Subscribe for NewsLetters
Email: *
First Name: *
Last Name:
Enter Captcha:*
Wk Audit Net 468x60 Ad 1
Workiva Auditors Playbook 468x60 1

AuditNet® Sarbanes-Oxley


In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on a whole new meaning. The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management. This section of AuditNet ® provides tools and resources for internal auditors to acquaint themselves with the new rules and share guidance and best practices for partnering with audit committees. Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.  If you have resources or links you would added to this page please contact us.

Sarbanes-Oxley Books
Sarbanes-Oxley Software Solutions

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners from the IIA

Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting

Sarbanes-Oxley 404 Implementation Costs - Report from A.R.C. Morgan


ComputerWorld Sarbanes-Oxley Coverage

Bloomberg S-Ox Coverage


For current US audit committee rules and the SEC (US Securities and Exchange Commission)

SEC Grants One-Year Extension for SOX Compliance - Affects Non-Accelerated Filers 

Certification of Disclosure in Companies' Quarterly and Annual Reports

Sarbanes-Oxley Act of 2002

Sarbanes-Oxley FAQ from the SEC


Note: Presentations without a hyperlink are available on a one for one exchange.


Auditing into an ISO9001:2000 Quality Management System by Dexter Hansen

Planning an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

Executing an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

Internal controls and the Sarbanes-Oxley Act by Matthew Leitch

Integrating Sarbanes-Oxley Act Internal Controls

Making Sense of Sarbanes-Oxley Tools by Richard Lanza from Internal Auditor (February 2004)

The New Importance of Materiality Journal of Accountancy May 2005

Ten Threats to Compliance


Integrating Sarbanes-Oxley Act Internal Controls Auditing into an ISO9001:2000 Quality Management System

IT Control Objectives for Sarbanes-Oxley from the IT Governance Institute

Management Discussion & Analysis Checklist (GAAP)

Sarbanes-Oxley 404 Network Security (Sep 04)

Sarbanes-Oxley Implementation Checklist

SekChek for SOX and PCAOB compliance testing of General IS Security Controls. A tool for automated host-computer security reviews of non-mainframe platforms, including Unix, Windows, Novell & AS/400.

User Access Controls Work Program (SOX) (May 04)

The following audit programs are available to subscribers by logging in and access is provided on the Subscriber Audit Programs page (not from this page). If you are a non-subscriber you may receive these programs by contributing material (one for one) that you have permission to share with other auditors or organizations. If you are unable to share consider subscribing to annual access to the AuditNet® audit programs. Annual audit program subscription provide subscribers with access to all audit programs (including those below) that require a contribution. After paying the subscription fee you will receive a confirmation email (to the address you use for your PayPal account) with instructions on how to access the audit programs.  If that email is not your business address you will need to contact us and indicate where you want your confirmation sent. Annual subscribers to the audit programs service will also receive a copy of The Auditor's Guide to Internet Resources, 2nd Edition ($50 value). If you are interested in a corporate subscription to the Audit Programs Database providing multiple users with access then click here!

Please note that the following programs are available to Subscribers or Enterprise site license authorized users (excludes Basic level)  from the templates section of the site.  YOU CANNOT DOWNLOAD THE AUDIT PROGRAMS FROM THIS PAGE!

