SOX Compliance Checklist - SafetyCulture
2y ago
79 Views
1 Downloads
219.35 KB
12 Pages
Report/dmca
Download PDF

Transcription

SOX Compliance Checklist07 May 2020 / Gabriels-Smith CorporationFailed itemsCompany NameRegistered AddressPrepared byConducted on9ActionsComplete6Gabriels-Smith Corporation781 Morning Glory-Tr, Cheyenne, WY82007, USABrett Gabriels7th May, 2020 1:59 PM 08

Table of ContentsFailed Items & Actions3Failed items3Other actions4Inspection5Management Assessment of Internal Controls5Sign Off9Management Team9Member9Member 19Member 29Member 39Member 410Member 510Appendix11

Failed Items & Actions9 failed, 6 actionsFailed items9 failed, 6 actionsDoes operating management update all process and controldocumentation promptly throughout the year and not just when testingNostarts?we currently bulk update all process and control documentation before the sox audit starts but updating thempromptly makes more sense to make the changes less prone for errorsTo do Assignee Alexis DelacruzSafetyCulture Staff Priority Medium Due 14th May, 2020 3:09 PM 08 Created bySchedule monthly update for all process and control documentationIs the use of internal resources optimized, including the use of internalauditors to perform testing or to validate testing performed bymanagement staff?Nonot yet, nominating committee has yet to appoint internal auditors specifically to test SOX compliance controlsHas overall staffing been optimized, reducing reliance on more expensiveexternal consultants and testers?In progress Assignee Juhlian PimpingSafetyCulture Staff Priority HighNo Due 11th May, 2020 3:21 PM 08 Created byReport opportunities on optimizing overall staffHas reliance by the external auditor on management testing beenoptimized?To do Assignee Arghya SenSafetyCulture Staff Priority Low Due 21st May, 2020 3:25 PM 08No Created byEvaluate and improve management's effectiveness assessment processIs there a detailed project plan with testing scheduled in such a way that allkey controls are tested by mid-year, with additional testing to update theresults scheduled closer to year-end?Nojust ran our anti-data tampering test on yearly financial data, looks good, will perform other tests for key controlsPhoto 10

Done Assignee mailarae o'santos Priority LowSafetyCulture Staff Due 21st May, 2020 3:31 PM 08 Created byImplement mid-year key controls testingIs there a detailed project plan detailing all required resources, includingspecialists (e.g., for IT or tax processes and controls), so they can beNoscheduled early?Photo 12To do Assignee Shine Colcol Priority High Due 11th May, 2020 3:36 PM 08 Created bySafetyCulture StaffReport opportunities on maximizing internal resourcesPotential resource issues?NoIs early warning provided for potential deficiencies being identified duringthe SAS 70 audit?To do Assignee Liam Dent Priority MediumSafetyCulture Staff Due 14th May, 2020 3:39 PM 08No Created byDevelop a system for early warning communicationsIs the Section 404 program itself assessed for effectiveness on acontinuing basis, to ensure it is improved as the organization learns fromexperience and benefits from changes in regulations or theirinterpretation?Nowe just did it today, but assessing effectiveness on a continuing basis is what we're here for and what we're aimingto achievePhoto 13Other actions0 actions

Inspection6 actions, 9 failedManagement Assessment of Internal Controls6 actions, 9 failedHas operating management taken ownership of their processes anddocumentation, rather than leaving it to the Section 404 team or theYesinternal auditing function?Photo 1Photo 2Does operating management update all process and controldocumentation promptly throughout the year and not just when testingNostarts?we currently bulk update all process and control documentation before the sox audit starts but updating thempromptly makes more sense to make the changes less prone for errorsTo do Assignee Alexis Delacruz Priority Medium Due 14th May, 2020 3:09 PM 08 Created bySafetyCulture StaffSchedule monthly update for all process and control documentationIs there an effective change management process in place, including thetimely assessment of process changes for their potential impact on keyYescontrols?Is operating management committed to assess and remediate all controldeficiencies promptly?Yesdeviations from controls may not be detected so we held an emergency meeting last March 26, 2020 to fix thisPhoto 3In situations where remediation is not justified based on management’sassessment of risk and cost, is management committed to communicatingthat decision promptly so the effect on management’s overall assessmentof controls can be identified and discussed with senior management?Has a top-down, risk-based approach been used to identify the keycontrols?N/AYes

Photo 4Photo 5Photo 6Is management confident that all identified key controls are truly key?YesHas the design of the related processes been reviewed to determine ifchanges can result in fewer and more effective controls, relying more onYesautomated controls or on higher-level controls?Photo 7Photo 8Is management of the Section 404 program at a sufficiently high levelwithin the organization to influence operating management relative tocompletion of their responsibilities?Yesyes, we've broken down our board members into specific committeesIs management of the Section 404 program at a sufficiently high levelwithin the organization to communicate effectively with executivemanagement the program’s progress and potential issues?Is management of the Section 404 program at a sufficiently high levelwithin the organization to negotiate as needed with the external auditor?Is the use of internal resources optimized, including the use of internalauditors to perform testing or to validate testing performed byYesYesNomanagement staff?not yet, nominating committee has yet to appoint internal auditors specifically to test SOX compliance controlsHas overall staffing been optimized, reducing reliance on more expensiveexternal consultants and testers?In progress Assignee Juhlian PimpingSafetyCulture Staff Priority HighNo Due 11th May, 2020 3:21 PM 08Report opportunities on optimizing overall staffHas reliance by the external auditor on management testing beenoptimized?No Created by

