Pre-IPO SOX 404 Readiness
Helios Robotics
Control universe, narratives, walkthrough plan, and S-1 readiness timeline for a Series D industrial robotics company preparing for IPO under Deloitte audit.
- Prepared for
- Anton Dam, Controller
Helios Robotics, Inc.
- Target S-1 filing
- Q1 2027
- External auditor
- Deloitte & Touche LLP
- Report date
- May 13, 2026
Roles & sign-off
Preparer
Anton Dam, Senior Accountant
Signature / date
Reviewer
Pranav Iyer, Controller
Signature / date
Approver
[CFO name TBD]
Signature / date
AI-drafted sections are not preparer; human review and sign-off required prior to use as audit evidence.
Executive summary
Helios Robotics is approximately 18 months from a planned Q1 2027 S-1 filing. This report establishes the company's pre-IPO SOX 404 program: a 115-control universe, 47 must-have narratives, and a 6-walkthrough engagement plan sequenced against the target filing date.
52w
Year-1 audit lead time
Company profile
Helios Robotics is a Series D industrial robotics company combining hardware sales with multi-year SaaS contracts. The company has approximately 340 employees, falls within the $50-200M annual revenue band, and engages Deloitte for external audit. Existing SOX maturity is informal โ controls exist in practice but are not formally documented or tested.
Top risk areas identified
The agent's initial assessment surfaced five concentration risks driven by the company's business model and stage:
- Revenue recognition (ASC 606) โ mixed hardware + SaaS contracts trigger complex performance-obligation allocation.
- Inventory & COGS โ industrial robotics implies material inventory cycles and standard-cost variance accounting.
- ITGCs โ change management & access โ engineering-led 340-person org typically has loose dev-to-prod boundaries.
- Stock-based compensation โ pre-IPO equity grants accelerate around S-1 filing; ASC 718 modifications and 409A interplay are routine Deloitte focus.
- Period-end close & journal entries โ informal close at 340-person scale typically lacks JE approval thresholds and reconciliation evidence.
Recommended next steps
Begin narrative review with process owners in the next 30 days. Schedule the first walkthrough (period-end close) with Deloitte within 90 days. Validate firm-specific procedural specifics with the engagement team โ all firm-flavored guidance in this document is generated from public knowledge of Deloitte's general audit methodology.
Control universe
115 controls covering financial reporting, IT general controls, and entity-level governance. The following table shows must-have controls only. Full universe in Appendix A.
Financial reporting ยท 18 must-have
| ID |
Control |
Risk addressed |
Assertion |
Owner |
Frequency |
Key? |
Priority |
| FR-001 | Revenue recognition โ performance obligation review | Mis-allocation of bundled hardware + SaaS revenue under ASC 606 | Valuation | Controller | Monthly | Key | MUST |
| FR-002 | Deferred revenue rollforward | Deferred revenue balance misstated or fails to tie to billing | Completeness | Senior Accountant | Monthly | Key | MUST |
| FR-003 | Inventory standard-cost variance review | Unexplained standard-cost variances flow through to misstated COGS | Valuation | Controller | Quarterly | Key | MUST |
| FR-004 | Inventory physical count | Recorded inventory does not physically exist or is obsolete | Existence | Operations Lead | Annual + cycle | Key | MUST |
| FR-006 | Stock-based comp expense accrual | ASC 718 expense not recognized in correct period or amount | Valuation | Senior Accountant | Monthly | Key | MUST |
| FR-007 | Journal entry approval โ over $25K | Unauthorized or erroneous manual entries hit the GL | Existence | Controller | Per entry | Key | MUST |
| FR-008 | Bank reconciliations | Cash balance misstated; unreconciled items mask errors or fraud | Existence | Senior Accountant | Monthly | Key | MUST |
| FR-009 | Accounts payable cutoff | Liabilities recorded in wrong period; understated AP at period-end | Completeness | AP Specialist | Period-end | Key | MUST |
| FR-012 | Income tax provision review | Provision misstated; deferred tax positions incorrect | Valuation | External tax provider | Quarterly | Key | MUST |
ITGCs ยท 16 must-have
| ID |
Control |
Risk addressed |
Assertion |
Owner |
Frequency |
Key? |
Priority |
| IT-001 | Production access review | Terminated or unauthorized users retain access to SOX-relevant systems | Existence | IT Director | Quarterly | Key | MUST |
| IT-002 | Change management โ code deploy approval | Unauthorized or untested code reaches production financial systems | Existence | Engineering Manager | Per change | Key | MUST |
