Tip: Six steps to conducting a SOX 404 audit
Healthcare Auditing Weekly, July 15, 2008
If you’re considering performing a Sarbanes-Oxley 404 audit, you need to identify your organization’s business cycle and materiality. Once you’ve done this, follow this series of steps to perform a SOX 404 audit:
- Identify significant accounts – start with financial statements and identify material accounts related to the cycle under review.
- Identify the high-level business processes that are relevant for the cycle (e.g., for expenditures: purchasing, receiving, invoicing, etc.). Then define the sub-processes that fall under each process.
- For each process, identify the control objectives and relevant financial statement assertions (e.g., all purchase orders are approved).
- Meet with subject matter experts to document process flows and controls. Perform a walkthrough to validate your understanding of the processes and ensure controls are in place.
- Identify control activities that meet the control objectives (e.g. the control used to ensure purchase orders are approved). Identify which of these controls are key controls – those that reduce the risk associated with a given process to an acceptable level.
- Management provides its assertion about the adequacy of the controls through the testing of identified control activities. The external auditor performs an attestation on the controls and provides an opinion on management’s assessment process.
This tip is adapted from The Healthcare Auditor’s Handbook. For more information about the book or to order your copy, visit the HCMarketplace.
Comments
0 comments on “Tip: Six steps to conducting a SOX 404 audit ”
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- HIPAA Q&A: Level of encryption needed for email
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- Q&A: Acute respiratory failure diagnosis does not require intubation
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Oxygen Cylinder Storage Requirements
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Searched