Internal Audit, IT Risk & SOX

Delivering independent services to protect and grow shareholder value:

SOX-404 Education, Planning & Testing
Internal Audit Outsourcing & Co-sourcing
COSO's Internal Control-Integrated Framework
IT General Control Risk Assessments
COSO's Enterprise Risk Management Framework
Cybersecurity Risk Management Programs

Delivering Internal Auditing & SOX services with gusto!

The reality is that many companies have needs beyond their internal audit staffing capabilities, or perhaps simply do not have an internal audit function. KU has the resources to bridge capability gaps and identify vulnerabilities. We can report directly to the Board and/or Audit Committee thus enhancing independence of test results and making the efforts more acceptable to external auditors in support of SOX-404 efforts. The fact that we are a licensed accounting firm rather than simply a consulting firm adds credibility to our services by raising the comfort level with audit committees and external auditors. Bottom-line, we exist to serve you.

Testimonial - "The KU team served as our internal auditors by conducting testing of financial reporting controls, including IT general controls, resulting in a heightened comfort level with our external auditors." - VP of Finance for a large accelerated public company
Testimonial - "Kral Ussery proved to be a long-term trusted SEC and SOX advisor to the Company. I personally felt that we were not just a valued client, but that we were in partnership with them." - Corporate Controller of a public company

Our Approach

We apply a top-down, risk-based approach consistent with SEC staff guidance to identify applicable objectives, risks and controls. This approach explicitly includes IT general controls and entity-level controls that touch a wide array of functions and departments. A company's culture, as well as its process for attracting, developing and retaining employees, are examples of entity-level control areas that have a pervasive effect on objectives, including internal controls over financial reporting (ICFR). IT general controls and software application controls may also be relevant to ICFR, but this depends on the technology infrastructure and ultimate uses of it. There is a lot of judgment that factors into this, and having a KU independent perspective can help pave the way to a smoother external audit.

We leverage COSO's Internal Control - Integrated Framework, as well as ISACA's Control Objectives for Information and Related Technologies (COBIT framework) and various cybersecurity frameworks, to test the design and operating effectiveness of IT controls. It is important to remember that these frameworks can and should also be used to help achieve operating, compliance and reporting objectives, not just ICFR. We understand how to apply these frameworks through a diverse team of skill-sets with practicality foremost in mind. standards.

Testimonial - "KU provided our Company with longevity of resources, responsiveness, flexibility and timeliness that we expected from a SOX expert. They quickly gained an understanding of our business and internal system, which enabled them to provide accurate answers and/or solutions." - Principal Financial Officer of a large public company

Risk and Opportunities are Two-Sides of the Same Coin

All organizations face uncertainty, but not all confront their risks and opportunities head-on thus jeopardizing shareholder value. KU offers an array of independent risk assessment services ranging from organizational-wide to specific operating, compliance and reporting objectives. The result is an objective glimpse into risks and opportunities for both boardrooms and management. Leveraging COSO's Enterprise Risk Management framework, along with our array of knowledge and tools helps to unlock previously unknown potential events (both adverse & advantageous) to protect and grow shareholder value.

Risks & Opportunities
Download your copy today.