- Customer Success Story -

Enhancing SOX Compliance for a Leading Foodservice Distributor


In the intricate landscape of financial regulation, the Sarbanes–Oxley Act (SOX) stands as a pivotal milestone. Enacted in 2002, this United States federal law imposes rigorous reporting requirements on all publicly traded companies to enhance investor protection by ensuring the accuracy and reliability of corporate disclosures made under securities laws.

Client Profile: 

Our client, a prominent foodservice distributor in the United States, boasts an impressive annual revenue exceeding $20 billion. Their extensive product catalog spans 400,000 stock-keeping units (SKUs), encompassing fresh, frozen, and dry goods, as well as non-food items. With a robust network of 65+ primary operating facilities, including 50+ distribution centers, they orchestrate seamless supply chains. Adding to their logistical prowess, the company operates a fleet of 5,000+ trucks, diligently delivering sustenance to over 200,000 customer locations nationwide.

Amidst this culinary symphony, however, lies the intricate challenge of Sarbanes–Oxley (SOX) compliance.

The Challenge

SOX Landscape: Our client manages  170+ SOX-related controls, with over 80% classified as key controls.

These critical safeguards ensure financial accuracy and investor confidence. There are 16 ITGC controls, 4 of which are almost entirely automated:

  • Access to Pomo Code
  • Account Provisioning
  • Account Terminations
  • Platform Security Baselines

Key controls, on average, require more than 5 hrs. of testing per control, plus design and walkthrough activities that require additional time - up to 5 hrs.

The Costly Burden of Compliance:

Maintaining SOX compliance is a substantial line-item cost, often reaching millions of dollars. The effort involved is intense, demanding meticulous attention to detail. SOX compliance is frequently viewed as a routine, non-strategic task.

The Struggle for Value: Organizations grapple with the paradox: How can SOX compliance evolve from an obligation to a value-added function? The struggle extends beyond financial resources to finding innovative testing strategies. The common perception of SOX steadfastly holds—it's seen more as a compulsory task than a tactical benefit.

Solution: Arbutus Analyzer

With Arbutus, the once-daunting Oracle Security Baseline transformed. What once consumed days now unfolded in mere minutes. Datasets harmonized effortlessly, and the mundane transformed into efficiency.

  • Value Enhancement and Innovation: The company aimed to enhance operational value by adopting innovative practices. In 2013, they chose Arbutus to assist with IT SOX testing, specifically focusing on IT General Controls (ITGC). Arbutus Analyzer enabled them to achieve comprehensive risk coverage without exceeding their budget and saved significant time.

  • Automated Analytics with Arbutus: The internal audit (IA) team deployed 10 analytics via Arbutus Procedures/Scripts: Tests covered areas such as IBM baseline, system access, terminations, user provisioning, and key reports. For instance, testing the Oracle Security Baseline manually would take 3-5 days due to numerous datasets. However, the Arbutus script reduced this to less than 5 minutes.

  • Data Integration and Efficiency: Arbutus analytics automatically pulled and joined data files from 15 major and disparate systems (Mainframe and Windows). This streamlined process allowed the IA team to focus on strategic analysis rather than mundane tasks


The company’s strategic innovation approach to SOX IT execution enabled more strategic utilization of its existing resources. The transformation yielded tangible benefits:

  • Cost Savings: At least 20% carved from the SOX budget.

  • Strategic Resource Allocation: Financial-control resources found purpose.

  • Reduced Burden: Stress levels plummeted, replaced by clarity and focus.

  • Comprehensive Risk Coverage: Despite constraints, the company achieved more—more insights, more value.

Why Arbutus?

  1. Efficiency Unleashed: Arbutus doesn’t just automate; it liberates your resources. Say goodbye to mundane tasks and hello to strategic focus.

  2. Streamlined Processes: Our solutions seamlessly integrate with your existing workflows, ensuring a smooth transition and enhanced productivity.

  3. Empowering IA: Arbutus empowers your IA team to wield data-driven insights like virtuoso musicians. We’re not just software; we’re your trusted partner.

Book a Demo


Enhancing SOX Compliance

Get Your Copy Today!