The purpose of this memo is to document management’s approach for the current financial year's Sarbanes-Oxley (SOX) compliance project processes. The following four areas are addressed within the document: process identification and risk classification, process documentation, testing, and documentation review.
Management has determined that the evaluation of the listed processes is critical for evaluating internal controls over financial reporting. An overall risk classification has been assigned to each of these processes. The remediation documents are used by management to assess control deficiencies as either internal control deficiencies, significant deficiencies or material weaknesses. This memo is not meant to replace the professional judgment required at each juncture of the project, but to document the approach.