Sarbanes-Oxley Section 404 Status Report

Subscriber Content
screenshot of first page of Sarbanes-Oxley Section 404 Status Report

This document includes two sample reports that can be used to communicate the results of a Sarbanes-Oxley Section 404 review and improve an organization’s internal control structure.

In these samples, testing involved activities such as documenting responsibilities for security administration at the operating system, database and application levels for all in-scope applications; completing a gap assessment of responsibilities that conflict with the standard; and working with the application owners and information technology to realign security responsibilities where necessary. The following observations were noted as a result of testing:

  • Prioritization is processed adequately and appropriately per internal audit.
  • The project team employed innovative techniques to defining the scope and assessing the risk.
  • A fraud assessment is completed at the entity level and the process transaction control level.
  • Internal audit is regularly included in project scoping decisions.

Topics
Audit Planning
Accounting/Finance
Audit Committee & Board
Sarbanes-Oxley Act
Corporate Governance
Audit Reporting

Related Resources

Guides

Sarbanes-Oxley 404 Compliance Project Testing and Documentation Standards Guide

Audit Reports

Sarbanes-Oxley Section 404 Program Executive Scorecard Report

Checklists & Questionnaires

Sarbanes-Oxley Section 404 Documentation Readiness Checklist

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It