Add to collection(s) Add to saved
  1. No category
Uploaded by Victor Reina

solution-checklist-SOX

advertisement 
Solu tion
C h ec k li st
SOX MANAGEMENT
Solution checklist
Meeting the requirements of the Sarbanes-Oxley Act (SOX) is business-critical. However, this can be a significant
time and cost burden, so audit teams need a software solution that can meet its requirements more efficiently
and effectively. A modern software solution helps integrate advanced analytics and streamline testing to improve
assurance. It should also provide real-time insight into SOX progress and risk, ultimately supporting informed
decision-making and executive visibility.
The following checklist outlines key features you should look for in your SOX compliance solution.
S OX PROJECT SE T U P & D O CU M E N TATI O N O F CON T ROL E N V I RON M E N T
❏ Pre-built configurable SOX project templates to establish workflows, consistency, and best
practices
To get up and running quickly, your solution should provide project templates. These templates help jumpstart SOX
programs, can be reused over time, and can be easily tailored to your needs.
❏ Sarbanes-Oxley (SOX) Audit Template (COSO 2013 Framework)
❏ SOX IT General Controls Template
❏ Anti-Bribery and -Corruption Internal Control Framework
❏ Roll-forward project templates and pertinent information to reuse
❏ Centralized risk and control library, with documentation
SOX teams should be able to leverage a library of risks and controls to bring consistency and best practices to
managing multiple SOX projects. Your solution should offer:
❏ The ability to rationalize low-risk or non-key controls, and to harmonize controls that comply with multiple
regulations
❏ Automated updates to ensure that changes to a single item are updated everywhere, reducing repetitive
manual work
❏ The ability to quickly reference inline controls with dynamic hyperlinks when documenting narratives
FIELDWOR K & TE STI N G
❏ Efficient evidence collection and simple management
SOX teams should be able to use the solution to quickly and easily obtain test evidence. Your software solution
should offer:
❏ A centralized PBC Request repository where SOX auditors and the business can efficiently collaborate in one
spot
❏ Automatically organized evidence (e.g., by control testing round) for visibility and easy management
❏ A notification system that automatically sends reminders so that you get what you need, on time
❏ The ability to set a defined schedule to assure that control activities are being performed and documented regularly
Solu tion
C h ec k li st
❏ Integrated advanced analytics for automated population testing
SOX teams should be able to integrate advanced analytics and robotics to automate control testing, test the full
population for greater assurance, and auto-trigger remediation workflows when issues are found. Your solution
should provide:
❏ Automated reviews of processes, such as user access, segregation of duty, inventory, and payroll to replace
manual gathering of evidence and testing
❏ Comprehensive script libraries to access testing ideas and pre-built analytics
❏ Built-in connectors for applications like SAP and Concur to make it easy to access, analyze, and report on data;
plus, easily access most other data sources with ODBC technology
❏ Document test results clearly for efficient review
For an efficient review process, SOX auditors should be able to clearly document test results, with specific
supporting evidence cited inline and finalized based on review notes.
❏ Your solution should offer managers the ability to make clear review notes inline
❏ SOX auditors should have access to a centralized tracker to easily address and manage feedback
ISSUE MANAGEM E N T & 302 CE RTIF ICATI O N
SOX teams should have a standardized way to capture and manage issues through the remediation and re-test so
that nothing is missed. Plus, teams should be able to quickly gather certifications for 302 certification. Make sure
your solution has:
❏ A centralized issue tracker; this offers immediate visibility and the ability to follow up on issues based on
factors such as severity, status, and owner
❏ The ability to automatically send reminders to issue owners as due dates are approaching
❏ A 302 certification engine that allows you to gather the many sub-certifications you need from across the
business, so that your CEO and CFO can sign off with confidence
MONITOR ING & CO M M U N ICATI O N
SOX teams need to be able to monitor their progress and communicate this to stakeholders. Look for a solution with:
❏ A pre-built dashboard that is simple to tailor to your exact report needs
❏ A pre-built SOX storyboard for an effective way to share insights with executives
❏ One-click, pre-built, document-based reports for narratives, issues, risks and controls, and more
LEARN MORE
wegalvanize.com/use-cases/SOX
WHY CHOOSE GA LVA N IZE
Galvanize, a Diligent Brand, is the leading provider of GRC software for security, risk management, compliance,
and audit professionals. The integrated HighBond platform provides visibility into risk, makes it easy to
demonstrate compliance, and helps grow audit, risk, and compliance programs without incurring extra costs.
Learn more about what you can accomplish with Galvanize
1.888.669.4225 | wegalvanize.com | info@wegalvanize.com
©2021 ACL Services Ltd. ACL, Galvanize, the Galvanize logo, HighBond, and the HighBond
logo are trademarks or registered trademarks of ACL Services Ltd. dba Galvanize.
All other trademarks are the property of their respective owners.
checklist-SOX-solution-v1
Related documents
Is it time to change SOX? Solongo Batbaatar MA0N0228
Is it time to change SOX? Solongo Batbaatar MA0N0228
INTERNAL AUDITOR
INTERNAL AUDITOR
Sr Analyst II IT SOX Compliance
Sr Analyst II IT SOX Compliance
EXTRA CREDIT 22.38 PROBABILITY AND ITS APPLICATIONS TO Fall 2005
EXTRA CREDIT 22.38 PROBABILITY AND ITS APPLICATIONS TO Fall 2005
Subject Category: Microbial population and community
Subject Category: Microbial population and community
JD Manager, Internal Audit
JD Manager, Internal Audit
Download
advertisement