The following 220 items are listed by Content Data.
Guides
Guide to Implementing a Self-Assessment Program
In this tool, we have included three guides that outline the best-practice elements and processes related to developing ...
Methodologies & Models
Sarbanes-Oxley Project-to-Process Capability Maturity Model (CMM)
This capability maturity model includes the six elements of infrastructure focused on Sarbanes-Oxley project-to-process ...
Subscriber Content
Methodologies & Models
Sarbanes-Oxley Year-One Capability Maturity Model (CMM)
This capability maturity model includes the six elements of infrastructure focused on Sarbanes-Oxley year-one compliance...
Subscriber Content
Checklists & Questionnaires
Disclosure Controls Questionnaire
Use the questions included in this tool to ensure compliance regarding the public disclosure of management's assessment ...
Articles
SOX 404 Disclosures: An Eighteen-Year Review
Audit Analytics takes a closer look at trends in internal controls over financial reporting disclosures, spanning from f...
Checklists & Questionnaires
System Implementation Process Questionnaire
The questions included in this tool can be applied to the implementation of new systems or major upgrades.
Methodologies & Models
Six Elements of Infrastructure for Data Analytics
This sample document includes the six elements of infrastructure for an organization's data analytics process.
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Process Walkthrough Questionnaire
This tool contains two sample questionnaires that provide guidance to business units in the performance of walk-throughs...
Policies & Procedures
Fraud Policy
This document includes three sample policies that facilitate the development of controls that will aid in the detection ...
Subscriber Content
Benchmarking Reports
2022 Sarbanes-Oxley Compliance Survey
The 2022 edition of Protiviti's annual SOX report shows that costs and hours continue to increase across most, if not al...
Subscriber Content
Checklists & Questionnaires
Internal Audit Re-Engineering Questionnaire
This tool contains two sample documents that outline questions internal auditors should ask when evaluating the organiza...
Subscriber Content
Requests for Proposals - RFPs
Request for Proposal: Sarbanes-Oxley Compliance
This tool contains two sample requests for proposals (RFPs) that can be used by organizations seeking a qualified servic...
Subscriber Content
Checklists & Questionnaires
Project Management Office (PMO) Questionnaire
The questions included in this tool can be used to evaluate your project management office (PMO) functionality and proce...
Subscriber Content
Memos
Sarbanes-Oxley (SOX) Project Approach Memo
This tool contains two sample memos that serve as a report of an internal audit function’s high-level assessment of the ...
Subscriber Content
Audit Programs
External Financial Reporting Audit Work Program
This audit program can be used by organizations to evaluate the operating effectiveness of internal controls associated ...
Subscriber Content
Checklists & Questionnaires
Corporate Governance Compliance Questionnaire
The two sample questionnaires in this document focus on what boards and management should do as they work to improve cor...
Subscriber Content
Checklists & Questionnaires
Disclosure Committee Questionnaire
Use the questions included in this tool to ensure that all necessary quarterly financial reporting disclosures are addre...
Subscriber Content
Checklists & Questionnaires
Site Planning and Review Checklist
This sample checklist serves as a working document that can be used by auditors to determine whether all site visit task...
Subscriber Content
Articles
Impacts of COVID-19 on Public Companies
Audit Analytics looks at the pandemic’s impacts on certain aspects of financial reporting and financial health metrics o...
Subscriber Content
Guides
Sarbanes-Oxley Compliance and Disclosure Timeline Guide
This sample document can be used as a general guide to help companies comply with the Sarbanes-Oxley Act of 2002 pursuan...
Subscriber Content
Articles
AQRM Red Flags: Financial Reporting
In this article, Audit Analytics breaks down the risks associated with specific firm-level events included in the Accoun...
Subscriber Content
Performer Profiles
Unum Group: Pivoting to Respond to Change While Positioning for the Future
In this profile, Unum Senior Vice President of Internal Audit Miles Archer explains how his team has navigated pandemic-...
Subscriber Content
Charters
Corporate Audit Department Charter
This tool contains six sample charters that outline the mission statement, objectives, responsibilities and services of ...
Subscriber Content
Guides
Sarbanes-Oxley Compliance Committee Structure Guide
This guide discusses the duties, composition, structure and interrelationships of the disclosure committee that needs to...
Subscriber Content
Research Reports
Growing Number of ICFR Issues Following IPO
In this exclusive report, Audit Analytics explores trends in companies reporting internal control deficiencies immediate...
Subscriber Content
Articles
AQRM Red Flags: Controls
Audit Analytics examines the red flag events concerning a company’s control environment, including control weaknesses, l...
Subscriber Content
Checklists & Questionnaires
Complaint Reporting Process Questionnaire
This questionnaire focuses on issues that audit committees and management should consider as they collaborate to comply ...
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Compliance and Reporting Strategy Questionnaire
This tool outlines questions to consider when preparing an organization’s Sarbanes-Oxley (SOX) compliance and reporting ...
Subscriber Content
Articles
Initial Public Offerings: Recent Trends in Corporate Governance Risks
Audit Analytics takes a deeper look at the risks that initial public offerings pose to investors, regulators and other f...
