Testing for Sarbanes-Oxley Compliance
In the wake of huge accounting scandals, many organizations are now being required to conform to Sarbanes-Oxley (SOX) legal requirements regarding internal controls. Many of these controls are implemented within computer applications. As testers, we should be aware of these new requirements and ensure that those controls are tested thoroughly. Specifically, testers should identify SOX-based application requirements, design automated test cases for
those requirements, create test data and test environments to support those tests, and document the test results in a way understandable by and acceptable to auditors, both internal and external. To be most efficient, SOX testing should not be separate but should be incorporated into system testing.
- Learn the SOX testing lifecycle
- Identify testable requirements for SOX compliance testing
- Review SOX test automation strategies