AuditOne LLC
AuditOne LLC
  • Home
  • About
    • ABOUT US
    • WHY CHOOSE US
    • MANAGEMENT
    • WORLD CLASS STAFF
  • Services
    • SERVICES
    • COMPLIANCE
    • BSA AML
    • OPS ADMIN ACH EFT
    • INFORMATION SECURITY
    • ASSET LIABILITY MGMT
    • CREDIT REVIEW SBA
    • SOX AND FDICIA TESTING
    • RISK MANAGEMENT
  • Testimonials
  • News
    • NEWSLETTERS
    • NEWSLETTER SIGN UP
    • AUDITONE WEBINARS
    • COVID-19 INFORMATION
  • Security
    • SECURITY
    • BOX ENTERPRISE GUIDE
    • REMOTE AUDIT TOOLS
  • Contact Us
  • More
    • Home
    • About
      • ABOUT US
      • WHY CHOOSE US
      • MANAGEMENT
      • WORLD CLASS STAFF
    • Services
      • SERVICES
      • COMPLIANCE
      • BSA AML
      • OPS ADMIN ACH EFT
      • INFORMATION SECURITY
      • ASSET LIABILITY MGMT
      • CREDIT REVIEW SBA
      • SOX AND FDICIA TESTING
      • RISK MANAGEMENT
    • Testimonials
    • News
      • NEWSLETTERS
      • NEWSLETTER SIGN UP
      • AUDITONE WEBINARS
      • COVID-19 INFORMATION
    • Security
      • SECURITY
      • BOX ENTERPRISE GUIDE
      • REMOTE AUDIT TOOLS
    • Contact Us
  • Home
  • About
    • ABOUT US
    • WHY CHOOSE US
    • MANAGEMENT
    • WORLD CLASS STAFF
  • Services
    • SERVICES
    • COMPLIANCE
    • BSA AML
    • OPS ADMIN ACH EFT
    • INFORMATION SECURITY
    • ASSET LIABILITY MGMT
    • CREDIT REVIEW SBA
    • SOX AND FDICIA TESTING
    • RISK MANAGEMENT
  • Testimonials
  • News
    • NEWSLETTERS
    • NEWSLETTER SIGN UP
    • AUDITONE WEBINARS
    • COVID-19 INFORMATION
  • Security
    • SECURITY
    • BOX ENTERPRISE GUIDE
    • REMOTE AUDIT TOOLS
  • Contact Us

SOX & FDICIA Testing

Sarbanes-Oxley Act and FDICIA 36

An Enterprise Risk Assessment (ERA) is a streamlined and cost-effective risk management tool. At the other end of the spectrum, in terms of complexity and granularity, are the Sarbanes-Oxley Act (“SOX”) Section 404 requirements that public filers must meet and the FDICIA 36 requirements for larger institutions (full reporting starting at $1 billion assets), as regards controls over financial reporting risk. We have considerable experience with such reporting, both in the documentation and the testing phases.


Most SOX institutions adopt a COSO-type approach, which is also what is recommended for meeting FDICIA 36 requirements. Documentation of the internal controls to be tested requires first going through a risk assessment of the institution – a similar though more detailed exercise than an ERA. SOX and FDICIA both require analyzing specific risks at a disaggregated level, then identifying the controls (key controls, as well as back-up or compensating controls) over each risk. Rigorous documentation and validation requirements apply.


It can be expected that over time there will be rising demands for smaller, non-public institutions to be heading down this path – even without formal SOX or FDICIA reporting need. It will become a differentiator of well-managed, leading-edge players. And it will give management and the Board more comfort that the institution has positioned itself to minimize the likelihood of any given loss event and the amount that would be lost.

Copyright © 2024 AuditOne LLC - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept