Welcome to our series on SOX Key Reports Testing!
Presented by SOX Key Reports − your one-stop resource for key reports
____________________________________________________________
Today we will discuss how to
identify key reports
for SOX compliance
I suggest you watch the video.
It's easier to understand
if you are a
visual/audio learner.
The content below
is the same as the video.
It's for those who learn
by reading.
How to identify SOX key reports for SOX compliance
Inventory
The first step is to take an inventory of the data sources or reports you use in financial reporting and identify those that are in scope for SOX compliance. There are three main criteria:
- Serves a financial reporting purpose (not operational reporting)
- Is associated with a key control activity
- Materiality
Criteria 1: Financial reporting
Does the key report serve a financial reporting purpose instead of a purely operational purpose?
An example is you could get a system report that shows you the ERP system uptime or the amount of time the ERP was available for any user.
That is great for operations, but it has no financial reporting impact and does not have financial implications for our results.
Criteria 2: Key control
Is the key report associated with the key control activity?
In the day-to-day running of a business, you will run a lot of reports. In order to make sure that you only look at reports for SOX purposes, you look at areas associated with key control activities.
One example could include reviewing and recording the AR reserve.
Criteria 3: Materiality
Is the amount material to financial reporting?
Even if a report is used for financial reporting purposes and is related to a key control, if the amount on this report is not material you would not need to test it.
It still might be a good practice to test it, but it is not required.
Meeting the criteria
There are two basic methods that can be used to identify the
reports that meet the criteria above:
"top down" or "bottom up."
Top down
Begin with your general ledger and determine the source for each manual entry.
As you work your way backward you will find the report that drove that entry.
Bottom up
Begin with the basic documentation and flowcharts of your key business processes.
Determine whether part of the operation of that control is reliant on a report. If it is, then this is one of your key reports.
Using this method to supplement the top-down approach is best, to ensure you do not overlook a report.
About
Useful Links
Legal
SOX Key Reports specializes in testing key reports to ensure SOX 404B compliance. Our experience is unsurpassed and our work is guaranteed.
Educational Resources
SOX Key Reports © 2022
All rights reserved.