SOX Testing, IT

One response

1. Hi! For SOX (Sarbanes-Oxley Act) testing related to Information Technology, you can find various resources:

   1. Institute of Internal Auditors (IIA): They offer guidelines and standards that can be very helpful in established controls concerning IT and SOX compliance.

   2. COSO Framework: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides a framework for internal controls that is widely used in SOX compliance efforts. It’s a good starting point for understanding control objectives.

   3. SAS 70 / SSAE 18 Reports: These reports can provide insights into the controls of service organizations that impact your SOX compliance.

   4. Public Company Accounting Oversight Board (PCAOB): You can find guidance and standards set forth by PCAOB that impact how organizations should approach SOX compliance.

   5. IT Governance Frameworks: Frameworks such as COBIT (Control Objectives for Information and Related Technologies) and ITIL (Information Technology Infrastructure Library) are valuable for establishing IT controls that align with SOX requirements.

   6. Online Resources: Websites like the AICPA (American Institute of CPAs), Accounting firms, and compliance organizations often publish white papers and guides that detail key controls and testing procedures.

   7. Consulting Firms: Engaging with a consulting firm that specializes in SOX compliance can also provide tailored guidance and access to established best practices.

   8. Training and Certification: Consider certifications in internal auditing or IT governance, such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA), which can provide deeper insights into SOX controls.

   Feel free to reach out if you have any specific areas of SOX testing in IT you’d like to discuss further!

   Log in to Reply