This memo outlines the analysis performed by a company to determine the scope of internal control documentation and testing as part of compliance with Section 404 of the Sarbanes-Oxley Act. In this example, multi-location testing considerations are outlined.
The following scope and objectives were analyzed: Is the business unit individually significant? Are there specific significant risks? Are there business units that are not important, even when aggregated with others? Are there documented entity-wide controls over business units that are important only when aggregated with others?