course

Tools For Sarbanes-Oxley Compliance

(139)
4.66187
212 Enrolled
0 Hours (On-Demand)
CPE Not Available

This course is a premium+ course it can be accessed either by individual purchase or through a premium+ subscription

Purchase this course | $42

An yearly audit of a company's financial data handling activities scrutinizes SOX compliance. Proof of all SOX internal controls for data protection and accurate financial reporting must be provided by the publicly traded firm being audited. In addition to being a legal requirement, SOX compliance is also a wise business decision.

These documents are ancillary to the Sarbanes-Oxley certificate program and are to be used as guides for conducting SOX compliance.

This section provides a few templates and information sheets that can be utilized and refined for your Sarbanes-Oxley compliance (SOX compliance). It is important to note that these tools should NOT be used as a simple SOX compliance checklist. They must be appropriately tailored to your organization. They are being provided to assist participants in brainstorming and developing the proper documentation needed for SOX compliance. They include:

  1. Sarbanes-Oxley Titles – Information Sheet

    This is a summary document that outlines the important eleven titles of the Sarbanes-Oxley Act.

  2. COSO Principles – Information Sheet

    This document is a summary narrative of the COSO 2013 Components and Principles.

  3. ELC – Control Environment Questionnaire - Template

    This is a sample questionnaire that can be tailored to be used to assist in evaluating an organization’s control environment.

  4. ELC Examples – Information Sheet

    This document provides examples of entity level controls.

  5. Sarbanes-Oxley Key Terms – Information Sheet

    This document provides additional key terms that apply when complying with Sarbanes-Oxley.

  6. Sarbanes-Oxley Controls Over Technology – Information Sheet

    This document is a graphic that provides information about information technology controls as they relate to Sarbanes-Oxley.

  7. Risk/Control Matrix - Template

    This is a comprehensive worksheet that can be tailored to be used as a risk and control documentation matrix. It includes relevant financial statement assertions as well as aspects of information that should be documented.

  8. COSO 2013 Principle Mapping - Template

    This document can be used to assist in mapping the 2013 COSO Principles to control activities.

  9. SOX Accounting Risk Assessment – Information Sheet

    This document provides information for performing a top-down accounting risk assessment for SOX including a list of financial statement assertions.

  10. SOX Materiality Discussion – Information Sheet

    This document provides further information for considering how to evaluate and measure a potential material weakness for SOX purposes.

  11. SOX Documentation process – Information Sheet

    This document provides information on the methods to use to document processes for Sarbanes-Oxley.

  12. SOX Testing process – Information Sheet

    This document provides information on the processes to use to perform SOX compliance testing for Sarbanes-Oxley.

  13. Sarbanes-Oxley – Considerations for Scoping Spreadsheets – Information Sheet

    Organizations utilize spreadsheets for many purposes. It is often difficult to know whether a spreadsheet falls within the criteria for testing for Sarbanes-Oxley. This information guide provides some insight into considerations to be given when trying to determine what spreadsheets to include in testing processes.

  14. COSO Control Environment Maturity Model – Template

    This is a complete template that can be used in assessing the maturity of various soft components of the control environment. Typically, this spreadsheet is utilized during a facilitated session where participants will vote on the stages of each process. However, it can be used as a brainstorming evaluation tool. In addition – some attributes listed may not be relevant to your organization. You must tailor this spreadsheet accordingly.

  15. COSO Risk Assessment Questionnaire – Template

    This template can be used as a guide for evaluating the COSO components.

  16. Control Environment Audit Work Program – Template

    This template provides questions that can be used or tailored when evaluating an organization’s control environment.

  17. Aggregation worksheet for deficiencies – Template

    This worksheet can be used to list and link all deficiencies to financial statement assertions and then examine whether any deficiencies aggregate up to a material weakness.

  18. Flowchart – Disclosure Controls and Procedures – Worksheet

    This is a general flowchart of a disclosure control and procedure process that can be used to evaluate against current organizational processes.

