![]() SOX Expert Templates
Risk Control Matrix (RCM): Sometimes known as the Risk & Control Matrix or the Control Activity Matrix, this template contains all the pertinent data about each control in a process, including control description, risks mitigated, COSO assertions, test procedures, frequency of occurrence, etc. Some form of an RCM is required for SOX Compliance. See a Video Demonstration of the Risk Control Matrix --- click play button below: Process Risk Analysis (PRA): This template assists the organization is analyzing business process risks to determine if the risks are adequately mitigated by existing controls. Process Risk Analyses are not generally required for SOX Compliance, however they are very useful in ensuring that risks are properly mitigated and in determining which are Key controls in your business process. The PRA is a key document if you are taking a risk based approach to GRC Compliance. If you want to take advantage of Auditing Standard 5 (AS 5) to help lower your compliance cost, then the Process Risk Analysis should be completed. See a Video Demonstration of the Process Risk Analysis --- click play button below:
User Specified Data (USD): This is the file where the organization specifies all the data that is specific to the organization, such as Business Processes, Business Subprocesses, Testing Sample Sizes, IT Applications, etc. This file allows the company to customize the software for its organization. Final Template: Utilized by SOX Expert software to generate the final copies of an organizations RCM, PRA and TP for your external auditors and for achive purposes. SOX Expert software will also generate your Test Plan documents each year from data contained in the RCM. See a Video Demonstration of the Test Plan --- click play button below:
Learn More |
![]()
![]() ![]() |