Ensuring that there is a remediation plan in place to address control gaps and monitoring remediation progress are key factors in complying with Sarbanes-Oxley (SOX) Section 404. A control gap occurs when a control does not exist, does not effectively mitigate a risk or is not operating effectively. Control gaps can relate to the design effectiveness of operating effectiveness of the control.
This guide provides SOX project teams with the steps they need to take to identify control gaps and implement a remediation action plan. It outlines the following steps: identify the control gap, identify compensation controls, develop a remediation action plan, implement the remediation action plan, update the control documentation and confirm the remediation implementation.