| IT-003 | Database backup & restore testing | Loss of financial data with no recoverable restore point | Completeness | IT Director | Monthly / semi-annual | Non-key | MUST |
| IT-004 | Segregation of duties โ financial systems | Single user creates vendor and approves payment, enabling fraud | Existence | Controller | Quarterly | Key | MUST |
| IT-005 | Multi-factor authentication | Compromised credentials grant access to financial systems | Existence | IT Director | Continuous | Key | MUST |
| IT-006 | Privileged access review | Stale admin/root accounts allow undetected change to financial data | Existence | IT Director | Quarterly | Key | MUST |
Entity-level ยท 13 must-have
| ID |
Control |
Risk addressed |
Assertion |
Owner |
Frequency |
Key? |
Priority |
| EL-001 | Code of conduct attestation | Tone-at-the-top weakness; ethical violations go unreported | Rights & Obligations | HR | Annual | Non-key | MUST |
| EL-002 | Whistleblower hotline | Fraud or override goes unreported because no anonymous channel exists | Completeness | General Counsel | Continuous | Key | MUST |
| EL-003 | Audit committee charter | Inadequate board oversight of financial reporting and audit findings | Rights & Obligations | General Counsel | Quarterly | Key | MUST |
| EL-004 | Authority matrix / signature authority | Commitments made or payments approved outside delegated authority | Rights & Obligations | CFO | Annual | Key | MUST |
Control narratives โ selected
Three representative narratives reproduced here. Full set of 47 narratives included in Appendix B.
FR-001 Revenue recognition โ performance obligation review
Risk addressed
Mixed hardware + multi-year SaaS contracts could be mis-allocated under ASC 606, leading to premature or deferred revenue recognition.
Process
Each new contract is logged in NetSuite within 5 business days of execution. The Controller reviews each contract over $100K monthly for ASC 606 performance-obligation allocation, comparing the contract terms to the standard allocation in the system. Discrepancies flagged require explicit Controller sign-off before booking.
Frequency
Monthly
Evidence
Signed allocation review form per contract; NetSuite audit log entries
TOD
Inspect the allocation review template and Controller sign-off field in NetSuite; confirm the control as designed identifies contracts over $100K and routes them for explicit review prior to booking.
TOE
Sample 25 contracts per quarter (attribute sampling, 90% confidence, ~5% tolerable deviation). Inspect signed allocation review form and tie performance-obligation split to executed contract terms; re-perform allocation for 5 of the 25.
IPE
NetSuite contract listing used to populate the population: verify completeness by reconciling contract count to billings module; verify accuracy by tying 5 random contracts to source agreements in DocuSign.
Test approach
Auditor selects sample of 25 contracts per quarter; verifies allocation review form exists and matches contract terms.
IT-001 Production access review
Risk addressed
Terminated or role-changed users retain production access to SOX-relevant systems, enabling unauthorized change to financial data.
Process
Quarterly, the IT Director exports a list of all production system accounts from Okta, AWS IAM, NetSuite, and GitHub. The list is reviewed against the active HRIS roster; departed employees are confirmed terminated; orphaned accounts are flagged for removal within 5 business days.
Frequency
Quarterly
Evidence
Signed access review report per system; HRIS termination tickets
TOD
Walk through one quarterly review end-to-end with the IT Director; confirm the control compares each system roster to HRIS-active employees and that the sign-off field captures reviewer and date.
TOE
For 2 of 4 quarters, select 3 departed employees and 3 role-change employees per quarter (12 total); inspect that access was disabled within 24 hours of HR notification and that orphaned accounts were removed within 5 business days.
IPE
Access export from Okta, AWS IAM, NetSuite, and GitHub: completeness verified against HR roster (every active employee with system access appears); accuracy spot-tested against 5 random user records (entitlements match system console).
Test approach
Auditor selects 3 departed employees per quarter; verifies their access was terminated within 24 hours of HR notification.
FR-003 Inventory standard-cost variance review
LOW CONFIDENCE
Risk addressed
Unexplained standard-cost variances flow through to misstated COGS and gross margin, particularly for material hardware components.
