Sarbanes-Oxley Assessment Strategy 2444

  • Does anyone know if this or any other forum has a means to identify the strategy used for various companies to accomplish 302 and 404 compliance. For example, who performs management testing, IA or Management, or a hybrid? How often is testing performed? What is the number of key controls documented for testing. These are just a few highlevel questions.

  • The information that you are asking for is not publicly-disclosed information.
    There are occasional webcasts by 404institute (kpmg), deloitte, controllers leadership roundtable (expensive to join) and others that survey members and report the big trends. I would suggest googling those names to see what you can find.

  • To add to my comment above, here is a website that has some good survey data among other good SOX information -

Log in to reply