This memo documents a company's high-level testing strategy for SOX compliance.

The goal of this testing strategy is to comply with the Internal Control over Financial Reporting (ICFR) requirements of the Sarbanes-Oxley Act while following the guidance and regulations issued by both the Securities and Exchange Commission (SEC) and the Public Companies Accounting Oversight Board (PCAOB). This testing strategy relates to all manual and automated business process controls, including entity-level controls. The approach is systematic and rational, utilizing a top-down and risk-based approach. The top-down approach first considers the entity-level controls of the company, the result of which might permit certain accounts to be eliminated from consideration.