Subscriber Content
Performer Profiles
Booking Holdings: Navigating a Global Crisis With a Resilience Mindset
In this profile, Booking Holdings Senior Vice President and Chief Audit Officer Marco Rozenberg describes his team’s int...
Subscriber Content
Audit Reports
Enterprise Resource Planning Upgrade Audit Report
Auditors can use this audit report template for conducting and documenting the results of an enterprise resource plannin...
Subscriber Content
Articles
SOX Compliance Under COVID-19: Considerations for Completing Quarterly Assessments
In this article, we provide a brief reminder on guidance and disclosure requirements, highlight current SEC insights and...
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Policy Evaluation Checklist
This tool provides points to consider when conducting an organization’s Sarbanes-Oxley (SOX) policy evaluation.
Subscriber Content
Checklists & Questionnaires
Tax Compliance Process Internal Control Questionnaire
This sample questionnaire can be used to assess the internal controls related to a company’s tax compliance process.
Subscriber Content
Benchmarking Reports
2021 Sarbanes-Oxley Compliance Survey
The 2021 edition of Protiviti's annual SOX report explains some of the changes SOX compliance practices have faced post-...
Subscriber Content
Articles
SEC Enforcement Actions Reveal Continuing Importance of Accurate Disclosures
Audit Analytics examines the recent increase in the amount of enforcement actions citing false and/or misleading stateme...
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Testing Documentation Questionnaire
This tool includes questions to consider when documenting Sarbanes-Oxley (SOX) testing procedures, results and recommend...
Subscriber Content
Articles
Internal Controls Planning as Organizations Contemplate a Return to the Office
In this article, we cover three categories of control changes that companies should consider as they plan to resume in-p...
Subscriber Content
Charters
Board of Directors Authorization Charter
This sample establishes guidelines and responsibilities for developing a board of directors authorization charter.
Subscriber Content
Job Descriptions
Sarbanes-Oxley (SOX) Coordinator Job Description
This job description sample outlines the responsibilities, key selection criteria and general information for the role o...
Subscriber Content
Job Descriptions
Vice President, Internal Audit/Chief Audit Executive Job Description
This sample job description summarizes the responsibilities, key selection criteria and general information for the role...
Subscriber Content
Articles
A Farewell to Paul Sarbanes
Protiviti Managing Director Jim DeLoach honors Paul Sarbanes and highlights his efforts to protect investors and create ...
Subscriber Content
Articles
SPACs Spotlight: Filings Trend Meets Fine Print in Latest SEC Statement
In this article, we examine what was buried in the footnotes of the SEC's latest Division of Corporation Finance stateme...
Subscriber Content
Policies & Procedures
Data Classification Standard Policy
This sample policy can be used by auditors to ensure that all of the organization’s classified information is properly i...
Subscriber Content
Performer Profiles
Salesforce: V2MOM and Setting a Vision for Salesforce Audit
In this profile, Art Perez, senior vice president and audit executive at Salesforce, explains the V2MOM planning process...
Subscriber Content
Performer Profiles
Starbucks Coffee Company: Brewing Up a Balanced Blend of Innovation, Productivity and Future-Focused Capabilities
In this profile, Starbucks Vice President and Chief Audit Executive Randa Saleh shares how her team leverages data analy...
Subscriber Content
Articles
A Look Back at 2020
Audit Analytics shares some of its most popular articles and topics from 2020.
Subscriber Content
Articles
SOX Compliance Under COVID-19: The Show Must Go On (Part 1)
Part one of this two-part discussion uncovers the challenges of maintaining the full rigor of internal control requireme...
Subscriber Content
Checklists & Questionnaires
Evaluation of Control Deficiencies Questionnaire
This sample questionnaire can be used by auditors to efficiently assess and classify an organization’s control deficienc...
Subscriber Content
Audit Reports
Sarbanes-Oxley Section 404 Status Report
This document includes two sample reports that can be used to communicate the results of a Sarbanes-Oxley Section 404 re...
Subscriber Content
Articles
SOX 404 Disclosures: A Sixteen-Year Review
Audit Analytics examines the trends in Section 404 disclosures over a sixteen-year period, considering both auditor atte...
Subscriber Content
Checklists & Questionnaires
Internal Control Structure Validation Questionnaire
This tool features questions to consider for verifying an organization’s internal controls over financial reporting (ICF...
Subscriber Content
Checklists & Questionnaires
Identity Management Tool Questionnaire
The questions provided in this tool can help organizations manage their security and privacy concerns specific to identi...
Subscriber Content
Audit Reports
Risk Assessment Audit Report
This tool includes two sample audit reports that outline steps an audit department should take when conducting a risk as...
Subscriber Content
Articles
SOX Compliance: Consider COVID-19 Impact on Management Review Control Execution
This article outlines steps to consider as you prepare your control documentation along with some specific assumption co...
Subscriber Content
Checklists & Questionnaires
Process-Based Self-Assessment Request Questionnaire
This tool contains questions and best practices to consider when implementing and/or evaluating an organization’s proces...
