To develop a formalized system of checks and balances, thereby helping protect GitLab stakeholders from fraudulant financial reporting.
As a public company Sarbanes- Oxley (SOX) regulations apply to GitLab. GitLab has adopted the COSO framework as the criteria for evaluating the effectiveness of the company’s internal control over financial reporting.
| Role | Responsibility |
|---|---|
| SOX Progam Management Office (PMO) | SOX PMO consists of controllership and internal audit department to manage GitLab’s Sarbanes-Oxley (SOX) program. Responsibilities include: → Perform risk assesment and scoping to determine project scope of each reporting year → Prepare the internal control assessment plan and include timelines → Schedule process walk-throughs for each process with process/control owners → Review current and prior-year control deficiencies in order to determine the remediation status → Update process maps → Prepare control deficiency reports and follow up on remediation efforts → Meet with external auditors as necessary to provide status updates and remediation efforts of ongoing work |
| Chief Financial Officer | Executive Sponsor of the SOX program |
| Control Owners | Responsible for: → Confirming control description for controls that are assigned to them → Update SOX Internal controls page for any changes in the people, process and platform and provide edits to the SOX PMO for review within 30 days of change → Make themselves available to speak with the SOX PMO upon their request for walkthroughs, sign-offs , testing and for discussion of test results → Provide test evidence to the SOX PMO upon request. → Remediate control deficiencies |
Following outputs of SOX program will be maintained and monitored by the SOX PMO function.
