After several years of a co-sourced audit arrangement with a consulting firm, your employer has decided to bring the Sarbanes-Oxley program in-house and remove the consultants performing this work. They have nominated your team to address the internal review program for the company going forward. Company details include the following:
Business: Dental Claims Adjudication
Employees: 300
Systems – PeopleSoft Financials,
Wonderbox, Data Warehouse, Workday (HR), multiple financial excel files, custom developed EDI for incoming claims, custom developed fixed asset program, Keurig Coffee maker in cafeteria
Which IT controls would be relevant?
How would you address timing, testing frequency?
What regulatory guidance can be used to determine compliance?
What departments would need to be involved