Sarbanes Oxley stresses on protecting the interest of investors by strengthening the controls in an organization. As far as internal controls are concerned, an organization needs to many strategic decisions. One of my clients Sarbanes Oxley Implementation Coordinator asked me "What were five strategic control issues he should keep in mind?". My experience tells me, that Sarbanes Oxley and COSO together lay a very strong foundation for internal controls. But to pin point Strategic Control Decisions is a whole other ball game. I have listed below, five top control related issues which can make a difference between 404 compliance or non-compliance.

Prevention Vs. Detection - Controls should focus on prevention of errors rather than detection or correction. This is true simple for the reason that preventive controls are less costly and easy to implement than corrective controls.

Automated Vs Manual Controls - I would prefer automated controls over manual controls. Automated controls give a higher level of comfort since there is no human intervention. Manual controls make the process lengthy.

Costs Vs. Benefits - There has to be a fine balance between costs and benefits derived from controls. One cannot ignore controls just beacuse they are costly to implement. Controls only make sense if they are cost justifiable.

Risk Based Approach - The amount of controls that an organization needs to implement should be commensurate with risks and potential exposures. The design and implementation of controls should cater to the risks in the process.

Controls Satisfy Objectives - Finally, controls activities should satisfy control objectives. All of the above mentioned issues will not make sense if controls fail to meet laid down control objectives.

More on Sarbanes Oxley COSO Controls >>

SAS 70 Audits , Significant Deficiencies , Internal Controls Testing Strategies