Subscriber Content
Checklists & Questionnaires
Vendor Assessment Questionnaire
This tool offers vendor assessment report questions to consider for enhancing outsourced operations common to Sarbanes-O...
Subscriber Content
Charters
Audit Committee Charter
This document contains nine samples that provide guidelines and standards for creating an audit committee charter.
Subscriber Content
Checklists & Questionnaires
Effective Internal Controls Over Financial Reporting (ICFR) Testing Questionnaire
This tool outlines best practices and questions to consider when documenting the summary and results of ICFR testing.
Subscriber Content
Checklists & Questionnaires
Process Owner Accountability Questionnaire
This tool provides an overview and description of process owner accountability and responsibility for testing operationa...
Subscriber Content
Checklists & Questionnaires
Process-Level Analytics Questionnaire
This sample questionnaire explains the benefits of using analytics tools to monitor and enhance process-level monitoring...
Subscriber Content
Audit Reports
Audit Committee Report — Internal Audit Update
This tool contains two sample reports that can be used by auditors for evaluating and improving the audit committee’s in...
Subscriber Content
Checklists & Questionnaires
Internal Controls Over Financial Reporting (ICFR) Deficiencies Questionnaire
This tool highlights questions to consider for understanding and assessing internal control over financial reporting (IC...
Subscriber Content
Checklists & Questionnaires
Risk Tracking and Exception Reporting Questionnaire
This tool highlights questions organizations should consider for efficiently tracking reports and reporting exceptions.
Subscriber Content
Checklists & Questionnaires
Configurable Application Controls Questionnaire
This sample questionnaire uses configuration tools to evaluate and improve an organization's configurable application co...
Subscriber Content
Checklists & Questionnaires
Standardized Testing Program Questionnaire
This tool can be used to gain a better understanding of common SOX standardized testing risks and to develop a standard ...
Subscriber Content
Checklists & Questionnaires
Spreadsheet Risk Optimization Questionnaire
This questionnaire outlines the process to identify who manages critical spreadsheets within an organization and identif...
Subscriber Content
Benchmarking Reports
2020 Sarbanes-Oxley Compliance Survey
The 2020 edition of Protiviti's annual SOX report explains some of the changes SOX compliance practices have faced since...
Subscriber Content
Charters
Nominating and Governance Committee Charter
This document contains four samples that provide guidelines for creating a nominating and corporate governance charter.
Subscriber Content
Performer Profiles
Occidental Petroleum Corporation: Drilling Down on Data
In this profile, Occidental Vice President of Internal Audit Gary Daugherty describes his team’s first steps to becoming...
Subscriber Content
Policies & Procedures
Finance End-User Computing Policy
This document contains two sample policies that provide guidelines and procedures for reviewing an organization’s financ...
Subscriber Content
Articles
SOX Risk Assessment in the Time of COVID-19
This article discusses six key considerations a company should take when performing its Sarbanes-Oxley (SOX) risk assess...
Subscriber Content
Articles
SOC Reports: Anticipating Challenges Can Help Minimize Disruption of SOX Compliance Programs
This article outlines a list of practical steps that companies can take to get ahead of the delay in SOC reports from se...
Subscriber Content
Policies & Procedures
Internal Disclosure Certification Process Policy
This policy documents the internal disclosure certification process, which is designed to provide comfort to the executi...
Subscriber Content
Articles
SOX Compliance: Faster Automation, Fewer Controls and How to Get There
This article reviews what parts of Sarbanes-Oxley (SOX) compliance can benefit from automation and provides credible rec...
Subscriber Content
Methodologies & Models
Protiviti's Sarbanes-Oxley Section 404 Compliance Initiatives Methodology
This tool provides an overview of an organization’s Sarbanes-Oxley (SOX) Section 404 compliance process and illustrates ...
Subscriber Content
Articles
What Investors Need to Know About Audits
In this article, Audit Analytics evaluates the state of today’s audit process by looking at four areas of financial repo...
Subscriber Content
Audit Programs
Database Audit Work Program
This sample audit program lists various security, change management and monitoring control activities and audit procedur...
Subscriber Content
Articles
SOX Control Awareness and Communication Is One Way Organizations Can Help Reduce Costs and Hours
This article outlines some communication techniques organizations can use to reduce the total number of hours spent on S...
Subscriber Content
Methodologies & Models
Business Continuity Management Methodology
This tool highlights seven phases of the business continuity management methodology, describing its benefits and the Pro...
Subscriber Content
Checklists & Questionnaires
Human Resources Internal Controls Questionnaire
This questionnaire can be used as a checklist of the basic controls for Sections 302 and 404 of the Sarbanes-Oxley Act. ...
Subscriber Content
Guides
Standardizing Documentation for Internal Controls Guide
This presentation serves as a guide to achieving standardization for internal control documentation.
Subscriber Content
Articles
Technology-Enabled SOX Compliance: Continuing the Discussion
This article shares some of the key takeaways from Protiviti’s recent SOX compliance webinar, building on the findings o...
