Public company readiness or SOX 404 readiness required activities part 1
A company preparing for an IPO needs to complete a series of SOX readiness activities — including project management, risk assessment, IT risk assessment, COSO 2013 framework mapping, segregation of duties analysis across manual controls, ERP systems, and non-core systems, process owner training, and external auditor coordination — before any process-level documentation begins.
If you're a CFO, controller, or compliance lead kicking off a public company readiness initiative and wondering what the full scope of work looks like, this video gives you the complete overview of every activity you'll need to plan for — with clear guidance on what's required, recommended, and optional at each stage.
Here's what you'll learn: the full list of readiness activities compared across three scenarios (pre-IPO readiness, SOX 404A for emerging growth companies, and SOX 404B for accelerated filers), why project management with experienced leadership is critical to the process, how to approach segregation of duties across three distinct areas (manual activities, ERP systems, and non-core systems like HRIS and equity management), when to involve your external auditors and how that relationship changes across readiness stages, and which activities are safe to deprioritize when time is limited.
Timestamps:
0:00 – What activities are needed for public company readiness
1:05 – Three scenarios compared: pre-IPO, SOX 404A (EGC), and SOX 404B (accelerated filer)
1:24 – Project management: why you need experienced guides for this process
1:53 – Planning, timelines, and phasing the initiative
2:06 – Risk assessment: recommended but not required during readiness
2:31 – IT risk assessment and why IT controls are often the most complex area
3:09 – COSO 2013 framework mapping
3:33 – Segregation of duties: manual controls
3:51 – Segregation of duties: ERP system user access and permissions
4:13 – Segregation of duties: non-core systems (HRIS, equity management)
5:17 – SOC 1 report reviews and when to prioritize them
5:42 – Training process owners on internal controls and change management
6:05 – Audit committee presentations: optional, recommended, or required
6:22 – Key reports testing
6:44 – External auditor management across readiness stages
7:25 – Evaluating deficiencies and material weaknesses
Kim Le is a CPA and CEO of A2Q2 with 30 years of experience in SOX compliance, internal controls, and IPO readiness — 25 of those years in Silicon Valley working with companies like Airbnb, Uber, Square, and Impossible Foods. A2Q2 takes a systemic approach to compliance, building interconnected controls architecture designed to sustain an enduring public company.
🔗 Ready for a consultation? Visit https://a2q2.com
🔔 Subscribe for SOX compliance and IPO readiness guidance.
SOX readiness for a pre-IPO company involves far more than documenting controls — it requires coordinated planning across project management, risk assessment, COSO framework mapping, segregation of duties remediation, process owner training, and external auditor coordination. Companies that start this initiative without experienced guidance often underestimate the IT controls workload and the time required to remediate segregation of duties conflicts across ERP and non-core systems. A2Q2 helps technology companies scope and execute the full readiness initiative from planning through first-year compliance.
A company preparing for an IPO needs to complete a series of SOX readiness activities — including project management, risk assessment, IT risk assessment, COSO 2013 framework mapping, segregation of ...duties analysis across manual controls, ERP systems, and non-core systems, process owner training, and external auditor coordination — before any process-level documentation begins.
If you're a CFO, controller, or compliance lead kicking off a public company readiness initiative and wondering what the full scope of work looks like, this video gives you the complete overview of every activity you'll need to plan for — with clear guidance on what's required, recommended, and optional at each stage.
Here's what you'll learn: the full list of readiness activities compared across three scenarios (pre-IPO readiness, SOX 404A for emerging growth companies, and SOX 404B for accelerated filers), why project management with experienced leadership is critical to the process, how to approach segregation of duties across three distinct areas (manual activities, ERP systems, and non-core systems like HRIS and equity management), when to involve your external auditors and how that relationship changes across readiness stages, and which activities are safe to deprioritize when time is limited.
Timestamps:
0:00 – What activities are needed for public company readiness
1:05 – Three scenarios compared: pre-IPO, SOX 404A (EGC), and SOX 404B (accelerated filer)
1:24 – Project management: why you need experienced guides for this process
1:53 – Planning, timelines, and phasing the initiative
2:06 – Risk assessment: recommended but not required during readiness
2:31 – IT risk assessment and why IT controls are often the most complex area
3:09 – COSO 2013 framework mapping
3:33 – Segregation of duties: manual controls
3:51 – Segregation of duties: ERP system user access and permissions
4:13 – Segregation of duties: non-core systems (HRIS, equity management)
5:17 – SOC 1 report reviews and when to prioritize them
5:42 – Training process owners on internal controls and change management
6:05 – Audit committee presentations: optional, recommended, or required
6:22 – Key reports testing
6:44 – External auditor management across readiness stages
7:25 – Evaluating deficiencies and material weaknesses
Kim Le is a CPA and CEO of A2Q2 with 30 years of experience in SOX compliance, internal controls, and IPO readiness — 25 of those years in Silicon Valley working with companies like Airbnb, Uber, Square, and Impossible Foods. A2Q2 takes a systemic approach to compliance, building interconnected controls architecture designed to sustain an enduring public company.
🔗 Ready for a consultation? Visit https://a2q2.com
🔔 Subscribe for SOX compliance and IPO readiness guidance.
SOX readiness for a pre-IPO company involves far more than documenting controls — it requires coordinated planning across project management, risk assessment, COSO framework mapping, segregation of duties remediation, process owner training, and external auditor coordination. Companies that start this initiative without experienced guidance often underestimate the IT controls workload and the time required to remediate segregation of duties conflicts across ERP and non-core systems. A2Q2 helps technology companies scope and execute the full readiness initiative from planning through first-year compliance.Show More
They know their processes very well. They have answers to all of the questions or different scenarios. They help us start from the beginning and walk us through the entire process and they know the areas where the companies are missing. I would definitely recommend A2Q2.
