I discussed in my earlier posts that continous controls monitoring can be the key to better Sarbanes Oxley compliance. With year one of Sarbanes Oxley behind us, how does a company sustain Sarbanes Oxley compliance through continous monitoring. I normally suggest companies a step by step SOX compliance action plan. A recent local survey showed that company's having continous monitoring of controls in place have a much better compliance track record. Then, if continous monitoring is so important, I felt it relevant to discuss a step by step action plan for SOX controls compliance.

1. Choose the right business areas to monitor. Areas can be chosen based on high risk, high value, transaction volumes etc.
2. Once broad areas are known, identify the specific controls within the area that you would like to monitor.
3. The controls identified need to be mapped to business processes so as to judge their relevance. Gather adequate data to test the controls.
4. Assess the control data gathered for appropriateness, availability, and completeness.
5. Lastly, there has to be a specific policy for managing exceptions identified. Such exceptions need to be remediated based on an action plan.

Related Posts >>

>> Sarbanes Oxley 404 Softwares
>> Sarbanes Oxley & Investor Protection
>> Services Outside the Scope of Auditor
>> SOX for US Divisions of Foreign Companies