Professional Documents
Culture Documents
Closure Memo Template
Closure Memo Template
The SOA Closing Memorandum should be completed by the BCA responsible for each process once
the work over the process is finalized. The SOA Closing Memorandum is intended to provide a
summary of all significant findings, exceptions and recommendations noted during the
walkthroughs or testing and will aid in facilitating the closing meetings with the control owners. If
no findings or recommendations have been noted, the SOA Closing Memorandum is still required
to be completed as a means of informing the owners that no specific items were noted as a result of
our procedures.
Under each of the sections below, you will find specific instructions as to the nature of the
documentation expected. Note that these instructions/comments are in bold, blue font and should be
removed from the final document.
Note that the SOA Closing Memorandum should be completed after the completion of initial testing
(or at a time determined by the Manager) for each walkthrough and testing performed per process
and includes the findings of all controls related to the process.
1 Lexmark Confidential
SOA Closing Memorandum
Geography and company code: (Insert Geo and/or name of company concerned)
Corporate Business Controls performed (insert “walkthrough” or “testing”) over the (insert the name
of the process) process during (insert month and year).
Our objective was to ensure that the critical controls as noted in the (insert the name of the process)
control matrix operate according to our understanding and expectations and remain effective.
Our procedures included inquiries with key personnel as well as observation and reperformance of
critical controls on a sample basis. Additional wording can be included to describe the scope of work if
appropriate (i.e. we reviewed by US and EMEA controls related to ….).
All controls will be subject to update testing during the 4th quarter to ensure that the controls
functioned properly throughout the year.
Summary of results
“We noted some control issues requiring management’s attention. The core issue noted was user
listings utilized for access revalidations and segregation of duty reviews do not contain the privileges
assigned to the user. Current listings contain user roles or groups which do not contain sufficient
detail for an adequate review of user access or an assessment of segregation of duties to be
performed and relied upon to effectively mitigate the associated risks.”)
Refer to Appendix 1 for a complete list of the findings over the (insert the name of the process)
process.
2 Lexmark Confidential
(Here, the BCA will attach a copy of the completed exceptions report for the process and will
distribute the memo and attachment by email to all control owners of the process, subsequent to the
BCA Manager’s review.)
3 Lexmark Confidential
Appendix A: Detailed SOA 404 Findings and Management Response
4 Lexmark Confidential