Who we are...

We are seasoned IT managers with years of project management and SOX experience
Dedicated to the idea that SOX is a burden on your Technology staff and there should be a way to ease the burden of "Control Accounting"

 

During our first SOX engagement we determined that very few people are looking at the IT controls from a completion process. A term that we have coined to describe where our effort is "Control Account". We have an integrated system,  to track controls from a testing perspective.

 

IT Controls, exactly like Finance Controls, are required to be tested periodically. The testing process usually generates one of more pieces of paper as "evidence of completion". This evidence of completion is many times a signed screen shot or a printout with some kind of date stamp. These pieces of paper are then filed (hopefully!) in a filing cabinet or folder.

SOX Audit

During your SOX attestation audit, the external auditors will review your evidence of completion for execution and thoroughness. They will need to see physical evidence that you have verified the controls are in place and is being followed. To do this the auditors will request a random sample of results based on the periodicity of the control.

 

For example, a control with a weekly periodicity should generate 52 control results. An auditor could five samples based on dates. They will then request control evidence for the the weeks encompassing:

•  January 17th  

•  March 4th

•  June 6th

•  September 26th

•  December 11th

You are then responsible for providing results for those weeks. Failure to produce materials or inadequately prepared results could generate doubt with regards to the completeness of  this control or your remaining controls. Failing this initial statistical sampling will, at least generate a re-sampling list twice as large as the first. Or in a worst case scenario, could result in a statement of non-compliance. This could cast a shadow of doubt across your entire financial statement. 

 

What we do...

We are offering a service to help corporations organize and present their IT SOX Controls.

 

We will help you by providing people to input your SOX evidence of completion into our Simple SoX suite of products. Then you will be able to see in a glance where your SOX initiative stands. It can also be utilized as a reporting system for your external and internal audit group.

 

We are also there for complete end-to-end project management and we can also provide an audit interface service as an extension of management. Additional services include:

 

Strategic infrastructure assessments

 

We will provide you a "State of Technology Report" detailing how your technology is being implemented and what the condition of your infrastructure looks like.

 

Archiving and recovery service for all your SOX data

 

All the paper that is generated in an effort to be SOX compliant is extremely susceptible to a disaster! Once your data has been entered it is archived to DVD and locked away in a disaster proof environment.

 

Independent SOX IT Testing

 

By providing independent SOX testing you can reduce the amount of time your external auditor spends on-site and thus reducing your audit expense.