Scribd
Upload
2K views2 pages

SOX Testing Template

This document outlines the testing of control activities and objectives for a business. It identifies the process owner, business activities, control objectives, key sources, control activities, test procedures, test results, and conclusions. Test procedures include inquiry, observation, and vouching. The document documents the results of testing attributes, any findings, and determines if control activities are effective or ineffective. It provides recommendations for ineffective controls.

Uploaded by

stl0042230
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
2K views2 pages

SOX Testing Template

This document outlines the testing of control activities and objectives for a business. It identifies the process owner, business activities, control objectives, key sources, control activities, test procedures, test results, and conclusions. Test procedures include inquiry, observation, and vouching. The document documents the results of testing attributes, any findings, and determines if control activities are effective or ineffective. It provides recommendations for ineffective controls.

Uploaded by

stl0042230
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
You are on page 1/ 2

Overall Process Name: Process Owner Name: Business Activities: (Names provided in the "Principal Business Activity" column

of the Control Matrix) Tester Name and Title: Purpose/Control Objectives: The control objectives for which this test program was designed include the following: 1 Control Objective as stated in the Risk Matrix (Control Matrix Ref#) 2 Control Objective as stated in the Risk Matrix (Control Matrix Ref#) 3 Control Objective as stated in the Risk Matrix (Control Matrix Ref#) 4 Control Objective as stated in the Risk Matrix (Control Matrix Ref#) 5 Control Objective as stated in the Risk Matrix (Control Matrix Ref#) Key Sources: The below contacts, systems and/or documentation were used in testing each control activity noted above: 1 Title of employee, name of document 2 Name of system report, resource documents used 3 Resource documents used, title of employee Control Activities: The following are control activities which need to be tested for effectiveness: 1 Control activity and reference to the appropriate objectives above (i.e. 1,3 and 4) 2 Control activity and reference to the appropriate objectives above (i.e. 2 and 3) 3 Control activity and reference to the appropriate objectives above (i.e. 4 and 5) Test Procedures: Describe the test method (i.e. vouching, interviews, observations, etc.) and detailed procedures for the tests to be performed, and the reasons for doing so. Include the sample selection criteria, sampling method, period sampled and a description of the population. 1 We tested this control activity by Inquiry , Observation , or Vouching . Describe the test procedure. 2 We tested this control activity by Inquiry , Observation , or Vouching . Describe the test procedure. 3 We tested this control activity by Inquiry , Observation , or Vouching . Describe the test procedure.

Reviewed By:_______________

Test Results: Document the results of the tests, the supporting documentation, and any findings.

Sample 1 2 3 4 5

Description

Testing Attributes A B C

Notes

Tick Mark Explanation: X = Attribute was satisfied (1) = Exception explanation (2) = Exception explanation (3) = Exception explanation Testing Attributes: A = Describe the attributes of the control tested. B = Describe the attributes of the control tested. C = Describe the attributes of the control tested.

Conclusion: Provide an overall conclusion as to the effectiveness of each control activity based on the error rates noted as well as other support noted. 1 Effective/Ineffective 2 Effective/Ineffective 3 Effective/Ineffective Recommendation (if applicable): Recommend corrective action to mitigate the exposure relating to the ineffective control. Identify the related disposition/action plan, person responsible for remediating the control gap, and expected date of full remediation. Number the recommendation in relation to the ineffective control noted above. 1 Action Plan Description: Name of Person Responsible: Expected Date of Implementation:

Reviewed By:_______________

You might also like