SOX Compliance IT Checklist

Use this SOX Compliance IT Checklist to streamline your IT processes for compliance with the Sarbanes-Oxley regulations over the year.

SOX Compliance IT Checklist



Q1 - Internal Controls

1. Has the organization conducted an organizational risk assessment and made updates to reflect changes in its risk profile and tolerance?


Photo Comment

2. Have internal control owners and champions been identified?


Photo Comment

3. Have any new technologies used to manage the business been identified?


Photo Comment

4. Have in-scope processes and high-risk areas been identified?


Photo Comment

5. Have control owners been educated on minimum expectations, consistency, etc.?


Photo Comment
Q2 - Internal Controls

1. Have IT systems been assessed, and have controls been ensured to maintain a reliable IT environment supporting financial reporting requirements?


Photo Comment

2. Have processes and internal controls been documented and communicated to others in the organization?


Photo Comment

3. Has the organization understood ineffective controls discovered in the risk assessment and updated or created controls as necessary?


Photo Comment

4. Has buy-in from management been obtained to reduce the risk of controls being overridden?


Photo Comment

5. Have temporary and permanent changes in the control environment resulting from changes to operating conditions been identified?


Photo Comment

6. Has the consistent design of internal controls been validated, deficiencies identified, and the root cause of those deficiencies isolated?


Photo Comment

7. Have monitoring and evaluation techniques been deployed to assess where things may have gone wrong?


Photo Comment
Q3 - Internal Controls

1. Have team members and subject-matter experts worked together to develop meaningful, actionable risk management practices?


Photo Comment

2. Have deficiencies identified as a result of recent monitoring activities been remediated?


Photo Comment

3. Have risk management practices been deployed in a clear, deliberate fashion so the organization can work toward a common goal: better risk management?


Photo Comment

4. Have updated control practices been applied to ensure the reliability of information coming from IT systems, along with clearly documented procedures to validate the system output reliability?


Photo Comment

5. Have periods of time where internal controls may not have been effective been identified, noting the starting period where newly implemented and corrected controls are in place, and ensuring all involved have a clear understanding of the requirements to maintain effectiveness?


Photo Comment

6. Have controls been ensured to be designed to do what they’re supposed to do and that they’re functioning properly?


Photo Comment
Q4 - Internal Controls

1. Have disclosure controls and procedures been updated for material information related to market, credit, and liquidity risks?


Photo Comment

2. Have all internal control activities been verified for effectiveness?


Photo Comment

3. Has the focus shifted to controls ensuring financial information presentation and disclosure is complete, accurate, and fairly presented in accordance with U.S. GAAP?


Photo Comment

4. If necessary, have subject-matter experts and advisors been consulted on the final application of business environment changes and how those should appear in financial reports?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists