Most organizations have not obtained assurance over their enterprise risk planning (ERP) internal control environment in accordance with the Sarbanes-Oxley (SOX) Act. This sample questionnaire uses configuration tools to evaluate and improve an organization's configurable application controls.

Sample questions include: Were application controls emphasized appropriately when identifying key controls to test for Sarbanes-Oxley compliance? Does your client have the appropriate skills and tools to automate testing configurable controls? Have their auditors made comments to management regarding the degree of manual controls? Has management considered a baseline strategy with their auditors?