Suppose that after several years of a co-sourced audit arrangement with a consulting firm, your employer has
Question:
Suppose that after several years of a co-sourced audit arrangement with a consulting firm, your employer has decided to bring the Sarbanes-Oxley program in-house and remove the consultants performing this work. They have nominated your team to address the internal review program for the company going forward. Company details include the following: business: dental claims adjudication employees: 300 systems – people soft financials, wonder box, data warehouse, workday (hr), multiple financial excel files, custom developed EDI for incoming claims, custom developed fixed asset program, Keurig coffee maker in cafeteria.
Write a summary in which you address the following: how would you determine scope of sox relevant applications, processes? Which it controls would be relevant? How would you address timing, testing frequency? What regulatory guidance can be used to determine compliance? What departments would need to be involved? Describe how you would approach external auditing firm to gather requirements, use of internal audit and timing. Map out a high-level schedule to include fieldwork to gathering of management assertions and external signoff. Feel free to use Visio or charting with swim lanes of ownership.