Subscriber Content
Guides
Sarbanes-Oxley Section 404: Report Testing Methodology Guide
This presentation serves as a guide to train SOX project teams on testing reports that are used during the financial rep...
Subscriber Content
Audit Reports
Segregation of Duties Review Report
This sample report focuses on a project's final deliverables, including a project overview, remediation road map, rollou...
Subscriber Content
Articles
Evolution of SOX 404 Disclosures for EGCs
In this article, Audit Analytics analyzes SOX 404 disclosures as the target of those seeking to introduce further regula...
Subscriber Content
Guides
Documenting Processes and Controls for Sarbanes-Oxley Guide
This guide is designed to help organizations establish consistent and thorough Sarbanes-Oxley documentation standards.
Subscriber Content
Guides
Sarbanes-Oxley Roles and Responsibilities Guide
This sample guide can be used to understand the roles and responsibilities of team members involved in Sarbanes-Oxley (S...
Subscriber Content
Checklists & Questionnaires
Data Center General Controls Questionnaire
This sample questionnaire can be used to measure the processes associated with an organization’s mainframe data center g...
Subscriber Content
Articles
Compliance 2.0: Transforming SOX Practices With Technology
This article describes a new technology-driven SOX model, SOX compliance 2.0, and its ability to encourage innovative th...
Subscriber Content
Guides
Process and Activity-Level Controls Assessment Guide
This sample document can be used as a guide to assessing controls at the process or activity level.
Subscriber Content
Guides
Sarbanes-Oxley 404 Compliance Project Testing and Documentation Standards Guide
This guide can be used by Sarbanes-Oxley project teams to test Section 404 key controls and document the testing results...
Subscriber Content
Articles
Cyber Risks Drawing Increased Scrutiny in Public Company Transition
In this article, Protiviti Managing Directors Nicholas Spinks and David Taylor explain how important it is to sharpen th...
Subscriber Content
Guides
Sarbanes-Oxley Auditor Walkthrough Guide
This sample document can be used as a guide to help prepare company personnel for the walkthrough process related to Sar...
Subscriber Content
Articles
SOX Compliance Survey: One Decade of Insights
This article highlights a decade of SOX compliance efforts documented in Protiviti’s annual Sarbanes-Oxley Compliance su...
Subscriber Content
Audit Reports
Tax Compliance Process Report
This sample audit report outlines the business process related to tax compliance and provides tips to help a Sarbanes-Ox...
Subscriber Content
Guides
Sarbanes-Oxley Section 404 Compliance Guide
This sample document can be used as a guide for establishing an organization’s framework and standard policy for complia...
Subscriber Content
Checklists & Questionnaires
Public Company Readiness Questionnaire
This questionnaire focuses on certain aspects of the IPO preparation process and specific areas management should addres...
Subscriber Content
Checklists & Questionnaires
IT General Controls Questionnaire
This sample questionnaire provides several COBIT areas and related control objectives for each IT general control.
Subscriber Content
Checklists & Questionnaires
IT Risks and Controls SOX Compliance Questionnaire
This sample questionnaire can be used by management and board members to help determine where controls over information ...
Subscriber Content
Guides
Control Gap Remediation Methodology Training Guide
This guide provides Sarbanes-Oxley project teams with the steps they need to take to identify control gaps and implement...
Subscriber Content
Checklists & Questionnaires
Entity-Level Controls Fraud Questionnaire
This sample includes a list of questions to consider while checking an organization’s entity-level controls for fraud.
Subscriber Content
Checklists & Questionnaires
Code of Conduct Questionnaire
One constant for success in a rapidly changing global marketplace is the immutable bedrock of an unwavering commitment t...
Subscriber Content
Guides
Control Testing Responsibility Guide
This guide outlines the Sarbanes-Oxley responsibility assignments and testing process for primary manual controls.
Subscriber Content
Guides
Guidance for Documenting Test Results: Sarbanes-Oxley Section 404
This guide outlines steps to complete when documenting SOX Section 404 test results.
Subscriber Content
Guides
Sarbanes-Oxley Section 404 Committee Guide: Description and Relationships
This guide provides a detailed overview of the Sarbanes-Oxley Section 404 compliance steering committee's composition, f...
Subscriber Content
Checklists & Questionnaires
Inventory Management Process Controls Questionnaire
This sample questionnaire includes a list of items to consider when reviewing an organization’s inventory management pro...
Subscriber Content
Checklists & Questionnaires
Treasury Process Controls Questionnaire
This sample questionnaire includes a list of items to consider when reviewing an organization’s treasury process control...
Subscriber Content
Benchmarking Reports
2019 Sarbanes-Oxley Compliance Survey
This report describes how several emerging SOX compliance practices are growing and how the cost, hours and control coun...
Subscriber Content
Checklists & Questionnaires
Revenue Process Controls Questionnaire
This sample questionnaire includes a list of items to consider when reviewing an organization’s revenue process controls...
Subscriber Content
Checklists & Questionnaires
Exception Evaluation Questionnaire: Individual Process/Transaction-Level Controls
This sample questionnaire can be used to document and analyze exceptions identified during individual process/transactio...
