SOX Readiness Roadmap
1. Plan & Scope
-Financial Reporting Process
-Supporting Systems
2. Perform Risk Assessment
-Probability & Impact to Business
-Size / Complexity
3. Identify Significant Controls
-Application Controls, over initiating, recording, processing & reporting
-IT General Controls
4. Document Controls
-Policy Manual
-Procedures
-Narratives
-Flowcharts
5. Evaluate Control Design
- Mitigates control risk to an acceptable level
- Understood by users
6. Evaluate Operational Effectiveness
- Internal Audit
- Technical Testing
- Self Assessment
- Inquiry
7. Identify & Remediate Deficiencies
- Significant Deficiencies
- Material Weaknesess
- Remediation
8. Document Process & Results
- Coordination with Auditors
- Internal Sign-off (302,404)
- Independent Sign-off (404)
9. Build Sustainability
- Internal Evaluation
- External Evaluation
Source: Deloitte Touche Tohmatsu slide from scc.cc
Popularity: 7% [?]
