Checklist Executive/Board SOX

SOX Annual Audit Preparation Checklist

This SOX Annual Audit Preparation Checklist ensures your organization meets the requirements of the Sarbanes-Oxley Act of 2002. Designed for executive and board-level review, this checklist addresses critical compliance areas including financial reporting controls, internal audit functions, auditor independence, and documentation requirements. Each item is tied to specific regulatory sections and requires concrete evidence of compliance. Complete this checklist 90 days prior to your fiscal year-end audit to identify and remediate any gaps.

  • Certify Financial Statements: CEO and CFO have personally certified the accuracy of quarterly and annual financial statements per SOX Section 302. Documentation includes signed certifications with attestations to internal control effectiveness.
  • Establish Audit Committee: Board has constituted an independent Audit Committee with at least one financial expert per SOX Section 407. Maintain committee charter, member qualifications, and meeting minutes.
  • Document Internal Control Framework: Management has completed detailed documentation of all internal controls over financial reporting (ICFR) per SOX Section 404(a). Include control matrices, process narratives, and risk assessments for all material accounts.
  • Conduct Control Testing: Perform comprehensive testing of key controls over financial reporting, documenting test results, exceptions, and remediation plans per SOX Section 404 requirements.
  • Remediate Control Deficiencies: All material weaknesses and significant deficiencies identified in prior audits have been remediated with supporting evidence of control improvements and re-testing.
  • Verify Auditor Independence: External auditors have confirmed compliance with auditor independence requirements per SOX Section 206. Obtain their independence letter and confirm no prohibited services have been provided.
  • Document Audit Committee Pre-Approvals: Audit Committee has pre-approved all non-audit services and audit fees per SOX Section 202. Maintain pre-approval documentation for all services rendered.
  • Establish Ethics Code: Company has adopted a Code of Ethics applicable to senior financial officers per SOX Section 406. Document any waivers with board approval and disclosure.
  • Implement Whistleblower Procedures: Audit Committee has established confidential procedures for receipt, retention, and treatment of complaints per SOX Section 301(m). Maintain logs of all submissions and responses.
  • Restrict Auditor Rotation: Confirm external audit partner rotation complies with SOX Section 203 requirements (lead auditor rotation every five years). Document partner assignment and rotation schedule.
  • Complete Internal Audit Planning: Internal Audit function reports directly to Audit Committee per SOX Section 301. Document audit plan, resource allocation, and independence from management.
  • Review Related Party Transactions: All related party transactions have been identified, disclosed, and approved per SOX Section 404 requirements. Maintain documentation of review and authorization.
  • Prepare Financial Disclosure Forms: All executives required to file beneficial ownership reports have completed Forms 3, 4, and 5 timely per SOX Section 16. Coordinate with legal and insider trading counsel.
  • Document Regulatory Filings: All Forms 10-K, 10-Q, and 8-K have been prepared in compliance with SOX Section 409 real-time disclosure requirements. Maintain evidence of timely filing and accuracy reviews.
  • Assess IT General Controls: Information technology controls supporting financial reporting systems have been evaluated and tested per SOX Section 404(b) auditor requirements. Document access controls, change management, and system security.
  • Review Debt Covenants: Confirm compliance with all debt agreements and covenant calculations, ensuring financial statements accurately support compliance certifications per SOX Section 302.
  • Establish Retention Policies: Document retention schedule for audit workpapers and financial records meeting SOX Section 802 requirements (minimum seven years). Confirm implementation across all systems.
  • Conduct Board Training: Board members and Audit Committee have received training on SOX requirements, ICFR assessment, and their responsibilities per SOX Section 301. Maintain attendance records and training documentation.