To do Assignee Arghya Sen Priority Low Due 21st May, 2020 3:25 PM 08 Created bySafetyCulture StaffEvaluate and improve management's effectiveness assessment processDoes the external auditor follow a top-down, risk-based approach asrequired by AS 5?Is there a detailed project plan that includes a walk-through of allsignificant processes early in the year, preferably in the first quarter?N/AYesPhoto 9Is there a detailed project plan with testing scheduled in such a way that allkey controls are tested by mid-year, with additional testing to update theresults scheduled closer to year-end?Nojust ran our anti-data tampering test on yearly financial data, looks good, will perform other tests for key controlsPhoto 10Done Assignee mailarae o'santos Priority Low Due 21st May, 2020 3:31 PM 08 Created bySafetyCulture StaffImplement mid-year key controls testingIs there a detailed project plan that includes all key activities required tocomplete the program, such as fraud risk assessment, consideration ofany end-user computing issues, assessment of SAS 70 reports fromservice providers, etc.?YesPhoto 11Is there a detailed project plan detailing all required resources, includingspecialists (e.g., for IT or tax processes and controls), so they can bescheduled early?No

Photo 12To do Assignee Shine ColcolSafetyCulture Staff Priority High Due 11th May, 2020 3:36 PM 08 Created byReport opportunities on maximizing internal resourcesIs there a detailed project plan with regular reporting to seniormanagement that focuses on key metrics and issues?YesIncludingProgress against timetables, highlighting steps that are or may be behindschedule?YesPercentage of key controls tested compared to their scheduled completionlevel?YesNumber and percentage of key controls that are failing?YesNumber of failed controls that are potentially significant to the Section 404assessment?YesThe number of failed controls where remediation will not be completedwithin 30 days, so senior management can focus on a timely completion?The number of key controls where remediation and retesting may not becompleted with sufficient time for the external auditor to retest (these areYesYeslikely to be open deficiencies at year-end)?Costs to date and projected through the end of the year?YesPotential resource issues?NoOther issues, such as coordination and concerns raised by the externalauditor?Has there been communication and coordination with all service providersto ensure that a SAS 70 type II report will be available at the appropriateYesYestime?Is early warning provided for potential deficiencies being identified duringthe SAS 70 audit?To do Assignee Liam Dent Priority MediumSafetyCulture StaffDevelop a system for early warning communications Due 14th May, 2020 3:39 PM 08No Created by

Is the Section 404 program itself assessed for effectiveness on acontinuing basis, to ensure it is improved as the organization learns fromexperience and benefits from changes in regulations or theirNointerpretation?we just did it today, but assessing effectiveness on a continuing basis is what we're here for and what we're aimingto achievePhoto 13Sign OffAdditional CommentsTons of work to be done for prompt controls and process documentation, testings, and communication. Also, weshould improve in utilizing our internal resources!Management TeamMemberMember 1Name & SignatureBrett Gabriels7th May, 2020 3:53 PM 08PositionCEOMember 2Name & SignatureZionnette Smith7th May, 2020 3:53 PM 08PositionMember 3CFO

Name & SignatureShiloh McPearson7th May, 2020 3:54 PM 08PositionChairperson, Auditing CommitteeMember 4Name & SignatureJonathan Sevill7th May, 2020 3:56 PM 08PositionChairperson, Disclosure CommitteeMember 5Name & SignatureSynteche Gabriels7th May, 2020 3:59 PM 08PositionChairperson, Nominating Committee

AppendixPhoto 1Photo 2Photo 3Photo 4Photo 5Photo 6Photo 7Photo 8

Photo 9Photo 11Photo 10Photo 12Photo 13

SOX Compliance Checklist 07 May 2020 / Gabriels-Smith Corporation Complete Failed items Actions Company Name Gabriels-Smith Corporation Registered Address 781 Morning Glory-Tr, Cheyenne, WY 82007, USA Prepared by Brett Gabriels Conducted on 7th May, 20201:59 PM 08

Related Books

SIMPLIFYING SOX COMPLIANCE FOR IT PROFESSIONALS

SIMPLIFYING SOX COMPLIANCE FOR IT PROFESSIONALS

SOX compliance: A smarter way forward A new approach can .

SOX compliance: A smarter way forward A new approach can .

SOX 404 Compliance Project Financial Reporting

SOX 404 Compliance Project Financial Reporting

Internal Audit and SOX Best Practices

Internal Audit and SOX Best Practices

Sarbanes-Oxley Act: Section 404 Practical . - SOX Expert

Sarbanes-Oxley Act: Section 404 Practical . - SOX Expert

GAIN CONTROL OF YOUR FDICIA/SOX - BerryDunn

GAIN CONTROL OF YOUR FDICIA/SOX - BerryDunn

KPMG’s 2016 Internal SOX Survey

KPMG’s 2016 Internal SOX Survey

Continued improvements of inventory quality of SOx/SO2 .

Continued improvements of inventory quality of SOx/SO2 .

Impact Sox similar legislation lessons learned . - Protiviti

Impact Sox similar legislation lessons learned . - Protiviti

The 2 013 COSO Framew ork & SOX C ompliance

The 2 013 COSO Framew ork & SOX C ompliance

21 CFR Part 11 Compliance Checklist - Sartorius

21 CFR Part 11 Compliance Checklist - Sartorius

Environmental Compliance Inspection Checklist for .

Environmental Compliance Inspection Checklist for .

PopularTags

Recent Views