  1. COSO Testing Template (Oct 05)
  2. SOX Entity Level Control Matrix (Dec 08) Sarbanes Oxley Audit Review-Portuguese (Mar 07)
  3. Sarbanes Oxley Governance Risk-Portuguese (Mar 07)
  4. Sarbanes Oxley Audit Review-Portuguese (Mar 07)
  5. Sarbanes Oxley Governance Risk-Portuguese (Mar 07)
  6. Sarbanes-Oxley 404 - IT Audit - Log Security Activity - Checklist
  7. Sarbanes-Oxley 404 - IT Audit - Malicious Software - Checklist
  8. Sarbanes-Oxley 404 - IT Audit - Segregation of Duties - Checklist
  9. Sarbanes-Oxley 404 - IT Audit - User Access - Checklist
  10. Sarbanes-Oxley 404 AP and Procurement
  11. Sarbanes-Oxley 404 Management Assessment of Internal Controls
  12. Sarbanes-Oxley 404 Network Security (Sep 04)
  13. Sarbanes-Oxley 404 Process Level Workbook (Aug 04)
  14. Sarbanes-Oxley 404 Sales & Accounts Receivable Transaction Walkthrough
  15. Sarbanes-Oxley 404 Sales and Accounts Receivable
  16. Sarbanes-Oxley Act Guide
  17. Sarbanes-Oxley Audit Committee Checklist
  18. Sarbanes-Oxley Calculating Payroll Control Matrix
  19. Sarbanes-Oxley CFO & Controllers Checklist
  20. Sarbanes-Oxley Claims Testing-Workers Comp Insurance
  21. Sarbanes-Oxley Cobit Selection
  22. Sarbanes-Oxley Consumer Commercial Control Matrix-Banking
  23. Sarbanes-Oxley Control Matrix Personnel & Payroll Cycle (Aug 04)
  24. Sarbanes-Oxley Control Matrix Purchases & Payments Cycle (Aug 04)
  25. Sarbanes-Oxley Control Matrix Revenue & Cash Collections Cycle (Aug 04)
  26. Sarbanes-Oxley Corporate Tax Control Matrix
  27. Sarbanes-Oxley Coverage Matrix (Aug 04)
  28. Sarbanes-Oxley Discussion Item Matrix (Aug 04)
  29. Sarbanes-Oxley End User and Entity Level Control Narrative (June 05)
  30. Sarbanes-Oxley End User Computing (June 05)
  31. Sarbanes-Oxley Financial Reporting
  32. Sarbanes-Oxley Financial Reporting Risks and Controls (Aug 04)
  33. Sarbanes-Oxley Fixed Assets Risks and Controls (Aug 04)
  34. Sarbanes-Oxley General Entity Wide Controls
  35. Sarbanes-Oxley Generic Stand Alone Application General Control Review (August 04)
  36. Sarbanes-Oxley Generic Testing Template (Oct 05)
  37. Sarbanes-Oxley Guidebook for the Templates (Dec 08) (The following templates are licensed for use by AuditNet® subscribers)
  38. Sarbanes-Oxley Hiring Personnel Control Matrix
  39. Sarbanes-Oxley HR and Payroll Risks and Controls (Aug 04)
  40. Sarbanes-Oxley HR Risk Assessment
  41. Sarbanes-Oxley Implications Backdating Stock Options and Executive Compensation (Dec 2010)
  42. Sarbanes-Oxley IT Management Audit Program & ICQ (82 pages)
  43. Sarbanes-Oxley Journal Entry Testing (January 2012)
  44. Sarbanes-Oxley Risk Matrix
  45. Sarbanes-Oxley Sampling & Isolated Incidents Checklist (May 2010)
  46. Sarbanes-Oxley SAP Inventory Cycle ICQ
  47. Sarbanes-Oxley Section 404 Application Baseline Audit Program (Jan 2005)
  48. Sarbanes-Oxley Segregation of Duties Matrix Personnel & Payroll Cycle (Aug 04)
  49. Sarbanes-Oxley Segregation of Duties Matrix Revenue & Cash Collections Cycle (Aug 04)
  50. Sarbanes-Oxley Spreadsheet Inventory Survey (June 05)
  51. Sarbanes-Oxley -Spreadsheets §404 control evaluation considerations (June 05)
  52. Sarbanes-Oxley Template Financial Reporting Control Matrix (Dec 08)
  53. Sarbanes-Oxley Template Fixed Asset Control Matrix (Dec 08)
  54. Sarbanes-Oxley Template Inventory Control Matrix (Dec 08)
  55. Sarbanes-Oxley Template IT Control Matrix (Dec 08)
  56. Sarbanes-Oxley Template Payroll and Human Resources Control Matrix (Dec 08)
  57. Sarbanes-Oxley Template Purchasing and Payables Control Matrix (Dec 08)
  58. Sarbanes-Oxley Template Revenue and Receivables Control Matrix (Dec 08
  59. Sarbanes-Oxley Template Treasury Control Matrix (Dec 08)
  60. Sarbanes-Oxley Timeline (Aug 04)
  61. S-Ox 404 Audit Committee Checklist (Aug 05)
  62. S-Ox 404 Expense Cycle Questionnaire (Oct 04)
  63. S-Ox 404 IT General Controls Matrix
  64. S-Ox 404 Revenue Cycle Questionnaire (Oct 04)
  65. S-Ox Based Risk Program - Hotel Industry (Mar 05)
  66. S-Ox Code of Ethics Example (Feb 05)
  67. SOX Compliance Auditing Checklist (Oct 2008)
  68. S-Ox Control Exception and Deficiency Evaluation Worksheet (Apr 05)
  69. S-Ox Debt Cycle Test of Controls (SOx)
  70. S-Ox Employee Benefits Controls (Feb 2011)
  71. SOX Entity Level Control Matrix
  72. S-Ox Expenditure Cycle Risks and Controls Matrix (Manufacturing concern/SAP environment/SOX) (April 04)
  73. S-Ox Exposure Calculations (Dec 2010)
  74. S-Ox Financial Reporting Test of Controls
  75. S-Ox Framework for Evaluating Exceptions (Feb 05)
  76. S-Ox ICQ Accounts Payable (Sep 04)
  77. S-Ox ICQ Accounts Receivable
  78. S-Ox ICQ Cash Disbursements - Treasury (Sep 04)
  79. S-Ox ICQ Credit & Collection
  80. S-Ox Internal Control Sales (Oct 04)
  81. S-Ox Inventory Management and Risk Controls (Jan 2005)
  82. S-Ox IT Audit Program (Apr 05)
  83. S-Ox IT Section 404 Anti-Fraud Tool (March 2011)
  84. S-Ox Mapping Financial Statements to Controls Template (Jan 2005)
  85. S-Ox Process Documentation Form (July 05)
  86. S-Ox Process Owners Representation Letter (Feb 06)
  87. S-Ox Revenue and Risk Controls (Jan 2005)
  88. S-Ox Revenue Process Audit Program (Jan 2005)
  89. S-Ox Spreading Testing (Mar 05)
  90. S-Ox Staff Internal Control Q&A
  91. S-Ox Supply Chain Audit Tool (Feb 2011)
  92. S-Ox Testing Template
  93. S-Ox Treasury and Risk Controls (Jan 2005)
  94. S-Ox Treasury Test Plan (Oct 04)
  95. S-Ox Wire Transfers (Oct 04)
  96. Standards for Business Controls Vol. 1 General Business Processes
  97. Standards for Business Controls Vol. 2 IT Processes
  98. Whistleblower Vendor Program Review (Sep 06)


