments
Standards and Frameworks
International standards and frameworks
Regional financial-controls regimes
Sarbanes-Oxley Act Sections 302 and 404, PCAOB Auditing Standard 2201, SEC reporting requirements including for foreign private issuers (United States); National Instrument 52-109 (NI 52-109) and CSA staff notices on ICFR; OSC corporate governance guidelines (Canada).
Statutory Audit Directive 2014/56/EU and Audit Regulation 537/2014; UK Corporate Governance Code; FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting; UK Audit Committee requirements; German HGB and KonTraG; ESEF reporting requirements.
UAE Securities and Commodities Authority (SCA) Corporate Governance Code; ADX and DFM listing rules; Saudi CMA Corporate Governance Regulations and listing rules; CMA audit and internal-control requirements.
ASX Corporate Governance Council principles and listing rules; APRA prudential standards on risk governance (Australia); SGX Mainboard Rules and Singapore Code of Corporate Governance (Singapore); Companies Act 2013 Section 134(5) Internal Financial Controls requirements, SEBI LODR, and ICAI Companies (Auditor's Report) Order, CARO (India).
How We Work
SOX / ICFR engagements follow the firm's four-phase operating discipline.
Scope
Financial-reporting risk assessment; in-scope entity and process determination; applicable regime mapping (SOX, NI 52-109, J-SOX, Indian IFC, or regional equivalent); walk-through of current-state controls environment.
Design
RCM development, control rationalisation, business-process and IT-controls design, COSO-aligned governance framework, and testing methodology selection (rotation strategy, sampling approach, automation candidates).
Execute
Control documentation, design-effectiveness assessment, operating-effectiveness testing, deficiency identification and remediation support, ITGC and SoD testing, and preparation of management's annual assessment.
Assure
Independent re-performance, external auditor coordination, management certification support (CEO/CFO Section 302/906 attestations and equivalents), continuous-controls-monitoring deployment, and ongoing surveillance through the reporting cycle.
Global Delivery
SOX / ICFR engagements are delivered across the firm's nine-country permanent footprint with regional teams operating under the applicable financial-controls regime: SOX in the United States, NI 52-109 in Canada, Companies Act IFC requirements in India, ASX and APRA frameworks in Australia, SGX rules in Singapore, SCA and CMA codes in the Middle East, and FRC and EU frameworks across the UK and Europe. Multi-jurisdictional ICFR programmes are coordinated under a single methodology with regional execution and external-auditor coordination.
Sector Experience
The financial-controls practice is anchored by senior practitioners with Big Four and public-company SOX/ICFR backgrounds, including the founder's prior in-house ICFR experience at a TSX-listed regulated utility, credentialing that few independent practices in this size class can match.
The practice is actively building its named ICFR engagement portfolio across the firm's nine-country footprint, with capacity for SOX 404 readiness programmes, ICFR transformation, internal-audit outsourcing, SOC reporting advisory, and finance-function controls integration.
Subject-Matter Experts on Permanent Bench
Caribbean Utilities Company, Ltd. SOX / ICFR Controls Advisory.
A TSX-listed public utility under the Canadian NI 52-109 financial-controls regime. The mandate is anchored by the practice's senior CA bench and Kanika Gupta's prior in-house experience at CUC, providing the kind of institutional fit and continuity that the Big Four can rarely match on a single engagement.
Read the CUC case study →Talk to the SOX / ICFR practice.
Get a senior SOX / ICFR practitioner on the call within one business day, direct, evidence-led, and accountable from first call through delivery.
Book a discovery call →