Internal SOX Group (SOX admin, testing, reporting, etc.) 1363
princess404 last edited by
Does anyone have an internal group solely responsible for managing SOX? It sounds like most that have a separate SOX group still have IA perform management’s testing - is there anyone doing everything in one division (scoping, testing, evaluating, etc.)? If so, any pros/cons to this approach?
milan last edited by
At my employer, I have sole responsibility over all aspects of SOX…planning, scoping, documentation, testing, and reporting on control gaps/remediation status.
However, I am fully supported by our IT Department. They have handled all IT aspects of SOX…plan, scope, document, test, etc.
Advantage: Significant learning opportunity and cost efficient.
Disadvantage: Long hours.
So far so good and the external auditor has not ‘pushed back’ on our work product. Additionally, I do not anticipate issues with our performing testing if we continue to maintain high standards, are organized in our approach, and able to provide support evidence for conclusions about our ICOFR.
If you are in need of various SOX Project Management Office Organizational Structures, there’s a lot of info freely available on the internet. Most of it can be found by searching on Sarbanes-Oxley Compliance and Project Planning.
Hope this helps,