A medical device company was 18 months from its planned IPO. The audit committee had mandated SOX compliance for the current fiscal year — a condition of the IPO timeline. Their Big 4 auditor quoted $1.32M for the first-year program: scoping, walkthroughs, control design, testing, and remediation support. The CFO nearly fell off his chair.
The board gave him 30 days to find an alternative or approve the budget. He called us on day two.
SOX compliance at a pre-IPO company is not a mystery. The framework is well-established: identify in-scope processes, document controls, test design effectiveness, test operating effectiveness, remediate gaps, and maintain evidence. What Big 4 firms charge for is brand, staffing overhead, and a process built for Fortune 500 companies — not a $80M-revenue MedTech company.
We scoped the engagement in three days. In-scope processes: revenue recognition, financial close, IT general controls, and equity. We designed a control framework of 47 key controls — enough to satisfy external auditors, not so many that the team drowns in testing.
We trained the controller and two senior accountants to own the ongoing testing program — they needed to be able to run this without us after year one.
"The external auditors said our documentation was better than companies twice our size. Zero material weaknesses. Zero significant deficiencies. The CFO called it the best $240K he ever spent."
The company completed its first SOX audit with zero material weaknesses and zero significant deficiencies. The external auditors commented positively on the documentation quality. The IPO timeline stayed on schedule. The internal team now owns the ongoing program without external support.
Year two cost: approximately $35,000 for annual updates and new control testing — versus an estimated $900,000 for a Big 4 second-year program.