Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Control Self Assessment for Sarbanes Oxley 404 - Bottom Up Approach Vs Top Down Approach
05/11/06
Control Self Assessment for Sarbanes Oxley 404 - Bottom Up Approach Vs Top Down Approach
Scoping for Sarbanes Oxley can be a tiring and confusing process. One solution for company's can be to conduct a pre-sarbanes oxley self assessment. This can be done using the existing structure by the owners of the company. Such self assessment for 404 purposes can either be done at the business entity level or in case business is geographically disbursed at the location level. Each location should assess the level of its own risk and can grade itself on risk materiality. The 404 project team can then compile the data received from all locations. A questionnaire can be prepared for locations with less risk to document and test controls. The internal audit department can then take over and perform an independent assessment of controls. The above approach is the bottom up approach.
Coming to the top down approach for control self assessment. This is more suitable for companies not having a formal self assessment process in place. Based on pre-determined criteria, locations and controls can be
decided which fall within the testing scope. The bottom up approach is suitable for companies having a formal self assessment function. Both the approaches have their own advantages. Keeping timelines into view, a bottom up approach is considered much better. On the other hand, many companies believe a top down approach helps is focusing on areas of risk. Whatever approach one takes, it should focus on level of risk at each location and obtaining auditor agreement early on. I personally feel a hybrid approach combining the benefits of both approaches would be best.
Related Posts
How to Select the Right Audit Committee
Audit Techniques - Walkthrough
Scoping for ITGC
Role of Process Owners in 404 Compliance
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