Process
At quarter-end, the Controller pulls the standard-cost variance report from NetSuite. Variances >$50K or 5% trigger a written explanation from Operations. The Controller reviews explanations and either accepts or requires further investigation.
Frequency
Quarterly
Evidence
Variance report with annotations; explanation memos
TOD
Inspect the variance report template and threshold logic in NetSuite; confirm Operations is required to provide a written explanation for any item breaching the threshold and that the Controller's review evidence captures accept/investigate disposition.
TOE
For each of 2 quarters tested, select 5 variance items above threshold (10 total) plus 2 items below threshold to corroborate threshold operation; inspect explanation memo, supporting source data, and Controller sign-off.
IPE
NetSuite standard-cost variance report: completeness verified by reconciling total variance to GL COGS variance accounts; accuracy spot-tested by re-performing variance calculation for 5 SKUs against BOM and actual cost feeds.
Test approach
Auditor selects 5 variance items per quarter; reviews explanation rationale and supporting documentation.
โ Review note
Variance materiality threshold ($50K / 5%) is inferred from revenue band; should be set jointly with Deloitte during walkthrough.
Walkthrough plan
Six walkthroughs sequenced against your Q1 2027 S-1 target, building from foundational close processes through to entity-level governance. Validate timing specifics with the Deloitte engagement team.
S-1 timeline
TodayMay 2026
W1 begins~Aug 2026
Year-1 auditQ4 2026 / early Q1 2027
S-1 filedQ1 2027
| # |
Walkthrough |
Lead attendees |
Target |
| 1 |
Period-end close
FR-007, FR-008, FR-009 |
Controller, Senior Accountant, Deloitte senior |
~52w pre-S-1 |
| 2 |
Revenue recognition
FR-001, FR-002 |
Controller, Revenue Manager, Deloitte manager |
~48w pre-S-1 |
| 3 |
Inventory & COGS
FR-003, FR-004, FR-005 |
Controller, Operations Lead, Cost Accountant, Deloitte senior |
~44w pre-S-1 |
| 4 |
ITGCs
IT-001, IT-002, IT-004, IT-005 |
IT Director, Engineering Manager, Deloitte IT specialist |
~40w pre-S-1 |
| 5 |
Entity-level controls
EL-001 through EL-004 |
CFO, General Counsel, Deloitte senior manager |
~36w pre-S-1 |
| 6 |
Stock-based compensation
FR-006 |
Controller, People Ops Lead, Deloitte manager |
~32w pre-S-1 |
Disclaimers & assumptions
This document is generated by Velocity, an Auditborb beta product. Read the following before circulating internally or sharing with your audit committee.
Generation methodology
This report was generated by an AI agent using the company profile entered at velocity.app/setup/profile. The agent used Claude Sonnet 4.5 to draft each artifact, with structured outputs and an inline assumption-citation pattern. No proprietary auditor data, methodology documents, or third-party SOX frameworks were used.
Validation responsibilities
This document is a starting point, not a finished audit-ready artifact. Before circulating:
- Validate firm-specific procedural specifics with your Deloitte engagement team โ Velocity's walkthrough plan uses generic Big-4 methodology, flavored for Deloitte's brand, but does not claim insider knowledge of Deloitte's internal practices.
- Review all narratives flagged "low confidence" with the relevant process owner โ these typically require company-specific knowledge the agent could not infer from the profile.
- Adjust materiality thresholds โ defaults shown are inferred from your revenue band; final thresholds should be set jointly with Deloitte.
Assumptions cited during generation
Each artifact in this report carries inline assumption citations. Aggregated:
Assumed hardware + multi-year SaaS contract mix
Assumed quarterly close cadence
Assumed contract terms >12 months
Assumed inventory is material to financials
Assumed standard costing methodology
Assumed cloud-hosted core systems
Assumed ~30% of headcount has system access
Assumed broad-based RSU program
Assumed pre-IPO equity refresh in last 12 months
Assumed monthly close cadence
Assumed <5 person finance team
Variance threshold $50K / 5% inferred from revenue band
About Velocity
Velocity is a self-serve, AI-native pre-IPO SOX 404 setup product from Auditborb. The product exists to demonstrate that AI-native software can compress a $1-5M Big 4 advisory engagement into a 20-minute self-serve experience. Velocity is in public beta; visible iteration is part of the value proposition.
Generated by Velocity ยท An Auditborb beta product
Total generation time: 18 minutes 47 seconds ยท May 12, 2026