  19. Segregation of Duties Analysis Template for Treasury Process

    Duties to consider determining the adequacy of SOD for cash receipts transactions/treasury are listed in the following chart. In smaller companies, these duties may also need to be reviewed along with other functions, as some individuals may have responsibilities in more than one area.

    To complete the matrix, first examine the responsibilities listed and tailor them to your entity. Next, list the responsible position or person in each of the columns. Then review the matrix and examine whether any responsibilities create SOD conflicts. Completion of this chart is intended to highlight potentially conflicting duties, not to be the only method of identifying all such conflicting duties.

  20. Segregation of Duties Analysis Template for the Payroll Process

    The duties to be considered in determining the adequacy of SOD for payroll transactions are listed in the following chart. In smaller companies, these duties may also need to be reviewed along with those of other functions, as some individuals may have responsibilities in more than one area.

    To complete the matrix, first examine the responsibilities listed and tailor them to your entity. Next, list the responsible position or person in each of the columns. Then review the matrix and examine whether any responsibilities create SOD conflicts. Completion of this chart is intended to highlight potentially conflicting duties, not to be the only method of identifying all such conflicting duties.

  21. Segregation of Duties Analysis Template for the Accounts Payable and Purchasing Process

    The duties to be considered in determining the adequacy of SOD for purchases transactions are listed in the following chart. In smaller organizations, these duties may also need to be reviewed along with those of other functions, as some individuals may have responsibilities in more than one area.

    To complete the matrix, first examine the responsibilities listed and tailor them to your entity. Next, list the responsible position or person in each of the columns. Then review the matrix and examine whether any responsibilities create SOD conflicts.

  22. Segregation of Duties Analysis Template for the Revenue Process

    The duties to be considered in determining the adequacy of SOD for those responsible for sales transactions are listed in the following chart. As with other functions, in smaller companies, these duties may need to be reviewed along with those of other functions, as some individuals may have responsibilities in more than one area.

    To complete the matrix, first examine the responsibilities listed and tailor them to your entity. Next, list the responsible position or person in each of the columns. Then review the matrix and examine whether any responsibilities create SOD conflicts. Completion of this chart is intended to highlight potentially conflicting duties, not to be the only method of identifying all such conflicting duties.

  23. Template for Evaluation of Financial Reporting Process considering COSO Controls

    This template can be used and tailored to evaluate a company’s financial reporting process using COSO concepts.

  24. Documenting Processes Utilizing Narratives and Process Flows – Instructional

    This document provides instructional information about what to include in process narratives and flowcharts when documenting SOX processes.

  25. SOX Document Process Flow

    This document is a process flow showing a project approach to SOX.

Information within this course comes from readily available public domain documents and is utilized by the trainer as a supplement for relaying the course content.

Note: The concepts outlined in this course are up to date and relevant in regards to the Sarbanes-Oxley legislation. Although there have not been any changes in the legislative concepts of the law since it’s release in 2002, some aspects of executing the work have evolved. This speaker is preparing a series of courses titled “Sarbanes-Oxley 20 years later”. Those courses can be found individually on the platform and would be beneficial for anyone involved with compliance.

NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks

Last updated/reviewed: August 4, 2023
Course Search

    Included In Certifications

    This course is included in the following Certification Programs:

    16 CoursesSarbanes-Oxley (SOX) Certification

    1. Sarbanes Oxley Overview
    2. SOX: Authoritative Bodies
    3. Sarbanes-Oxley (SOX) Standards - Evolution
    4. Information Technology General Controls Primer
    5. COSO 2013 Overview
    6. Sarbanes-Oxley (SOX) Section 404
    7. Sarbanes-Oxley Section 302: ICFR
    8. Sarbanes-Oxley (SOX) And Fraud Sections
    9. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
    10. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
    11. Sarbanes-Oxley (SOX) - Entity Level Controls
    12. Sarbanes-Oxley (SOX) Identifying and Documenting Controls
    13. Sarbanes-Oxley (SOX) Testing
    14. Sarbanes-Oxley (SOX) - Assessing Data Impact
    15. XBRL - Connection to SOX 302/404 and Critical Roles
    16. Tools For Sarbanes-Oxley Compliance
    44 Reviews (139 ratings)

