Sarbanes-Oxley Act (SOX 404) Playbook Library

  • More in

This library of Internal Control over Financial Reporting (ICFR) Playbooks represents the core of what is generally required by management (including process owners), boards of directors, and their audit committees, as well as internal and external auditors, to document, assess, test, report, and oversee the design and operating effectiveness of the typical key internal controls on which management is reliant to prevent and detect material misstatement and fraud as required by relevant regulatory and corporate mandates.


The core ICFR Library addresses the following entity and transaction-level activities:


  • –  Baseline Controls in Small Entities
  • –  Entity Level Controls (Tone at the Top)
  • –  Financial Statement Close and Reporting
  • –  General Control Activities over Technology (ITGC)
  • –  Information Technology Application Controls (ITAC)
  • –  Systems Development Life Cycle (SDLC)
  • –  Purchases Cycle (Procure-to-Pay)
  • –  Revenue Cycle (Order-to-Cash)
  • –  Payroll Cycle
  • –  Inventory Cycle
  • –  Treasury and Investments Cycle
  • –  Commitment and Contingencies
  • –  Taxes, and
  • –  Shareholders’ Equity
Sign up for our newsletter and get the best of GRC Playbook straight to your inbox.