Sarbanes-Oxley Walkthrough Guidance for General IT Controls

Subscriber Content
Screenshot of the first page of Sarbanes Oxley Walkthrough Guidance for General IT Controls

This tool provides guidelines for a Sarbanes-Oxley walkthrough for general IT controls.

Four domains of general computer controls include information technology entity-level; security; computer operations; change control (SDLC, move to production, application/infrastructure maintenance). Walkthroughs are conducted by the external auditor and are meant to: confirm the auditor’s understanding of the processes relevant to financial reporting and the design of relevant controls; confirm key risks and controls that affect financial reporting; evaluate the effectiveness of the control design – management has already represented that the controls documented in the Risk and Control Matrices (RCMs) provide reasonable assurance that the risks have been mitigated, and management must now provide the external auditor with sufficient insight into the control environment to reinforce the same conclusion; and to trace a transaction from start to finish (“Test of one”).


Topics
Corporate Governance
Sarbanes-Oxley Act
Audit Committee & Board
IT Controls
Risk Assessment
IT Audit

Related Resources

Checklists & Questionnaires

IT General Controls Questionnaire

Protiviti Booklets

Guide to the Sarbanes-Oxley Act: IT Risks and Controls

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It