Agent-Skills.md

Agent Skills: SOX Control Tester

SOX Section 404 control testing skill with workpaper generation and deficiency classification

auditID: a5c-ai/babysitter/sox-control-tester

Repository

a5c-ai/babysitter
a5c-aiLicense: MIT
244

Install this agent skill to your local

pnpm dlx add-skill https://github.com/a5c-ai/babysitter/tree/HEAD/plugins/babysitter/skills/babysit/process/specializations/domains/business/finance-accounting/skills/sox-control-tester

Skill Files

Browse the full folder contents for sox-control-tester.

Download Skill

Loading file tree…

plugins/babysitter/skills/babysit/process/specializations/domains/business/finance-accounting/skills/sox-control-tester/SKILL.md

Skill Metadata

Name
sox-control-tester
Description
SOX Section 404 control testing skill with workpaper generation and deficiency classification

SOX Control Tester

Overview

The SOX Control Tester skill provides comprehensive Sarbanes-Oxley Section 404 control testing capabilities. It supports control documentation, testing execution, and deficiency evaluation for internal control over financial reporting.

Capabilities

Control Walkthrough Documentation

  • Process narrative creation
  • Control point identification
  • Risk and control mapping
  • Information flow documentation
  • Personnel interviews
  • System touchpoint identification

Sample Selection Methodology

  • Population definition
  • Sample size determination
  • Random selection procedures
  • Stratified sampling
  • Judgmental sampling rationale
  • Documentation requirements

Test of Design Effectiveness

  • Control design evaluation
  • Preventive vs. detective analysis
  • Key control identification
  • Compensating control assessment
  • Design gap identification
  • Remediation recommendation

Test of Operating Effectiveness

  • Test procedure execution
  • Evidence collection
  • Attribute testing
  • Exception documentation
  • Reperformance procedures
  • Inquiry corroboration

Deficiency Evaluation

  • Control deficiency identification
  • Severity assessment criteria
  • Compensating control consideration
  • Significant deficiency determination
  • Material weakness classification
  • Aggregation analysis

Remediation Tracking

  • Remediation plan documentation
  • Milestone tracking
  • Responsible party assignment
  • Evidence collection
  • Validation testing
  • Closure documentation

Usage

Control Testing Cycle

Input: Control inventory, risk assessment, testing plan
Process: Execute walkthroughs and tests, evaluate results
Output: Testing workpapers, deficiency report, remediation tracking

Deficiency Assessment

Input: Identified exceptions, control population, financial impact
Process: Evaluate severity, consider compensating controls
Output: Deficiency classification, management action plan

Integration

Used By Processes

  • SOX Compliance and Testing
  • Internal Audit Planning and Execution
  • External Audit Coordination

Tools and Libraries

  • GRC platforms (Workiva, AuditBoard)
  • Control libraries
  • Testing templates

Best Practices

  1. Maintain current risk and control matrices
  2. Document all testing procedures and results
  3. Evaluate deficiencies promptly
  4. Coordinate with external auditors
  5. Track remediation to completion
  6. Update control documentation for changes