Providing simple solutions to your complex IPO and SOX compliance problems.
Has A2Q2 been responsive to the specific needs of your company?
We’re not an easy company. The controls they’re trying to help us implement span across multiple groups, and that’s hard to do. The trust is absolutely there within the teams. And where we do need that hand-holding guidance, they will absolutely go the extra mile to help us.
– Matt, COO, UserTesting
Are there benefits to co-sourcing with A2Q2?
I learned years ago that unless it’s a core competency of your organization, it’s better to outsource. There’s no value-add for us owning that process, which is why we hired Kim to do it for us.
– Ted, CAO & VP Finance, Cortexyme
Public company readiness or SOX 404 readiness required activities part 1
If you're a CFO, controller, or compliance lead kicking off a public company readiness initiative and wondering what the full scope of work looks like, this video gives you the complete overview of every activity you'll need to plan for — with clear guidance on what's required, recommended, and optional at each stage.
Here's what you'll learn: the full list of readiness activities compared across three scenarios (pre-IPO readiness, SOX 404A for emerging growth companies, and SOX 404B for accelerated filers), why project management with experienced leadership is critical to the process, how to approach segregation of duties across three distinct areas (manual activities, ERP systems, and non-core systems like HRIS and equity management), when to involve your external auditors and how that relationship changes across readiness stages, and which activities are safe to deprioritize when time is limited.
Timestamps:
0:00 – What activities are needed for public company readiness
1:05 – Three scenarios compared: pre-IPO, SOX 404A (EGC), and SOX 404B (accelerated filer)
1:24 – Project management: why you need experienced guides for this process
1:53 – Planning, timelines, and phasing the initiative
2:06 – Risk assessment: recommended but not required during readiness
2:31 – IT risk assessment and why IT controls are often the most complex area
3:09 – COSO 2013 framework mapping
3:33 – Segregation of duties: manual controls
3:51 – Segregation of duties: ERP system user access and permissions
4:13 – Segregation of duties: non-core systems (HRIS, equity management)
5:17 – SOC 1 report reviews and when to prioritize them
5:42 – Training process owners on internal controls and change management
6:05 – Audit committee presentations: optional, recommended, or required
6:22 – Key reports testing
6:44 – External auditor management across readiness stages
7:25 – Evaluating deficiencies and material weaknesses
Kim Le is a CPA and CEO of A2Q2 with 30 years of experience in SOX compliance, internal controls, and IPO readiness — 25 of those years in Silicon Valley working with companies like Airbnb, Uber, Square, and Impossible Foods. A2Q2 takes a systemic approach to compliance, building interconnected controls architecture designed to sustain an enduring public company.
🔗 Ready for a consultation? Visit https://a2q2.com
🔔 Subscribe for SOX compliance and IPO readiness guidance.
SOX readiness for a pre-IPO company involves far more than documenting controls — it requires coordinated planning across project management, risk assessment, COSO framework mapping, segregation of duties remediation, process owner training, and external auditor coordination. Companies that start this initiative without experienced guidance often underestimate the IT controls workload and the time required to remediate segregation of duties conflicts across ERP and non-core systems. A2Q2 helps technology companies scope and execute the full readiness initiative from planning through first-year compliance.Show More
Public company readiness or SOX 404 readiness required activities part 1
A company preparing for an IPO needs to complete a series of SOX ...
Public company readiness or SOX 404 readiness required activities ecommerce company part2
What activities are required for public company readiness (SOX 404 ...
Clinical Trial Accrual (CTA) recommended activities for public company readiness / SOX 404 readiness
For biotech companies preparing for an IPO, the clinical trial accrual ...
Entity Level Controls Scam: Why Companies Get Away With Fraud
Entity level controls are the governance, risk assessment, and ...
1
of 8
If you’re in your pre-IPO phase and still preparing to go public, then you need to know one fact – addressing your SOX readiness now will make your IPO journey easier.
When you commit to assessing your SOX readiness and using the data from your assessment to improve your SOX compliance, your values become clear. It becomes obvious that you care about your investors and also value growth.
That’s why we stress – achieve SOX readiness first.
But SOX readiness isn’t something you just dive into and expect to complete on the spot – NO.
It’s a process that needs time, a growth mindset, high attention to detail, and the drive to improve despite deficiencies. To achieve SOX readiness, you refine the parts of your internal controls that need improvement.
As to the question of how? Well, with A2Q2 as your partner, you have all the support you need!
PREPARING YOU EARLY FOR SOX COMPLIANCE
- Pinpointing key internal controls covering financial and accounting statement declarations
- Carrying out a general risk assessment and establishment of a scope.
- Appraising pre-IPO and post-IPO risk assessment for efficient transition.
- Providing a systematic, methodical and highly coherent guidance and mentorship for your organization on total compliance.
- Creating a Risk Control Matrix (RCM) that will further assist in identifying risks and providing efficient guidance towards controlling them.
- Accessing and evaluating control gaps by interviewing current process owners to identify deficiencies.
- Identifying control design gaps to determine whether the controls are managing risks as designed.
- Compiling and documenting accurate results to present to the audit committee and management team.