Getting started with SOX 734



  • Hi,
    Can someone please point me in the direction of getting started with SOX documentation. My own vision on doing this is to initially put in place some high level documentation which take a look at the organisation the functional areas. Explain what each area does, and then document processes and procedures which would impact the financial statements of the organisation.
    Something like this would perhaps facilitate the SOX audit process, in terms of getting a high level view of the organisation the processes and policies and procedures.
    I am hoping someone can point in the direction of getting some templates in place and perh :idea: aps get hold of example documentation.
    Any advise, pointers would be appreciated.
    Thanks



  • Posted: Mon May 23, 2005 5:29 am Post subject:

    The templates have now been uploaded to the following locations:
    http://www.sarbanes-oxley-forum.com/instructions.pdf
    http://www.sarbanes-oxley-forum.com/rcm-template.xls
    Our thanks go to IrquiM for making these available to everyone.



  • Thankyou to Knotme :lol:



  • If you need help with further instructions to the RCM, let me know
    irquim_at__irquim.com (Remove _)



  • just to confirm:
    based on the attached RCM template here, the starting basis appeared to be process/ dept level i.e., Payroll.
    From there, controls within Payroll process are identified to ascertain how they can ensure completeness, accuracy, validity etc etc of Payroll reporting.
    So, we just tick the applicable Assertions that the identified controls can fulfil?
    Will this be the correct approach to complete this RCM?
    thank you.
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=2471



  • just to confirm:
    based on the attached RCM template here, the starting basis appeared to be process/ dept level i.e., Payroll.
    From there, controls within Payroll process are identified to ascertain how they can ensure completeness, accuracy, validity etc etc of Payroll reporting.
    So, we just tick the applicable Assertions that the identified controls can fulfil?
    Will this be the correct approach to complete this RCM?
    thank you.
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=2471
    You’ve missed a step. Before jumping to the controls you need to identify the control risks/control objectives that the controls are going to address.
    I have found it easiest to think of control risks in terms of What Can Go Wrong? So at each stage of the process you will identify a bunch of risks e.g. leaver is not removed from payroll, payroll deductions are incorrectly calculated or employee is paid for fictitious overtime. These risks will have an assertion (possibly more than one) attached to them and you should then look for controls that manage that risk - bearing in mind that a single control may not cover all assertions against the risk.


Log in to reply