This tool can be used to gain a better understanding of common SOX standardized testing risks and to develop a standard approach to risk assessment, control identification and testing.
Questions to consider include: Is there confidence that interfaces are being efficiently and effectively evaluated and tested across the company? Are there complex and/or numerous interfaces that could cause risks to the impacted business process? If so, are these being treated consistently across the company? Are there numerous computer-related issues around the company’s interfaces? Is there a lack of confidence in their operating effectiveness and/or completeness?