Tip of the Week
Downloads Contact Us Feedback Links Resources Sitemap FAQs
Templates

SOX Expert Templates

Risk Control Matrix (RCM): Sometimes known as the Risk & Control Matrix or the Control Activity Matrix, this template contains all the pertinent data about each control in a process, including control description, risks mitigated, COSO assertions, test procedures, frequency of occurrence, etc. Some form of an RCM is required for SOX Compliance.

Click here to see our RCM

See a Video Demonstration of the Risk Control Matrix --- click play button below:

Risk Control Matrix Demonstration


Process Risk Analysis (PRA): This template assists the organization is analyzing business process risks to determine if the risks are adequately mitigated by existing controls. Process Risk Analyses are not generally required for SOX Compliance, however they are very useful in ensuring that risks are properly mitigated and in determining which are Key controls in your business process. The PRA is a key document if you are taking a risk based approach to GRC Compliance. If you want to take advantage of Auditing Standard 5 (AS 5) to help lower your compliance cost, then the Process Risk Analysis should be completed.

Click here to see our PRA

See a Video Demonstration of the Process Risk Analysis --- click play button below:

Process Risk Analysis Demonstration


SOX Expert Reporting Template: This is a template utilized by the software to generate all the reporting needed by an organization to manage it’s SOX, Internal Audit or GRC documentation and testing.

User Specified Data (USD): This is the file where the organization specifies all the data that is specific to the organization, such as Business Processes, Business Subprocesses, Testing Sample Sizes, IT Applications, etc. This file allows the company to customize the software for its organization.

Final Template: Utilized by SOX Expert software to generate the final copies of an organizations RCM, PRA and TP for your external auditors and for achive purposes.

SOX Expert software will also generate your Test Plan documents each year from data contained in the RCM.

Test Plan (TP): Where testing of the operational effectiveness of controls is recorded. Some method of documenting your test results is required for SOX Compliance and for documenting testing of other complaince mandates.

Click here to see our Test Plan

See a Video Demonstration of the Test Plan --- click play button below:

Test Plan Demonstration


Governance Risk and Complaince (GRC) documentation generally also consists of a Process Narrative (NAR). A NAR is a summary of ‘a day/week/month in the life of the process. Process Narratives are generally documented in a Microsoft Word document. SOX Expert does provide a Process Narrative template free of charge to its software users. The NAR template, however, is not an integral part of SOX Expert software.

Learn More


1. Your CFO says your SOX Compliance costs are too high.
2. You use more than one software solution to manage your GRC compliance program.
3.You already use Microsoft Excel for your Risk Control Matrix and/or Control Testing.

see more...

4.Your Risk Control Matrix and Test Plans are separate documents that do not dynamically update each other for changes you make.
5.You spend more than 15 minutes each day or 1 hour per week generating management reports to monitor and summarize your controls testing.
6.Your current software is too hard to use or does not automatically produce the management reports you need.
7.You cannot easily explain to your external auditor how your controls have changed year over year.
8.Your software does not alert you to missing information or improper values.
9.Your software does not provide visual highlights for required and/or incomplete testing.
10.Your software does not provide you with an adequate top down control profile of your organization.




Tip Of The Week