This audit report summarizes the observations, recommendations, and related remediation prioritization for business and IT processes that were documented for the purposes of eventual Sarbanes-Oxley compliance. Management should use this document to facilitate the remediation cycle for Sarbanes-Oxley related observations, identify process improvement opportunities, and to assign ownership and accountability to process owners.
The business processes considered for review included equity and stock, fixed assets, financial close, HR/payroll, procure to pay, revenue and tax. The IT general controls considered included access security (user access provisional approval, user access de-provisioning, administrative access, access review and password rules); change management (change approval, change testing, change review and segregation of duties); and computer operations (backup tape rotation, restoration test and SAS70 review). All noted issues are prioritized on a heat map.