audit-readiness
Installation
SKILL.md
SOX 404 Testing Lifecycle
End-to-End Phases
- Scoping: Determine which accounts and processes carry enough risk to warrant control coverage
- Risk evaluation: Assess the probability and magnitude of potential misstatement for each in-scope account
- Control mapping: Document the specific controls that mitigate each identified risk
- Effectiveness testing: Evaluate whether controls are properly engineered (design) and consistently executed (operation)
- Deficiency assessment: Judge the severity of any control gaps uncovered during testing
- Management reporting: Formalize the overall ICFR assessment and disclose any material weaknesses
Determining Which Accounts Are In Scope
An account enters scope when it carries a non-remote probability of containing a misstatement that is material on its own or in combination with others.
Size-based indicators:
- The balance surpasses the quantitative materiality benchmark (commonly 3-5% of a reference figure such as revenue, assets, or pre-tax income)
- High transaction throughput increases the statistical likelihood of error
- The balance depends heavily on estimates or management judgment
Related skills
More from vm0-ai/vm0-skills
hackernews
Hacker News API for stories and comments. Use when user mentions "Hacker
2.7Kcloudflare-tunnel
Cloudflare Tunnel API for secure tunnels. Use when user mentions "Cloudflare
555google-sheets
Google Sheets API for spreadsheets. Use when user mentions "Google Sheets",
408minimax
MiniMax API for AI models. Use when user mentions "MiniMax", "Chinese
341instagram
Instagram API for posts and media. Use when user mentions "Instagram",
312apify
Apify web scraping platform. Use when user mentions "scrape website",
312