Designing effective internal controls requires a strong management commitment. Sarbanes Oxley is more than just documenting controls and testing them for effectiveness. The seeds of a strong control environment are sown at the company level. Without effective company level controls, it is really difficult to envisage strong transaction level controls. In a recent conference on SOX held in New York, a partner from one of the big 4 accounting firms gave a presentation on some of the key things to keep in mind while designing and testing company level controls for sarbanes oxley compliance. I jotted the key notes from his presentation. His explanation on designing company level controls revolved around the following points.

1. Code of Conduct

2. Risk Assessment Process followed by management

3. Whistleblower program and its effectiveness

4. Internal Audit Function and its role in the organization

5. Antifraud controls and proactively monitoring fraud risks

6. Process followed for remediation of control deficiencies and control exceptions

7. Role of audit committee, SOX steering committee in overall governance and regulatory compliance

8. Lastly, process by which information is communicated and dispersed across the organization.

Related Posts on Sarbanes Oxley

CPA's Role in Sarbanes Oxley Auditing
Computer Assisted Auditing Techniques for SOX
Using Control Matrix to Document Risks and Controls
Key Benefits of Section 404 Implementation