Organizations can use this document as a guide for establishing their framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act (the Act).

In this sample, the company’s approach to supporting the certifications required by Section 404 of the Act includes the following key activities: complete the entity-level risk assessment, define critical processes supporting the financial reporting function, identify key controls mitigating key risks, validate control operating effectiveness, design and implement solutions for control gaps and weaknesses, validate the management assessment with the external auditor, and establish a timeline and other administrative aspects.