Sarbanes-Oxley (SOX) – Information Technology Controls

This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX) and also provides meaningful insight into the SOX IT Control Environment. SOX IT controls aim to guarantee that systems are accurate, holistic, and error-free, as this may affect financial reporting. In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.

The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment. Scoping decision is part of the entity’s top-down risk assessment and can utilize a baselining approach. However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.

NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update – 20 Years Later:

Sarbanes-Oxley Update – 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update – 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update – 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update – 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update – 20 Years Later: Examining Fraud Risks