After you have reviewed the ten items listed above, it is time to develop an action plan. Think of this in audit terms: you have identified issues, and you need to address these with remediation plans. We can complete our remediation plan in 5 steps:
Consider your timing when you go about this exercise. Ideally, the revised SOX program should kick off at the start of a new fiscal year. If you manage hundreds of controls, the review may take several months to complete. If you feel the program needs recalibration, start the review as soon as possible. It will take time to focus the efforts of everyone involved, but the result will be a stronger, leaner, and more effective SOX program.