CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionCompliance
SOX Compliance
Requirements of the Sarbanes-Oxley Act to prevent financial statement fraud.
The SOX Act of 2002 mandates financial statement certification (Section 302) and annual assessment of internal controls (Section 404). It applies to all US-listed companies. Internal and external auditors play a central role in its implementation. Section 404 requires a management assessment of internal controls over financial reporting (ICFR), audited by a PCAOB-registered firm. SOX compliance costs average $1.3M per year for large companies. A mature SOX program relies on financial process mapping, ITGC testing, and close coordination between internal audit, external audit, and the CFO.
📌 Key points
- Section 302: quarterly CEO/CFO certification of financial statement accuracy
- Section 404: annual management assessment and external audit of ICFR
- ITGCs (IT General Controls) are a foundational pillar of SOX compliance
- Material weaknesses must be publicly disclosed in the annual report (10-K)
- PCAOB supervises external auditors of all US-listed companies
Related certifications
These certifications cover the concept of "SOX Compliance" in depth.
CIA· IIA
Certified Internal Auditor (IIA, 3 Parts)
The IIA CIA certification covers this concept in Part 1 (framework, IPPF) and Part 2 (audit practice). 60+ lessons and 1,258 original questions.
🔗 Related concepts
ControlsControlsControlsControlsComplianceControls
IT General Controls (ITGC)
Foundational controls supporting the reliability of information systems.
Material Weakness
A severe deficiency that could result in a material misstatement of financial statements.
Significant Deficiency
A deficiency less severe than a material weakness but requiring management attention.
Control Deficiency
A flaw in the design or operation of an internal control.
PCAOB
Public Company Accounting Oversight Board — US regulator of public company auditors.
Segregation of Duties (SoD)
A principle preventing one person from controlling all steps of a critical process.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.