Sarbanes-Oxley Year-One Capability Maturity Model (CMM)

Subscriber Content
Screenshot of the First Page of Sarbanes-Oxley Year One Capability Maturity Model (CMM)
A Framework for Assessing the Maturity of Sarbanes-Oxley Compliance Management

This capability maturity model includes the six elements of infrastructure focused on Sarbanes-Oxley year-one compliance management.

The capability maturity model describes a maturity curve on these capability levels: INITIAL, which describes a poorly aligned function with non-documented strategies, manual management processes, lack of integrated systems and heavy reliance on spreadsheets/manual documents; REPEATABLE, which describes a loosely aligned function supported by informal policies applied to processes performed by personnel with mixed skill levels; DEFINED, which describes a strategic management structure in place with well-defined processes supported by an organized and highly trained team; MANAGED, which describes a function aligned with the organizational strategic plan and personnel; and OPTIMIZED, which describes a management process performed at an optimal level with best practices in full use.

In this sample, an OPTIMIZED organization’s methodologies are continuously improved enterprisewide. ​

The capability maturity model is a framework that describes an improvement path from an ad-hoc, immature process to a mature, disciplined process focused on continuous improvement. The CMM defines the state of a process using a common language that is based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model.


Topics
Compliance
Audit Committee & Board
Laws & Regulations
Internal Controls
Sarbanes-Oxley Act
Document Retention

Related Resources

Guides

Sarbanes-Oxley Auditor Walk-Through Guide

Articles

SOX Compliance Survey: One Decade of Insights

Guides

Sarbanes-Oxley Section 404 Compliance Guide

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It