|
Sarbanes Oxley Internal Control Testing
Prior to Sarbanes Oxley Auditors performing internal control testing every IT department should perform their own SOX Internal Control Walkthrough and IT Internal Control Testing. This will allow the IT department to discover and remediate IT Controls that aren't passing Internal Control Testing or need to be strengthened or modified. The IT Internal Control Document can be used as a framework for your IT Internal Control Walkthrough and Testing.
Section 404 Internal Control Walkthrough: The SOX Internal Control Walkthrough sets up your Section 404 Internal Control Testing. You work through your Internal Control Document and provide proof that your IT Internal Controls were successful. Proof can be in the form of an e-mail with an answer to a question, audit logs, screen shots or whatever proves your statement once.
Section 404 Internal Control Testing: Sarbanes Oxley Section 404 Internal Control Testing is where the rubber meets the road. Consider the Internal Control Walkthrough a view from a mile high and the Internal Control Testing a ground level view. Where in the Internal Control Walkthrough you prove a control works one time. The Section 404 Internal Control Testing is done 25 times to prove your process or Internal Control worked every time. This can mean choosing 25 new users randomly and prove that the proper policy was followed to setup accounts. The same internal control testing can be done for terminations. Basically if in your IT Controls document as part of your Section 404 work states something, be prepared to test it many times in your Internal Control Testing.
Your Sarbanes Oxley Auditors will then visit and perform a similar walkthrough and Internal Control Testing but you won't have as much opportunity to fix what fails in the Sarbanes Oxley Section 404 Auditors testing.
|
|
Preparing Windows Servers for Sarbanes Oxley Section 404 Testing and Auditing Sarbanes Oxley Section 404 Deadline Sarbanes Oxley Compliance - No Easy Trick |