A SOX Audit primarily involves testing the 'Design & Operational Efficiency of Controls' as listed in the RCM (Risk & Controls Matrix)
The following details might be considered in this regard:
- The primary objective is to ensure that Internal Controls Over Financial Reporting (ICOFR) are effective & robust
- This would involve the following key processes:
· Prepare detailed process maps regarding operation of various processes within the entity
· Identify Key risks & mitigating controls within the process Maps
· Prepare a RCM containing details regarding key risks & mitigating controls, frequency with which the control is exercised, Manual / Automotive etc.
· Determine the sample Methodology, for testing of various controls. This would be a product of 'Probability of Occurrence’ and 'Magnitude of Impact' that the risk would have
- Once the RCM is in place perform a walkthrough of all key controls listed therein. This ensures the design efficiency of key controls. Instances where a control is not design efficient, we do not test operational efficiency. These controls are required to be re-designed to ensure that they mitigate the risk involved
- Post completion of walkthroughs, testing is performed for Operational Efficiency of controls. This is done using the sampling methodology pre-determined
- For both steps 4 & 5, testing evidences are obtained and filed in proper folders with a testing summary completed for each control tested
The above is just a short note, but SOX Audit would entail several other details related to control failures, remediation testing etc.
Mohit
AVP - Special Projects,
Quatrro FPO Solutions
No comments:
Post a Comment