ReddRadar
Agent skill
sox-control-tester
SOX Section 404 control testing skill with workpaper generation and deficiency classification
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/domains/business/finance-accounting/skills/sox-control-tester
Metadata
Additional technical details for this skill
- domain
- business
- category
- audit
- priority
- medium
- specialization
- finance-accounting
SKILL.md
SOX Control Tester
Overview
The SOX Control Tester skill provides comprehensive Sarbanes-Oxley Section 404 control testing capabilities. It supports control documentation, testing execution, and deficiency evaluation for internal control over financial reporting.
Capabilities
Control Walkthrough Documentation
- Process narrative creation
- Control point identification
- Risk and control mapping
- Information flow documentation
- Personnel interviews
- System touchpoint identification
Sample Selection Methodology
- Population definition
- Sample size determination
- Random selection procedures
- Stratified sampling
- Judgmental sampling rationale
- Documentation requirements
Test of Design Effectiveness
- Control design evaluation
- Preventive vs. detective analysis
- Key control identification
- Compensating control assessment
- Design gap identification
- Remediation recommendation
Test of Operating Effectiveness
- Test procedure execution
- Evidence collection
- Attribute testing
- Exception documentation
- Reperformance procedures
- Inquiry corroboration
Deficiency Evaluation
- Control deficiency identification
- Severity assessment criteria
- Compensating control consideration
- Significant deficiency determination
- Material weakness classification
- Aggregation analysis
Remediation Tracking
- Remediation plan documentation
- Milestone tracking
- Responsible party assignment
- Evidence collection
- Validation testing
- Closure documentation
Usage
Control Testing Cycle
Input: Control inventory, risk assessment, testing plan
Process: Execute walkthroughs and tests, evaluate results
Output: Testing workpapers, deficiency report, remediation tracking
Deficiency Assessment
Input: Identified exceptions, control population, financial impact
Process: Evaluate severity, consider compensating controls
Output: Deficiency classification, management action plan
Integration
Used By Processes
- SOX Compliance and Testing
- Internal Audit Planning and Execution
- External Audit Coordination
Tools and Libraries
- GRC platforms (Workiva, AuditBoard)
- Control libraries
- Testing templates
Best Practices
- Maintain current risk and control matrices
- Document all testing procedures and results
- Evaluate deficiencies promptly
- Coordinate with external auditors
- Track remediation to completion
- Update control documentation for changes
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?