Audit and Assurance

Expand all | Collapse all

SOX controls

  • 1.  SOX controls

    Posted 20 Feb, 2020 04:27
    Hello all,

    Who can give me more details regarding SOX controls for IT? How these controls are different from ITGCs?

    As an IT auditor, do you need special certification for implementing or auditing the implementation of such controls?

    I appreciate any response and materials reference for the subject.

    Thank you,

    Alexandra Avram
    IT Audit and Advisory Senior Consultant

  • 2.  RE: SOX controls

    Posted 20 Feb, 2020 13:21
    Hello Alexandra,

    You don't need a special certification.  It is advisable to be certified such as a CISA.  Which I see that you are.
    ITGC are internal controls in the SOX control realm that fall into financial reporting.   You want to work with your Partner for external firm or Director of Internal Audit for inside the firm to determine the scoping of what IT systems support the financial reporting process.   Please review vast amount ISACA Assurance programs to give you a jump start for reviewing ITGCs.

    Sal Rodriguez
    Director of Internal Audit

  • 3.  RE: SOX controls

    Posted 21 Feb, 2020 03:09
      |   view attached
    Hello Alexandra,

    As you know, the SOX act came into force in 2002. This was as a result of major financial/accounting frauds involving Enron, World Com and the famous accounting and audit company Arthur Anderson.

    I am not sure what depth you need to carry out the SOX audit. If it is a general SOX audit, examining the application of controls, you don't need special SOX certification, although such certification is obtainable.

    You need to seriously consider the value to you in the short to medium term vs. investment by studying and passing a SOX Certification. If you have not done CISA and CGEIT, that would give you the skills and knowledge you would want.

    I have attached an ISACA paper relating to the SOX audit and hope it will be of help.

    Best regards



    Nalin Wijetilleke MBA, CISA, CGEIT, FBCI, PMP, CMC
    2019 Online Forum Topic Leader
    Managing Director, ContinuityNZ Ltd.


  • 4.  RE: SOX controls

    Posted 21 Feb, 2020 04:58
    Thank you very much.

    Alexandra Avram
    IT Audit and Advisory Senior Consultant