SOX 404 IT Controls

IT General Controls are often the last piece of the puzzle for organizations attempting to keep up with the Sarbanes Oxley compliance requirements. In public companies of all sizes, those IT controls that are pervasive over multiple business units or financially significant business processes are “key” controls and must be evaluated. Often public companies have well-established internal audit departments and resources to undertake the lion’s share of their Sarbanes-Oxley Section 404 (SOX 404) requirements, but many of these same organizations lack internal IT audit resources to handle the documentation and testing of their technology infrastructures. PKM’s Systems group can assist you with your IT-related SOX 404 documentation and testing procedures. Our approach is centered on a risk-based testing plan that ensures the work is tightly integrated with your overall testing while providing the most efficient use of your resources.  This approach also includes mapping your key business processing applications and platforms back to the specific reports and automated key controls being tested on the business process testing.

We have worked with well-established internal audit teams and outsourced internal audit providers as part of an integrated team and focus on those technology controls and processes which are key to your organization.

Our clients range from relatively small SEC registrants to Fortune 100 Companies. Contact us and let us show you the PKM difference.