Professional Documents
Culture Documents
SOX Process
SOX Process
Business Unit:
BU Code: XXXX
Walkthrough signoff by:
………………………………………. …………………………………………
Insert Position Insert Position
………………………………………. …………………………………………
Date Date
A walkthrough test aims to trace a transaction from origination through the company's information
systems until it is reflected in the company's financial reports. Walkthroughs provide evidence to:
The external auditor will also be required to conduct walkthroughs to support their S404 opinion.
Guidance on performance of walkthroughs
The following tables detail the specific matters that should be considered when performing the
Walkthrough. The Walkthrough focuses on the completeness and accuracy of documentation supporting
process description and risk and control analysis.
The Walkthrough tested should undertake the procedures indicated in the Description column. The
method by which these procedures are commenced should be detailed in the Confirmed By column e.g.
observation, enquiry, re-performance etc. Document Ref indicates where the supporting information
prepared/obtained by the walkthrough tester is filed for future review.
PRELIMINARY
CONFIRMED DOCUMENT
PROCEDURE DESCRIPTION
BY REF
Determine the Confirm the process (and associated risks
subject of the and controls) that are the subject of the
walkthrough Walkthrough. This should be confirmed
with the relevant B SOX delegate and
CFO/SFC.
Consider whether the scope includes
process elements performed by other
BU’s.
Understand the Ensure that the walkthrough tester has
nature of the sufficient knowledge of the process.
process Preparatory work should include:
Initial discussion with BU personnel and
relevant SOX delegate
Review of existing SOX documentation
Review of other relevant material e.g.
Group Audit reports
Request Following initial review of existing
relevant activity documentation, walkthrough tester may
and control request examples of process and/or control
related documentation from the BU
documents
Select Sample transactions are selected to enable a
transaction(s) to walkthrough tester to take the transaction
be subject to through the nominated process and to enable
Walkthrough confirmation of process elements and the
incidence of control activities, particularly Key
Controls.
Select a sample of transactions to be
tested. Sufficient transactions should be
selected to enable adequate coverage of
different transaction flows (where
relevant).
Transactions should also be selected by
reference to money value, date of
transaction, source of transaction.
Page 4
Guidance on performance of walkthroughs
PROCESS DOCUMENTATION
CONFIRMED WORKPAPER
PROCEDURE DESCRIPTION
BY REF
Process Are all key process elements appropriately
Elements described?
Are process elements in a logical order
and do they represent the actual sequence
of the transaction flow?
Are the linkages between sub-processes
properly described and reflective of actual
transaction flows?
Is it clear what happens to rejected
transactions at each point in the process
flow?
Responsible Are the departments/personnel
persons responsible for each process element
accurately described?
IT Applications Are the key IT applications (including end-
user applications) accurately described
and at the correct point in the process
flow?
Are there any IT applications that have not
been included in the process flows?
Input/Output Does the documentation properly describe
Documentation the key documents/reports that are used in
the process?
Results Identify any amendments that are required in
relation to the Process Flowcharts.
RISK MATRIX
CONFIRMED DOCUMENT
PROCEDURE DESCRIPTION
BY REF
Risk description For each Key Risk, verify the point of
occurrence of the risk and the accuracy of
the description (“what can go wrong”)
Consider whether there are any key risks
that have not been identified.
Risk Attributes Consider whether descriptions of the following
are reasonable for each Key Risk:
Impact
Likelihood
Relevant Financial Statement
Assertion
Results Identify any amendments that are required in
relation to the Risk Matrix.
Page 5
Guidance on performance of walkthroughs
CONTROL MATRIX
CONFIRMED DOCUMENT
PROCEDURE DESCRIPTION
BY REF
Description of Observe the actual implementation of Key
control Controls and review supporting materials
and audit trails. Do the identified Key
Controls operate in the manner described?
Control Consider whether descriptions of the following
attributes are accurate for each Key Control:
Frequency
Control owner
Manual vs. automated
Detective vs. preventive
Page 6