Sarbanes Audits
As per the SEC, there needs to be separation of duties between the parties performing the implementation of the controls and those parties certifying the controls.
PRINCETON AUDIT GROUP fits in to provide Third Party Audit (TPA) / Independent Audit of your IT environment within ITGC (Information Technology General Controls) framework. Our Sarbanes-Oxley Compliance Audit experience exceeds more than 40 Projects with specific knowledge of all BIG-4 auditing methodologies.
Section 404 Implementation Services
Princeton Audit Group (PAG) provides a wide range of Section 404 implementation services which includes the following project tasks:
Establish criteria to identify in-scope financial processes, applications, databases and servers
Perform control evaluation and establish Control Matrices (RCM)
Establish control gaps and coordinate/perform remediation
Flowchart and document key processes
Establish test procedures which meet PCAOB standards
Conduct and document tests which meet PCAOB standards & external audit sample period and sample size requirements
Establish ongoing quarterly and annual testing requirements
All work as described above would meet the financial, application and IT general requirements of Section 404. PAG coordinates the tasks and deliverables with Process Owners, Internal Audit Teams, and External Auditors to obtain their concurrence to ensure the process towards the final sign off on the financial statements is smooth and without surprises.
Section 404 Quarterly Testing Services
Princeton Audit Group (PAG) provides independent testing services using widely accepted testing standards and techniques. We employ standard templates to ensure that testing errors are minimized and the “Deficiency Aggregation” and disclosure of control weakness is perfumed on a consistent basis.
As part of our quarterly testing services, we can perform a control validation to ensure controls /their effectiveness have not changed prior to testing and that if there are changes – they are appropriately reflected.
Section 404 Ongoing Services
The external auditors’ interpretation of the 404 requirements has been changing each month. Princeton Audit Group (PAG) professionals have dealt with most of the major external audit firms and have the latest information regarding type and level of testing which is required along with the test documentation requirements.
The purpose of the “Ongoing” reviews is to assess the following:
Verify proper inclusion of in-scope financial processes, applications, databases &  servers
Verify proper scope of coverage for controls
Verify that controls have been adequately defined
Validate adequacy of process used to perform control evaluations
Assess control remediation strategies and design
Assess test procedures
Assess the adequacy of testing to which includes sample period & sample size requirements
Assess the adequacy of the test documentation
At the end of the engagement a presentation is made to the client’s management which would indicate project areas which have met and not met the requirements to support management assertions of the controls used to generate the financial statements.
In addition, recommendations will be provided to allow for the project to meet the requirements of the external auditors to secure an opinion which would then not produce any material weaknesses.
Section 409 Implementation Services
Establish escalation process
Assess trigger points to identify material change
Pre-Implementation Review of Sarbanes-Oxley Impacted Systems
The purpose of this service is to provide management with an independent assessment of whether new IT systems / Applications will resolve Sarbanes-Oxley control issues identified in the replacement systems and whether new Sarbanes-Oxley issues will arise from the implementation of the new systems.
We provide IT Audit reviews of such critical applications in coordination with IT, Business Owners, Internal Audit, SOX PMO and Finance Management teams.