To comply with the Sarbanes-Oxley Act of 2002 (SOX), organizations are required to conduct a yearly audit of financial statements.
A SOX Compliance audit is intended to verify the financial statements of the company, and the processes involved in creating them.
An independent external SOX auditor is required to review controls, policies, and procedures during a Section 404 audit.
An audit will also look at personnel and may interview staff to confirm that their duties match their job description, and that they have the required training to safely access financial information
A SOX compliance audit is a mandated yearly assessment of how well your company is managing its internal controls and the results are made available to shareholders. The primary purpose of a SOX compliance audit is to verify the company’s financial statements; however, cybersecurity is increasingly important.
SOX control testing is a function performed by either management or internal audit or both, as well as by the external auditors.
SOX control testing is performed to find out if the controls are working as intended or if there are any gaps in the internal control process.