Subscriber Content
Checklists & Questionnaires
Expenditure Process Controls Questionnaire
This sample questionnaire includes a list of items to consider when reviewing an organization's expenditure process cont...
Subscriber Content
Checklists & Questionnaires
Fixed Assets Process Controls Questionnaire
This sample questionnaire includes a list of items to consider when reviewing an organization’s fixed asset process cont...
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Section 404 Audit Committee Questionnaire
This document is designed for companies that have already complied with Sarbanes-Oxley Section 404 for at least one year...
Subscriber Content
Guides
SOX Training Guide: Remediation Efforts and Needs
An important part of complying with Sarbanes-Oxley (SOX) Section 404 is ensuring that control deficiencies are accuratel...
Subscriber Content
Checklists & Questionnaires
Entity-Level Control Environment Questionnaire
This questionnaire template provides a number of COSO elements and the related control objectives for entity-level contr...
Subscriber Content
Checklists & Questionnaires
Entity-Level Controls Information and Communication Questionnaire
This questionnaire template provides a number of COSO elements and their related control objectives for entity-level con...
Subscriber Content
Checklists & Questionnaires
Entity-Level Controls Risk Assessment Questionnaire
The objective of this questionnaire is to assess a number of COSO elements and the related objectives for entity-level c...
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Section 302 Diagnostic Survey
This tool helps an organization assess how well it complies with various Sarbanes-Oxley Section 302 activities.
Subscriber Content
Audit Reports
Sarbanes-Oxley Year-End Audit Committee Report
This sample report to the audit committee focuses on the progress of an organization's Sarbanes-Oxley Section 404 progra...
Subscriber Content
Checklists & Questionnaires
Anti-Fraud Program Evaluation Questionnaire
This document focuses on key questions for board members and management when evaluating an organization's anti-fraud pro...
Subscriber Content
Articles
Building Bot Boundaries: RPA Controls in SOX Systems
This article examines some of the SOX compliance challenges that may result from an RPA implementation and how to avoid ...
Subscriber Content
Checklists & Questionnaires
Process Integration Checklist
This checklist can be used to facilitate the division of a merging company’s subsidiaries and to evaluate the divisions’...
Subscriber Content
Checklists & Questionnaires
Accounts Payable Internal Controls Questionnaire
This tool features questions to consider for performing a control self-assessment of an organization’s accounts payable ...
Subscriber Content
Checklists & Questionnaires
Acquisition Closing Checklist
The purpose of this checklist is to document the activities performed as part of an organization's acquisitions/new busi...
Subscriber Content
Articles
Protiviti Survey Measures SOX Automation, Costs, Hours and More
Learn more about some of the standout Sarbanes-Oxley compliance trends for 2019 in this article, which summarizes key re...
Subscriber Content
Guides
Financial Statement Risk Assessment Guide
This guide provides a detailed overview of key steps to the financial statement risk assessment process, which includes ...
Subscriber Content
Requests for Proposals - RFPs
Request for Proposal: Internal Audit Services and Sarbanes-Oxley Regulatory Compliance
This sample request for proposal for co-sourcing internal audit and Sarbanes-Oxley compliance services provides a variet...
Subscriber Content
Audit Reports
IT Risks and Controls Review Report
The objective of this audit report is to reduce the volume of controls across applications, infrastructure and IT proces...
Subscriber Content
Audit Reports
Entity-Level Fraud Risk Assessment Process Report
This sample fraud risk assessment report provides an overview of the process one company undertook to satisfy the requir...
Subscriber Content
Checklists & Questionnaires
IT Application Control Deficiency Decision Process Questionnaire
This sample helps to determine the severity of any deficiencies cited during the control testing process.
Subscriber Content
Articles
SEC Amends Smaller Reporting Company Thresholds: A Closer Look
In this article, Protiviti’s Charles Soranno takes a closer look at a recent Flash Report on the Securities and Exchange...
Subscriber Content
Protiviti Booklets
Guide to Public Company Transformation
This guidance, now in its fourth edition, is designed to serve as a convenient and user-friendly resource that executive...
Subscriber Content
Checklists & Questionnaires
IT Infrastructure Control Deficiency Decision Questionnaire
This sample questionnaire helps to determine the severity of any deficiencies cited during the control testing process.
Subscriber Content
Articles
SEC Updates Disclosure Requirements
This article details recent Securities and Exchange Commission (SEC) amendments and describes how the SEC is implementin...
Subscriber Content
Articles
2018 SOX Survey: Benchmarking Compliance Costs
In this article, Protiviti Managing Director Keith Kawashima breaks down some of the notable trends from the 2018 SOX su...
Subscriber Content
Benchmarking Reports
2018 Sarbanes-Oxley Compliance Survey
This report discusses how changes continue to influence SOX compliance efforts, but the areas of most significant concer...
Subscriber Content
Audit Reports
Quarterly Compliance Assessment Audit Report
The purpose of this report is to document internal audit’s quarterly assessment of compliance policies and procedures an...