Sox First Management & Compliance - blog devoted to Sarbanes-Oxley

Sarbanes-Oxley Act Forum - an interactive community portal

Sarbanes-Oxley Discussion Forum - The purpose of this Listserv is to provide a vehicle in which individuals can provide information, ask questions, and hopefully provide some sharing of knowledge as it pertains to the issues and challenges of Sarbanes-Oxley compliance.

Send the following email message:
SUBJECT:   (leave blank)
BODY OF MESSAGE: (leave blank) 

You will receive an acknowledgment email which requires an email confirmation before you become a list member. By joining the listserv you agree to abide by its terms and conditions. After your confirmation to join is received, a welcome message will be issued containing listserv guidelines, web site location of archived messages,  and additional important information.


404 Institute KPMG established an open forum for the exchange of ideas and a venue for the development of research and leading practices related to; meeting the requirements of section 404 of the Sarbanes-Oxley Act of 2002, effectively leveraging current and future investments in internal controls, and enhancing the overall integrity of the financial reporting process.

Audit Committee Charters Web site of the Financial Executives Institute provides links to sample charters for audit committees.

CBIZ Internal Audit Services   Sarbanes-Oxley Services page offers articles, tools, surveys, internal control considerations and more.

Center for Corporate Governance from Deloitte (registration required)

Committee on Sponsoring Organizations (COSO) a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance.

Corporate governance links (From the Institute of Chartered Accountants in England and Wales (ICAEW)) ICAEW published the final guidance on the implementation of the internal control requirements of the Combined Code on Corporate Governance, and 'Implementing Turnbull: A Boardroom Briefing'.

Internal Controls Summaries Library from Ernst & Young

IT Governance UK site that provides links to IT governance, risk management,
compliance and information security information.

Public Company Accounting Oversight Board provides a central resource to access CPA registration filings and research standards and regulations mandated by Sarbanes-Oxley

Sarbanes-Oxley Information Center from CFO Direct

Sarbanes-Oxley, corporate governance, and audit committee resources -from KnowledgeLeader

SOX Expert: Solving SOX, Creating Value SOX Expert is a cost effective, comprehensive Sarbanes Oxley compliance and Internal Audit software solution that will enable companies to streamline their GRC program while ensuring the highest degree of risk mitigation. Based on the Microsoft Excel platform, SOX Expert is easy to understand, implement and use. Free software demo available on the website.

Sarbanes-Oxley Information from Reckenen Accountants and Consultants


Audit Committees and Governance from the IIA

Audit Committee Charter from the UK IIA

Audit Committee Institute Web site from KPMG provides information for corporate audit committees including newsletters, publications, surveys and other resources.

Audit Committee Performance Self Assessment Survey

Audit Committee Evaluation of Internal Audit is a questionnaire for audit committee members.

Corporate Governance Reform Initiatives and the Profession of Internal Auditing


Automatic Data Processing