Mechanism to determine depts are following thru with testing 670

  • Hi -
    I’m extremely new to SOX and have been given the job to remediate the deficiencies found by external auditors and come up with a plan to make sure we are staying on top of our controls and testing.
    How is everyone doing this? How quickly should you remediate after getting your auditor report? Should the remediation be addressed in a report signed by CEO?
    Also, should we have a checklist or some other internal document to show that we are testing our controls as we said we were in the annual report?
    Any input would be very helpful. (by the way, I work for a small publically traded company)

  • We use an audit tracking tool from IDS Scheer, called ARIS Audit Manager which is pretty nifty, it keeps track of all our auditing activities worlwide.
    Usually it’s the CFO who has to sign reports to external auditors.

  • We utilized an Access database to track deficiencies and remediation progress. All remediations had an assigned owner from IA as well as the process owner. Weekly updates were required from the IA contact as to status of remediation.
    This is really the only way you are going to stay on top of this as you will have some process owners who work hard to remediate their issues, while others need to be hand-held through the process in order to get anything done.
    Good luck.

Log in to reply