Subscriber Content
Memos
SOX IT Testing Planning Memo
This memo captures details for SOX IT testing, including objectives, project scope, transaction types, key risks, coordi...
Subscriber Content
Guides
Facilitating SOX Compliance Using a Committee Structure Guide
This guide discusses the duties, composition, structure and interrelationships of the disclosure committee that needs to...
Subscriber Content
Guides
Internal Control Owner Training Guide
This guide provides an overview of the internal controls process, including objectives, implementation, timeline, owner ...
Subscriber Content
Checklists & Questionnaires
Update Testing: Control Self-Assessment Questionnaire
This questionnaire helps to assess if the controls are operating effectively within a business unit.
Subscriber Content
Guides
Sarbanes-Oxley Walkthrough Guidance for General IT Controls
This tool provides guidelines for a sarbanes-oxley walkthrough for general IT controls.
Subscriber Content
Sarbanes-Oxley CPE Courses
Documenting Processes and Internal Controls (KLplus CPE Course)
This course will give you a fundamental understanding of documenting processes and internal controls.
Articles
2018 Audit Committee Agenda: Financial Reporting Risks
Protiviti has identified eight audit committee agenda priorities for 2018, half of which focus on financial reporting ri...
Subscriber Content
Audit Reports
Pre-Year 1 SOX Roadmap Audit Report
This audit report summarizes the observations, recommendations, and related remediation prioritization for business and ...
Subscriber Content
Guides
Sarbanes-Oxley Program Implementation Guide
This guide provides procedures, checklists and summaries that can be used to implement changes within an organization’s ...
Subscriber Content
Audit Reports
Controls Monitoring Quarterly Assessment Report
This sample report details an internal audit department’s quarterly assessment of ongoing controls monitoring processes....
Subscriber Content
Policies & Procedures
Whistleblower Policy
This policy establishes standards and procedures to ensure that the accounting and audit-related complaint handling proc...
Subscriber Content
Policies & Procedures
Relationship with External Auditors Policy
This sample document sets out policies and procedures for the external audit of a company.
Subscriber Content
Guides
Assessing Risks and Internal Controls Guide
This presentation was developed to help with training process owners to assess risks and take responsibility for managin...
Subscriber Content
Audit Reports
IT Risk Assessment Audit Report
This risk assessment audit report outlines findings from a high-level IT risk assessment at a company.
Subscriber Content
Checklists & Questionnaires
Financial Close Process Controls Questionnaire
This tool provides insights on financial close process controls, including the control objectives for financial close ac...
Subscriber Content
Checklists & Questionnaires
IT General Controls Survey Questionnaire
This sample tool helps to map IT responses to various questions related to different IT general controls and related pro...
Subscriber Content
Policies & Procedures
Sarbanes-Oxley Section 404 Management Testing Plan Policy
This sample policy helps to summarize management’s approach to plan, organize, execute, document and support its assessm...
Subscriber Content
Sarbanes-Oxley CPE Courses
Using the COSO Internal Control Integrated Framework for Sarbanes-Oxley Compliance (KLplus CPE Course)
This basic-level course introduces COSO and the COSO Internal Control Integrated Framework and its five components.
Sarbanes-Oxley CPE Courses
Executive Certification: Understanding Sections 302 and 906 of the Sarbanes-Oxley Act of 2002 (KLplus CPE Course)
This is a basic-level course that provides an overview of Sections 302 and 906 and describes disclosure controls procedu...
Sarbanes-Oxley CPE Courses
Internal Control Over Financial Reporting: Understanding Section 404 of Sarbanes-Oxley (KLplus CPE Course)
This basic-level training provides an overview of Section 404 of the Sarbanes-Oxley Act of 2002.
Sarbanes-Oxley CPE Courses
Introduction to the Sarbanes-Oxley Act of 2002 (KLplus CPE Course)
This basic-level course provides a summary of the Sarbanes-Oxley Act and provides an overview of key sections.
Sarbanes-Oxley CPE Courses
Validating Operational Effectiveness (Testing of Controls) (KLplus CPE Course)
This basic-level course provides an overview of Sarbanes-Oxley Section 404 requirements for validating operational effec...
Checklists & Questionnaires
Payroll Process Controls Questionnaire
This sample questionnaire helps with evaluating the controls in an organization’s payroll process.
Subscriber Content
Policies & Procedures
Sarbanes-Oxley Section 404 Compliance Project Work Paper Standards and Guidelines: Policy and Procedures
The purpose of this document is to establish basic guidelines and standards for the preparation and review of work paper...
Subscriber Content
Process Flows
Financial Reporting Process Flow
This process flow focuses on the annual reporting on Form 10-K and quarterly reporting on Form 10-Q.
Subscriber Content
Memos
Internal Control Audit Instructions Memo
This memo documents instructions for reviewing and testing a company's internal control environment.
Subscriber Content
Memos
Sarbanes-Oxley Multiple Locations Scoping Memo
This memo outlines the analysis performed by a company to determine the scope of internal control documentation and test...
Subscriber Content
Memos
Sarbanes-Oxley Act Project Approach Memo
The purpose of this memo is to document management’s approach for the current financial year's Sarbanes-Oxley compliance...
