close
lumiform
Lumiform Mobile audits & inspections
Get App Get App

SOX Audit Checklist Template

A SOX audit checklist is a tool used by internal auditors to review the implementation of security controls, focusing on Section 302: Corporate Responsibility of Financial Records and Section 404. Use this checklist to assess the company's safeguards to prevent data tampering, track data access, and detect security breaches. This checklist also includes appropriate measures for disclosure to SOX auditors.
Rated 5/5 stars on Capterra

Say goodbye to paper checklists!

Lumiform enables you to conduct digital inspections via app easier than ever before
  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 5,000 expert-proofed templates

Digitalize this paper form now

Register for free on lumiformapp.com and conduct inspections via our mobile app

  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 4000 expert-proofed templates
Rated 5/5 stars on Capterra

SOX Audit Checklist Template

Establish safeguards to prevent data tampering

Implement an ERP system or GRC software that tracks user logins access to all computers that contain sensitive data.

This system detects break-in attempts to computers, databases, fixed and removable storage, and websites.

Establish safeguards to establish timelines

Implement an ERP system or GRC software that timestamps all data as it is received in real-time.

This data should be stored at a remote location as soon as it is received, thereby preventing data alteration or loss.

Log information should be moved to a secure location and an encrypted MD5 checksum created, thereby preventing any tampering.

Establish verifiable controls to track data access

Implement an ERP system or GRC software that can receive data messages from virtually an unlimited number of sources.

The collection of data should be supported by file queues, FTP transfers, and databases, independent of the actual framework used, such as ISO/IEC 27000.

Ensure that safeguards are operational

Implement an ERP system or GRC software that can issue daily reports to e-mail addresses.

This system distributes reports via RSS, making it easy to verify that the system is up and running from any location.

Periodically report the effectiveness of safeguards

Implement an ERP system or GRC software that generates multiple types of reports, including a report on all messages, critical messages, alerts.

This system uses a ticketing system that archives what security problems and activities have occurred.

Detect Security Breaches

Implement an ERP system or GRC software that performs semantic analysis of messages in real-time and uses correlation threads, counters, alerts, and triggers that refine and reduce incoming messages into high-level alerts.

These alerts then generate tickets that list the security breach, send out emails, or update an incident management system.

Disclose security safeguards to SOX auditors

Implement an ERP system or GRC software that provides access to auditors using role-based permissions.

Auditors may be permitted complete access to specific reports and facilities without the ability to actually make changes to these components, or reconfigure the system.

Disclose security breaches to SOX auditors

Implement an ERP system or GRC software capable of detecting and logging security breaches, notifying security personnel in real-time, and permitting resolution to security incidents to be entered and stored.

All input messages are continuously correlated to create tickets that record security breaches and other events.

Disclose failures of security safeguards to SOX auditors

Implement an ERP system or GRC software that periodically tests network and file integrity, and verifies that messages are logged.

Ideally the system interfaces with common security test software and port scanners to verify that the system is successfully monitoring IT security.

Sign Off

Additional Observation

Internal Auditor Name

Internal Auditor Signature

Share this template:

Similiar templates