Sarbanes-Oxley Act

All public companies must comply with the Sarbanes-Oxley Act of 2002 (SOX). However, when a check-the-box approach is applied to compliance, a sound internal control infrastructure rarely results. Developing an efficient and cost-effective SOX compliance program requires expertise creating the appropriate risk universe with associated strategic controls, working with external auditors to maximize confidence, and ensuring non-disruptive interactions with process owners.

Why MorganFranklin?

MorganFranklin is a highly regarded SOX compliance expert experienced in working with process owners, CFOs, and audit committees. We act as a liaison between management and external auditors to vet management's approach to risk identification and control mitigation. We facilitate discussion among management, controls owners, and auditors by applying a coordinated approach that includes IT and business process assessments. MorganFranklin's SOX approach includes five phases to ensure that control considerations encompass the complete business environment:

  1. Scope and plan effort to determine significant accounts, transactions, locations, and IT involvement
  2. Conduct entity-level assessment using 2013 COSO framework, including fraud risk assessment
  3. Assess design effectiveness of internal controls with thorough risk identification
  4. Test operating effectiveness of controls using techniques trusted by external auditors
  5. Assess overall effectiveness of internal controls and prepare management's report


  • Business process, policy, and procedure design
  • Design effectiveness testing with corresponding best practice recommendations
  • Control operating assessment implementation
  • Continuous controls monitoring and dashboard configuration
  • Synergy identification between SOX and other compliance initiatives, such as fraud risk and the International Organization for Standardization (ISO), Defense Contract Audit Agency (DCAA), and Foreign Corrupt Practices Act (FCPA)

Impact & Value

  • Reduce compliance costs
  • Limit impact of unexpected business disruptions
  • Boost investor confidence
  • Optimize resource allocation
  • Lower performance variability
  • Enhance corporate governance
  • Build risk-aware culture