A Sample SOX Compliance Checklist

For public companies, complying with Sarbanes-Oxley (SOX) legislation is mandatory. Non-compliance can lead to fines, damaged company reputation, and investor losses if financial fraud occurs.

While the SEC rules provide a general framework, it is up to each company to implement policies and procedures that adhere to SOX guidelines. This sample checklist provides a model of controls in key compliance areas.

Control Environment

  • Code of conduct distributed to all employees
  • Conflict of interest policy completed annually
  • Independent directors comprise the majority of the board
  • Executive compensation package approved

Risk Management

  • Fraud risk assessments performed annually
  • Risk control matrix developed for financial reporting
  • Process flow diagrams documented for the closing process
  • Risk management committee meets quarterly

Control Activities

  • Monthly account reconciliations completed
  • IT system access rights reviewed quarterly
  • Capital expenditure requires 2 sign-offs
  • Inventory cycle counts conducted

Information & Communication

  • Management sub-certifications obtained quarterly
  • Financial disclosures reviewed by Controller, CFO and Audit committee
  • Confidential whistleblower hotline established


  • External audits completed annually
  • Internal audit plan based on risk assessment
  • Process improvement teams address audit findings
  • Dashboards track defects and resolution status

While this sample checklist provides a template, companies should customize it to include the specific controls relevant to their own risk environment and processes. The checklist helps ensure all bases are covered for SOX compliance.

Leave a Reply

Your email address will not be published. Required fields are marked *