    Reviews

    5
    Member's Profile
    I wish this course existed when I started out testing SOX ten years ago! Lynn Fountain's course should be a must for anyone required to comply with SOX in accounting or who is responsible for their company's SOX Program. The course covers Sarbanes Oxley from start to finish. She enforces SOX concepts from inception (law and governance) to framework (COSO), entity level controls, non-IT and ITGC among other things. Finally, the tools (slides and final test) are an excellent resource for any one benchmarking and/or starting their SOX Program.
    5
    Member's Profile
    I would have liked a deeper dive on the SOX Testing Process and IT sections. IT was very general and didn't give a lot of specifics or depth. The control testing didn't even mention IPE. Would have liked more guidance on testing specifics. The background, explanation of legislation, auditing standards, COSO, etc were very beneficial.
    5
    Anonymous Author
    I am with a new company implementing a SOX program. While I had experience in SOX previous to this class, these lectures have provided new information, a great foundation, and good real world examples. I will likely be returning to the classes and handouts on a routine basis for guidance.
    5
    Anonymous Author
    LOTS of good information! So much actually that I am sure that I need to come back to these slides many times to really understand this thoroughly. There are so many things to be taken into consideration. Good templates and examples.
    5
    Anonymous Author
    I am very happy with the training I received in these modules. I also very much appreciate all the templates and documentation provided in the last module. I know that I will be referring back to this material often in the future.
    4
    Member's Profile
    It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.
    5
    Anonymous Author
    I think its interesting (and useful!) to see other versions of documents that the Audit team has. That way you can compare what your team uses to others, and see if there is something missing in your documentation.
    5
    Member's Profile
    The course is very informative and covers all necessary topics that are needed to be proficient in the Sarbanes Oxley. I highly recommend this course to individuals who wants to learn and understand SOX.
    5
    Member's Profile
    The rich documentation obtained from this course is mind boggling. I am really happy i registered for and attended this course, and i believe i got my money's worth. Thank you Linda
    5
    Member's Profile
    Thank you so much for this amazing course where I had the opportunity to learn so many interesting things that I will be able to apply in my daily routine.
    5
    Anonymous Author
    This is a great tool to have! All of these PDFs and XLSXs will come in handy as reference material now and then during the audit program! Excellent!
    5
    Anonymous Author
    Thank you for preparing this comprehensive course certificate on SOX. I found it both informative and thorough, while also being easy to digest.
    5
    Anonymous Author
    The tools provided here are useful for the sox assessment on a private company trying to transition to a more control environment focused entity.
    3
    Member's Profile
    1. Multiple spelling mistakes 2. Images in PDF not readable 3. More content should be there on Sarbanes Oxley Act (Section 404 and others)
    5
    Member's Profile
    The tools (resources, downloadable material) in this are incredibly valuable - a great conclusion for this certification program.
    5
    Anonymous Author
    Excellent COSO course with lots of information and tools to understand and apply COSO framework in the Companies.
    5
    Anonymous Author
    I appreciate the level of detail of tool and resources provided for SOX understanding. Great training material.
    5
    Member's Profile
    Excellent full package on SOX and COSO principles with key template to implement process in the organization.
    3
    Anonymous Author
    Learned a lot of ideas from this course. Overall, this was a good choice for meeting my objectives. Thank you!
    5
    Member's Profile
    Very helpful information for finance and accounting functions to understand SOX and its function and value.
    5
    Member's Profile
    It was such a pleasant surprise to gain all of these tools and work aides! Thank you so much Lynn. :-)
    5
    Anonymous Author
    A good reference to many tools for SOX compliance and testing. A good summary to end the course with.
    5
    Member's Profile
    Overall course contained very good information and history behind the "why?" we do all the work we do
    4
    Anonymous Author
    These tools will provide assistance in the development and execution of SOX compliance procedures.
    5
    Member's Profile
    These tools will provide assistance in the development and execution of SOX compliance procedures.
    4
    Anonymous Author
    This is a convenient resource for ICFR teams. I will definitely bookmark it for future reference.
    5
    Anonymous Author
    Excellent course, the material and trainer were really clear even for those new in SOX world.
    4
    Anonymous Author
    Thanks for the very comprehensive course in understanding expectations under SOX standards.
    5
    Anonymous Author
    Thank you so much for sharing these excellent example documents. I found them very useful.
    5
    Anonymous Author
    Very well designed course and productive as well. Good work and keep it up.
    4
    Anonymous Author
    organized and detailed information. organized and detailed information.
    5
    Anonymous Author
    Great tools! Really helped me in setting up SOX from the ground. Thanks
    4
    Member's Profile
    Very good course, Its good to have a one presentation rather than many
    5
    Member's Profile
    Very Informative. Comprehensive learning. Extensive material provided.
    5
    Anonymous Author
    Excellent course and guide for SOX compliance and implementation.
    4
    Anonymous Author
    these are nice reference aids to have and reference in the future.
    5
    Anonymous Author
    Some good supporting material although there's no exam as such.
    3
    Anonymous Author
    Good content. Develops good understanding about the concept.
    5
    Anonymous Author
    Objectives met, Approriate requirements, learnt the content
    4
    Member's Profile
    It can be good if there were some presentation wise speech.
    4
    Member's Profile
    A lot of material covered but nicely separated by topics.
    4
    Member's Profile
    Coso Principles overview, recap on Risk control Matrix.
    4
    Anonymous Author
    Good refresher course to understand the concept of SOX
    4
    Anonymous Author
    Thank you for including these! These are very helpful
    show all reviews
    Education Provider Information
    Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
    Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
    Course Questions and Answers(3 Questions)
    There are no questions.         Answers to Frequently Asked Questions (FAQs)
    Member's Profile
    Sheetal Jain
    (Senior Internal Audit Manager at GitLab) | Feb 10, 2021