Subscriber Content
Memos
Entity-Level Controls Memo
This memo outlines a process for reviewing entity-level controls.
Subscriber Content
Memos
Process-Level Documentation Requirements Memo
This memo describes the documentation requirements for each in-scope process related to Sarbanes-Oxley Section 404 compl...
Subscriber Content
Memos
Financial Elements and Business Process Prioritization Memo
This memo summarizes the customized models used to prioritize financial statement elements (FSE) and processes for Sarba...
Subscriber Content
Memos
Sarbanes-Oxley Testing Strategy Memo
This memo documents a company's high-level testing strategy for Sarbanes-Oxley compliance.
Subscriber Content
Memos
Sarbanes-Oxley Section 404 Project Conclusion Memo
This memo documents an organization’s approach to Sarbanes-Oxley Section 404 compliance and concluding results from the ...
Subscriber Content
Memos
SOX Year-End Update Testing Memo
This memo defines the process a company uses to update testing of internal controls for Sarbanes-Oxley compliance purpos...
Subscriber Content
Memos
Merger and Integration Memo
This memo outlines a project to document a company’s finance and accounting processes, as well as to identify the system...
Subscriber Content
Audit Programs
Access to Programs and Data Audit Work Program
The purpose of this work program—focused on access to programs and data—is to outline the IT general controls to be test...
Subscriber Content
Audit Programs
System Backup Review Audit Work Program
The purpose of this audit program is to review an organization’s system backup procedures.
Subscriber Content
Audit Programs
Sarbanes-Oxley Documentation Review Audit Work Program
The objective of this audit program is to ensure that Sarbanes-Oxley (SOX) Section 404 processes are documented to commu...
Subscriber Content
Audit Programs
Insurance Claims Review (Healthcare) Audit Work Program
This healthcare audit program is intended to assist in determining whether internal controls in the health insurance cla...
Subscriber Content
Audit Programs
Program Changes Audit Work Program
This audit program focuses on auditing program change controls.
Subscriber Content
Audit Programs
End-User Computing Audit Work Program
This work program focuses on auditing end-user computing, specifically concentrating on identifying the IT controls to b...
Subscriber Content
Newsletters
COSO 2013: Why Should You Care?
This issue of Board Perspectives: Risk Oversight outlines six reasons why board members should care about the updated CO...
Subscriber Content
Protiviti Booklets
The Updated COSO Internal Control Framework
In this booklet, we address various questions regarding the New Framework from COSO, including the reasons why it was up...
Subscriber Content
Protiviti Booklets
The Updated COSO Internal Control Framework FAQ: Table of Contents
This table of contents and FAQ list is a reference for the Updated COSO Internal Control Framework FAQ.
Subscriber Content
Guides
COSO Internal Controls Guide: Integrated Framework
COSO's 2013 Internal Control–Integrated Framework (Framework) is expected to help organizations design and implement int...
Subscriber Content
Newsletters
Updated COSO Internal Control Framework: Frequently Asked Questions
In this issue of The Bulletin, we address various questions regarding the new COSO framework.
Subscriber Content
Guides
Internal Control Strategy Communication Guide
This guide outlines an example process to facilitate and communicate changes necessary to strengthen an organization’s i...
Subscriber Content
Protiviti Booklets
Guide to the Sarbanes-Oxley Act: IT Risks and Controls
In this booklet, we provide guidance to Section 404 compliance project teams on the consideration of information technol...
Subscriber Content
Policies & Procedures
Control Transition Policy
This policy establishes procedures to ensure the continued integrity of a company’s internal controls system.
Subscriber Content
Process Flows
SOX Process Flow: High-Level Methodology
This process flow documents a high-level methodology for Sarbanes-Oxley compliance.
Subscriber Content
Policies & Procedures
New Disclosures Policy
This policy is intended to facilitate the early detection and disclosure of reportable items to the SEC and to improve t...
Subscriber Content
Checklists & Questionnaires
Executive Certifications Questionnaire: Same Responsibilities, Higher Stakes
Executive management has always been responsible for the quality and fairness of public reporting. However, under The Sa...
Subscriber Content
Newsletters
Setting the 2009 Audit Committee Agenda
This issue of The Bulletin provides observations and ideas for board members to consider as they get through the trying ...
Subscriber Content
Newsletters
The SEC’s New Guidance on Section 404: What It Means to You
In May, the Securities and Exchange Commission (SEC) approved its interpretive guidance to management on implementing Se...
Subscriber Content
Newsletters
Protecting Enterprise Value Through Your Anti-Fraud Program
What is an anti-fraud program? How should companies evaluate their anti-fraud programs? In this issue of The Bulletin, w...
Subscriber Content
Newsletters
Section 404 Compliance: Lessons Learned for the Next 12 Months
In this issue of The Bulletin, we articulate seven lessons for improving Section 404 assessment and compliance processes...
Subscriber Content
Protiviti Booklets
Guide to the Sarbanes-Oxley Act
The questions answered in this booklet have risen in our discussions with clients and others in the marketplace who freq...
