Remediation Prioritization
Prioritizing compliance and remediation efforts is crucial to the certification of financial reports, the annual management assessment of internal control over financial reporting, and the related external auditor attestation engagement. Remediation efforts should be designed to improve the efficiency and productivity of operating processes as well as to strengthen internal controls. Each internal control remediation plan should address not only how the corrective action improves the overall control environment, but also how it streamlines transaction process flow.
The timing of remediation efforts should also be considered. Companies should determine to what extent remediation could be conducted in conjunction with compliance activity. It is a best practice to plan for parallel documentation, control gap identification, gap remediation, and testing for both initial and ongoing compliance, because parallel execution can have a dramatic impact on the cost and the timeline of compliance efforts.
The first step in effectively coordinating various remediation requirements is to categorize them by type of improvement. Category examples include the following:
Checklist: Control improvements
Mitigate missing or deficient controls | |
Eliminate unnecessary or redundant ... |
Get Sarbanes-Oxley Ongoing Compliance Guide: Key Processes and Summary Checklists now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.