The document outlines key performance indicators (KPIs) and key risk indicators (KRIs) related to Sarbanes-Oxley Act (SOX) Section 404 compliance. It addresses various issues such as the timely completion of internal control testing, remediation of control deficiencies, accuracy of financial reports, and employee training on SOX policies. The focus is on identifying and mitigating risks to ensure accurate financial reporting and effective internal controls.

1. Internal Control
Testing
1. Timely Completion of Testing
2. Control Testing Effectiveness
1. Delays in completing control testing
2. Control deficiencies or failures
Remediation of
Deficiencies
3. Timely Remediation of Control
Issues
4. Repeat Control Failures
3. Delays in addressing control issues
4. Reoccurrence of control deficiencies
Financial Reporting
Accuracy
5. Accuracy of Financial Reports
6. Material Weaknesses Identification
5. Inaccurate financial statements
6. Identification of material weaknesses
Documentation
Compliance
7. Documentation Completeness
8. Evidence Retention
7. Incomplete or missing documentation
8. Loss or tampering of evidence
Audit Trail Accuracy
9. Audit Trail Completeness
10. Audit Trail Monitoring
9. Incomplete or missing audit trails
10. Ineffective monitoring of audit trails
Employee Training
11. SOX Training Participation
12. Policy Acknowledgment
11. Lack of awareness in SOX policies
12. Policy non-compliance by employees
Category KPIs KRIs
SOX Section 404 KPIs and KRIs
Assess the effectiveness and risks in complying with Sarbanes-Oxley Act (SOX) Section 404 to
ensure accurate financial reporting.