Self-Assessment Approach 2519

  • Does anyone use self-assessment on your SOX certification? Is this a good approach? Witch controls should be tested by self-assessment? What is the Internal Audit rule on this approach?

  • We utilize peer testing which is a form of self-assessment. No one tests their own area. We no longer utilize our internal audit function for SOX testing unless they have a scheduled audit for a specific area, in which case we try to leverage the Internal Audit work to also cover our SOX testing requirements.

  • Who are your external auditors and do they rely on the self-assessment testing approach?

  • KPMG
    Yes, they do place reliance on our testing. Level of reliance varies by process risk.

  • I would love to hear more about your self-assessment process. Could I call you in the next day or so to discuss in more detail?

  • This thread shared earlier this morning also discusses risk management and testing concepts for SOX. The COBIT and COSO resources might help in designing a self assessment program. It would be important to cover this thoroughly with the external SOX auditors assigned to your company, so they can participate in sharing ideas, best design practices, etc.

  • Hello.
    As I am new for sox and its different types of forums I am wondering about some of the tools/words frequently encountered in different forums and discussions in them. Like What do you mean by self-assessment approach. Is this that it is used by outside auditors ? or something else ?

  • Loosely, self-assessment would be one process team doing their own evaluation of their team’s controls versus having a fully independent group (like external auditors or internal audit) perform the controls assessment.
    Unless there is independence in the controls assessment, external auditors generally will not rely on the assessment and will perform all of their own testing. This is inefficient and costly for the company being audited.

Log in to reply