Subscriber Content
Newsletters
Enterprise Risk Management: Practical Implementation Advice
What leaves many cold on the subject of ERM is the inability to quickly grasp what it is. This issue of The Bulletin add...
Subscriber Content
Newsletters
Section 404 Compliance: Planning for Next Year
This issue of The Bulletin focuses on some of the opportunities companies should consider as they plan for Year Three of...
Subscriber Content
Protiviti Booklets
Frequently Asked Questions Regarding Compliance with OMB Circular A-123
In this booklet, we answer questions about complying with OMB Circular A-123.
Subscriber Content
Newsletters
Wanted: A Cost-Effective Approach to Validating Performance of the Internal Control Structure
This issue of The Bulletin addresses the importance of integrating self-assessment, entity-level monitoring, and indepen...
Subscriber Content
Newsletters
Achieve Sustainability by Integrating the Section 404 and Section 302 Compliance Process
In this issue of The Bulletin, we focus on strategies for integrating compliance activities around Sections 302 and 404 ...
Subscriber Content
Newsletters
Driving Value Out of the Section 404 Compliance Process
In this issue of The Bulletin, we incorporate insights and lessons learned regarding finance processes and show how valu...
Subscriber Content
Newsletters
The Self-Assessment Process: Management’s Tool for Reinforcing Process Owner Accountability
In this issue of The Bulletin, we discuss the self-assessment process and how one can be implemented to reinforce proces...
Subscriber Content
Newsletters
Building Upon Section 404 Compliance: Moving Beyond Year One
In this issue of The Bulletin, we outline imperative steps for certifying officers to take to demonstrate care in reinfo...
Subscriber Content
Newsletters
Establishing an Effective Complaint and Confidential, Anonymous Reporting Process
In this edition of The Bulletin, we address the issues that audit committees and management should consider as they coll...
Subscriber Content
Newsletters
Technology Risks and Controls: What You Need to Know
In this issue of The Bulletin, we focus on the relevance of IT risks and controls to a company’s meeting the internal co...
Subscriber Content
Newsletters
The Expanded Responsibilities of the Audit Committee: A New Mandate
This issue of The Bulletin explores the new requirements of audit committees and their implications, and suggests six ke...
Subscriber Content
Newsletters
Internal Control Over Financial Reporting: An Update on Section 404 of Sarbanes-Oxley
The SEC released its final rules in June 2003 regarding Section 404, making time an asset rather than a liability. This ...
Subscriber Content
Protiviti Booklets
Capitalizing on Sarbanes-Oxley Compliance to Build Supply Chain Advantage
This booklet, co-produced by Protiviti and APICS, details how the Sarbanes-Oxley Act (SOX) has a complementary impact on...
Subscriber Content
Newsletters
Strengthening Governance Through Risk Management
This issue of The Bulletin provides five comprehensive recommendations for strengthening governance through improved ris...
Subscriber Content
Newsletters
Internal Controls Over Financial Reporting: Understanding Section 404 of Sarbanes-Oxley
In this issue of The Bulletin, we address in detail Section 404, a provision of SOX that is certain to garner the attent...
Subscriber Content
Newsletters
The Code of Conduct: Laying a Cornerstone for Effective Governance
In this issue of The Bulletin, we provide important steps for boards of directors and management to consider in designin...
Subscriber Content
Newsletters
Staying Focused on Core Business Issues Amid Corporate Governance Compliance
In this issue of The Bulletin, we cover the basics of corporate governance compliance.
Subscriber Content
Newsletters
Executive Certifications: Same Responsibilities, Higher Stakes
In this issue of The Bulletin, we answer several important questions regarding these new requirements.
Subscriber Content
Protiviti Booklets
FAQ: Sarbanes-Oxley Act Executive Certification Requirements
This booklet describes a major area of emphasis for many companies preparing to make their first filing subsequent to Au...
Subscriber Content
Newsletters
The Changing Corporate Governance Landscape and Its Implications
This issue of The Bulletin reviews examples of what the board of directors and management should do as they work to impr...
Subscriber Content
Newsletters
The Role of Personal Accountability in the New Environment
This issue of The Bulletin outlines seven key principles that provide a framework for establishing and reinforcing the p...
Subscriber Content
Blog
Comparing U.S. Sarbanes-Oxley with C-SOX (Bill 198) and J-SOX (FIE)
As a result of the infamous Enron and WorldCom scandals, the U.S. reacted with strict guidelines to re-esta...
Blog
Disclosure Controls and Procedures: Key Facts You Need to Know
The SEC introduced “disclosure controls and procedures” as a new term in its initial August 29, 2002, relea...
Sarbanes-Oxley CPE Courses
Introduction to the Sarbanes-Oxley Act of 2002 (KLplus FREE SAMPLE Course)
This sample KLplus course is intended to provide a preview of what you'll receive when you sign up for a full KLplus mem...
Newsletters
The Bulletin Newsletters
The Bulletin is a periodic newsletter from Protiviti offering detailed insights on corporate governance and related risk...