Enterprises that must comply with Sarbanes-Oxley (SOX) need to conduct a pre-audit that tests the integrity of internal controls before external auditors arrive for the yearly SOX audit. To do this, IT must:
- Map the definition of an internal control to the system processes and applications within IT's control.
- Understand the meanings of different control types.
- Test controls using standardized control test sheets.
The guidance provided by this worksheet will help publicly-traded enterprises – as well as private organizations simply looking to strengthen security – reduce the risk of poor audit results.