SOX Compliance

The JC Jones approach to Sarbanes-Oxley compliance uses a risk-based methodology based on a tops-down assessment of: significant accounts, disclosures and relevant assertions, major classes of transactions, company-level controls and transaction risk analysis (misstatement and fraud).

Once complete our approach focuses on reducing the number of key controls by leveraging entity wide and automated controls, the removal of redundant controls and obtaining the proper balance between preventative and detective controls.

SOX Compliance

Reducing the Cost of Compliance

Compliance Costs continue to plague companies eleven years after Sarbanes‐Oxley (SOX).  In fiscal 2007, some companies began to further rationalize SOX compliance activities taking advantage of new guidance from the SEC and the PCAOB (AS5). While SOX compliance costs are nowhere near adoption year levels, most companies continue to devote substantial amounts of time and money to comply with the law.

The JC Jones approach uses a risk‐based methodology by first substantiating the top‐down approach in the areas of: significant accounts, disclosures and relevant assertions, major classes of transactions, company‐level controls and transaction risk analysis (misstatement and fraud).

The JC Jones approach, coupled with our automated software solution, has proven results in uncovering potential savings not only in terms of costs but in time and effort, freeing your organization to focus on other business objectives.

The Challenge to Reduce Compliance Costs

Most public companies have successfully developed and implemented a sustainable process to achieve compliance requirements. However, the majority are still struggling to reduce SOX costs and optimize compliance tactics. Where does your company stand on the cost and time optimization continuum?

  1. Do you obtain maximum reliance from your external auditors for the work you perform?
  2. How many key controls are you testing?
  3. Have you implemented a top‐down risk‐based approach to rationalize key controls?
  4. Do you adequately leverage company‐wide and automated controls to increase your coverage while reducing the number of sites visited?
  5. How efficient are your testing, reporting, monitoring and aggregation processes?
  6. Are you leveraging automated tools?

Companies are compelled to find new and innovative ways to leverage people, process and technology to lower the cost of Sarbanes‐Oxley compliance.

Cost-Effective SOX Compliance Solutions


We take a business‐first approach to SOX compliance.  Our goal is to take the pain out of SOX by managing every aspect of compliance:

  • Planning, risk evaluation, minimizing key controls
  • Automated testing templates
  • Full audits of internal control design adequacy and operating effectiveness
  • Project management, communication and reporting

Powerful, Flexible Tools

We intentionally use customizable platform features. Our objective is to enable the organization to adapt the tools to its own processes and not the other way around.

Using a combination of Microsoft® applications, we are able to automate tedious tasks and integrate management of the yearly project with your everyday desktop tools.

User-Friendly, Efficient Implementation

One of the most critical elements of implementing an automated approach to SOX compliance is training. Lack of adequate training is often the main reason for failure.

By selecting Microsoft Office and SharePoint we have reduced the training required. We leverage your staff’s knowledge of Excel® through the use of Excel templates for data input and reporting.  Most training focuses on acclimating to the SharePoint environment accessed through Microsoft Internet Explorer®.

JC Jones offers to host your SharePoint site:

  • Get started quickly, with no large upfront investment, and no hardware to buy
  • Count on enterprise‐grade security, reliability, and performance
  • Leave maintenance and upgrades to us and free your IT organization to focus on strategic issues
  • Alternatively, we can help you implement and optimize your internally hosted version of SharePoint or refer you to a qualified third‐party hosting partner

Compliance, and ROI with JC Jones

JC Jones top‐down, risk based approach has a proven track record of providing substantial savings in SOX compliance costs.

Our team has the required expertise, experience, and automation tools to quickly assess and create a working plan that will:

  • Minimize key controls
  • Maximize external auditor reliance on work performed by  JC Jones
  • Streamline your internal procedures through automation
  • We measure success using a Return On Client Investment (ROCI) performance indicator.

Internal Audit, Risk and Compliance Services: Areas of Expertise

Sarbanes-Oxley Compliance BigSOX Compliance
SOC Readiness BigSOC Readiness
Internal Audit Quality Review
IT General Controls BigIT General Controls
Enterprise Risk Management BigEnterprise Risk Management
internal audit vector artInternal Audit Outsourcing
SOX Compliance

The JC Jones top-down, risk based approach to Sarbanes-Oxley (SOX) compliance, coupled with our automated software solution, has a proven track record of providing substantial savings in compliance costs.

Learn More
SOC Readiness

JC Jones provides System and Organization Controls (SOC) reporting focused on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Learn More
Internal Audit Quality Review

JC Jones provides Quality Assurance Reviews (QAR) in accordance with IIA Standards while leveraging our 20+ years of internal audit experience to assess the image and credibility of your department.

Learn More
IT General Controls

Risk based focus on information systems and technology is core to our strategy. Our professionals are trained in computer aided audit techniques (CAAT) such as ACL and Microsoft Access.

Learn More
Enterprise Risk Management

JC Jones offers Risk Management services to ensure an entity comprehensively and systematically incorporates risk evaluation as part of developing and executing its strategy.

Learn More
Internal Audit Outsourcing

JC Jones is a full service internal audit outsource partner, including data analytics, fraud/forensic audits, cybersecurity assessments, SOX compliance, internal control testing and operational audit. Our client list ranges from large privately held companies to IPO registrants to multi-billion and multinational public companies.

Learn More

Designed and developed by