This tool contains two sample memos that serve as a report of an internal audit function’s high-level assessment of the SOX compliance project process.

In these samples, a control is designed effectively if the control provides reasonable assurance the related risk of misstatement is reduced to acceptably low levels and corresponding financial statement assertions are achieved. In some cases, multiple controls may be required to adequately mitigate risk, and the aggregated controls must each be evaluated for design and operational effectiveness. Control design effectiveness will be assessed through walk-throughs.