What does SOX require regarding whistleblower reports?
Answer to relevant QuestionsWhen are period-end reporting processes conducted? How does this relate to the date of management’s report?How do controls link to likely sources of misstatement?What are some of the threats software and interface controls are intended to protect against? Which controls protect against different threats?How does the complexity of a control and judgments required to apply it affect the extent of testing?Do the components of risk have to be set quantitatively?
Post your question