KnowledgeLeader provides best practice articles, tools, guides and other resources on the Sarbanes-Oxley Act (SOX). This page contains an alphabetized list of all of the resources and tools on SOX, particularly Section 302 and Section 404, that are available for download on KnowledgeLeader. For more tools and publications on this subject, visit our Sarbanes-Oxley Act topic area.
SOX Policy Evaluation Checklist
Policies are an important part of the internal control over financial reporting evaluation process. This is a sample checklist to use when identifying the availability and status of company policies associated with the financial reporting process. This tool also assists with organizing policies by financial statement, area of significance, and financial statement element.
SOX Process Flow – High Level Methodology
This process flow documents a high-level methodology for Sarbanes-Oxley compliance.
SOX Process Walkthrough Questionnaire
The purpose of this template is to provide guidance to business units in the performance of walkthroughs associated with Sarbanes-Oxley Act compliance requirements. It may also be used by management in other matters related to the evaluation of internal controls over financial reporting.
SOX Self-Assessment and Self-Testing Instructions
This guide provides instructions to companies performing a self-assessment and self-testing for Sarbanes-Oxley compliance. Topics include mapping global risks, reporting results, and managing the project timeline.
SOX Testing Documentation Questionnaire
This template can be used to document SOX internal control testing procedures, results and recommendations.
SOX Year-End Update Testing Memo
This memo defines the process a company uses to update testing of internal controls for Sarbanes-Oxley compliance purposes near or at the year end.
Sarbanes-Oxley Walkthrough Checklist
The purpose of this checklist is to provide guidance to help a process owner prepare for a process walkthrough. It also includes post-walkthrough questions to help the process owner document any questions or issues raised.
Capitalizing on Sarbanes-Oxley Compliance to Build Supply Chain Advantage
Executives rely on internal controls to provide a reasonable level of assurance that supply chain processes and financial transactions function as designed. As a result, executives should adopt a back-to-basics approach to understanding and prioritizing supply chain risks, capabilities, measures and controls, beginning with but expanding beyond their material impact on the company's financial statements. This booklet, co-produced by Protiviti and APICS, details how the Sarbanes-Oxley Act (SOX) has a complementary impact on supply chain risks in infrastructure design, transaction integrity and reporting measures. It also focuses on corporate governance requirements such as executive certification and internal controls over financial reporting. The scenarios we highlight, demonstrate how the failure of supply chain “operational controls” can strain an organization’s ability to produce reliable and fairly presented financial statements.
FAQ: Sarbanes-Oxley Act Executive Certification Requirements
There are many questions on the minds of directors, certifying executives and auditors as they work together to comply with the Sarbanes-Oxley Act and new requirements from the SEC and NYSE. Listed in this booklet are common queries from companies who are dealing with these requirements. We have provided responses based on our experience that will assist executives as they evaluate their company's disclosure controls infrastructure and processes supporting executive certifications.
Guide to the Sarbanes-Oxley Act
As organizations complete their second year of Sarbanes-Oxley Act (SOX) compliance, executives and audit committees are expecting more value with lower costs. Fulfilling these expectations will require a shift from simply repeating the same SOX project each year to a sustainable, cost-effective compliance process that is embedded into business as usual. For many companies, significant opportunities to improve the efficiency and effectiveness of their SOX compliance efforts reside at the application level. The questions answered in this booklet have risen in our discussions with clients and others in the marketplace who frequently deal with SOX compliance matters and are focused on improving internal control over their critical business applications.
Guide to the Sarbanes-Oxley Act: Internal Control Requirements - Frequently Asked Questions Regarding Section 404
Since the third edition of Frequently Asked Questions Regarding Section 404 of Protiviti’s Guide to the Sarbanes-Oxley Act (SOX) series was released in August of 2004, much has happened. For example: The U.S. SEC has created a “large accelerated filer” category and has adopted different deadlines for initial Section 404 compliance for accelerated foreign private issuer filers and non-accelerated U.S. domestic issuer and foreign private issuer filers. This booklet is designed to help answer questions about the sections of SOX pertaining to public reporting; this information will assist Section 404 project sponsors, leaders and team members. We have provided responses and points of view based on our experience that we hope will assist companies as they document, evaluate and improve their internal control over financial reporting, and as they continue to enhance their executive certification process. We have also held discussions from time-to-time with both the SEC and PCAOB staff to understand their views on key points and confirm our interpretations in certain areas.
Guide to the Sarbanes-Oxley Act: IT Risks and Controls (Second Edition)
The Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly-traded companies establish internal controls for financial reporting and must maintain those controls to ensure they are effective, with the purpose reducing corporate fraud. The priority goals of Section 404 align with management’s existing responsibilities when undertaking an IT conversion or implementation project. In this booklet, we provide guidance to Section 404 compliance project teams on the consideration of information technology (IT) risks and controls at both the entity and activity levels within an organization. We also explore how application-control assessments are integrated with the assessment of business-process controls, and addresses documentation, testing and remediation matters.