To develop a formalized system of checks and balances, thereby helping protect GitLab stakeholders from fraudulant financial reporting.
Currently Sarbanes- Oxley (SOX) regulations do not apply to GitLab. As part of GitLab's public company readiness milestone, we are in the process of implementing a SOX program.
GitLab has adopted the COSO framework as the criteria for evaluating the effectiveness of the company’s internal control over financial reporting.
| Role | Responsibility |
|---|---|
| SOX Progam Management Office (PMO) | The division of internal audit department has the primary responsibility of managing GitLab’s Sarbanes-Oxley (SOX) program. In this role, the PMO will work under the direction of the Principal Accounting Officer. Responsibilities include: → Perform risk assesment and scoping to determine project scope of each reporting year → Prepare the internal control assessment plan and include timelines → Schedule process walk-throughs for each process with process/control owners → Review current and prior-year control deficiencies in order to determine the remediation status → Update process maps → Prepare control deficiency reports and follow up on remediation efforts → Meet with external auditors as necessary to provide status updates and remediation efforts of ongoing work |
| Principal Accounting Officer | Executive Sponsor and provides oversight of Internal Audit’s execution of the SOX program |
| Director, SEC & SOX | Responsible for: → Confirming control description for controls that are assigned to them → Update SOX Internal controls page for any changes in the people, process and platform and provide edits to the SOX PMO for review within 30 days of change → Make themselves available to speak with the SOX PMO upon their request for walkthroughs, sign-offs , testing and for discussion of test results → Provide test evidence to the SOX PMO upon request. → Remediate control deficiencies |
Following outputs of SOX program will be maintained and monitored by the Internal Audit function.