    I have not seen a tool to evaluate MRC's and IPE's . Would you happen to have one ?

    Member's Profile
    Lynn Fountain
    View Instructor Profile | Feb 10, 2021

    What is your definition of MRC's and IPE's. (everyone has their own acronym.

    Member's Profile
    Gaurav Goel
    (Internal Auditor at Nokia) | Mar 26, 2021

    MRC (Management Review Controls) and IPE (Information produced by entity) are very relevant topics which were missing altogether in the course.

    Instructor for this course
      Course Overview
    Course Syllabus
      1. Summary of Sarbanes Oxley Act TitlesPDF
      2. COSO PrinciplesPDF
      3. ELC - Control Environment QuestionnaireXLSX
      4. ELC ExamplesPDF
      5. Sarbanes Oxley Key TermsPDF
      6. Sarbanes Oxley IT ControlsPDF
      7. Risk Control MatrixXLSX
      8. COSO 2013 Principles MappingXLSX
      9. SOX Accounting RAPDF
      10. SOX Materiality DiscussionPDF
      11. SOX Documentation ProcessPDF
      12. SOX Testing ProcessPDF
      13. SOX Spreadsheet Testing InformationPDF
      14. COSO Control EnvironmentPDF
      15. COSO Questionnaire AP ExamplePDF
      16. Control Environment Audit Work ProgramPDF
      17. Summary of Aggregated DeficienciesXLSX
      18. Flow - Disclosure Controls and ProceduresPDF
      19. SOD TreasuryPDF
      20. SOD Payroll ProcessPDF
      21. SOD Purchasing and APPDF
      22. SOD Revenue ProcessPDF
      23. Financial Reporting COSO QuestionanairePDF
      24. SOX Documenting-processes-controls-sarbanes-oxley-guidePDF
      25. SOX Process StepsPDF
    review and test
     FINAL EXAMexam