Interim-Remediation Testing in SOX 2814
SOXkid last edited by
I am new to IT audit field and need some basic information.
what is interim and remediation testing?
how the process work?
kymike last edited by
SOX compliance representations in SEC filings are as of a point in time (fiscal year end). Many companies will test controls during a slow time of year so as to have resources freed up for testing. When controls are tested period prior to year-end, the testing is considered interim testing. Generally, this will require some sort of roll-forward testing near year end to ensure that the controls tested earlier in the year are still functioning as of year end.
Remediation testing is the testing of controls that were determined to be deficient (not functioning as intended) when previously tested. Generally, you should wait at least two accounting cycles (accounting cycles meaning the frequency with which the control is being executed) after correcting (remediating) a deficient control to retest the control to see if it is functioning as intended.
harrywaldron last edited by
Hi - Below are some ‘getting started’ resources that might be helpful, in addition to good sharing in these forums … Good luck
GETTING STARTED WITH SOX COMPLIANCY
(see last post for key links)
Many external audit firms use COSO and COBIT guidelines to ensure SOX compliancy requirements are met.
COSO - SOX Workflow controls
COBIT - SOX 404 IT Controls for Financial Systems