Planning and scoping
Business process documentation & internal control gap assessment
Operating effectiveness testing
Management reporting
Remediation
Planning and scoping
- Draft SOX charter, governance structure, and reporting timeline
- Perform and document risk assessment and scoping
- Conduct resource planning
- Coordinate all SOX program activities including alignment with external auditors
- Prepare executive and program status reporting
Business process documentation & internal control gap assessment
- Facilitate meetings with key owners to understand current processes and internal controls
- When possible, leverage existing process and internal controls documentation
- Gather example control documentation to support key controls identified
- Remediate control gaps
Operating effectiveness testing
- Develop test plans for all key controls
- Facilitate requests for population and selection of samples for testing
- Preform testing for operating effectiveness of key controls
- Identify control operating effectiveness gaps and provide remediation recommendations
Management reporting
- Conduct quality review of SOX testing working papers
- Facilitate management’s evaluation and assessment of un-remediated control deficiencies at year-end on the financial statements (individual and in the aggregate)
- Prepare SOX compliance conclusion memo including mitigating controls and explanations as to severity
Remediation
- Develop a detailed, prioritized remediation plan for each control and system and confirm remediation plan with control owners
- Assist management to enhance or implement controls to remediate deficiencies identified in the gap assessment report