SOX - COSCO Internal Control - Focuses on Processes and Entity level Controls

Did you know?
One of the key areas on the SOX checklist is Entity Level and Process level controls.

The COSO Internal Control - Integrated Framework requires that risks and controls be assessed at both the entity level and the process level. Entity level controls address the "tone at the top" and include items such as ethics programs, investigation protocols, and IT infrastructure controls.

Adequate evidence of the entity level controls should be accumulated to support management's assertions. One of the ways to gather such evidence is to have technology in place that has tracking capabilities, timestamps, transaction and business process history etc.

It is also critical that you have proof of the business-rules associated to each document, transaction type, method of transaction and personnel/partners/customers receiveing the data, money and/or alerts.

To best achieve this you need a SOX compliant technology and consulting company that can help you figure this out to ensure that you are compliant. The worst that can happen if you are found NOT to be compliant and things go astray - decreased value in your brand, loss of shareholder value, huge fines - and the ultimate - Jail time.