To develop a formalized system of checks and balances, thereby helping protect GitLab stakeholders from fraudulant financial reporting.
As a public company Sarbanes- Oxley (SOX) regulations apply to GitLab. GitLab has adopted the COSO framework as the criteria for evaluating the effectiveness of the company’s internal control over financial reporting.
|SOX Progam Management Office (PMO)||SOX PMO consists of controllership and internal audit department to manage GitLab’s Sarbanes-Oxley (SOX) program. Responsibilities include:
→ Perform risk assessment and scoping to determine project scope of each reporting year
→ Prepare the internal control assessment plan and include timelines
→ Schedule process walk-throughs for each process with process/control owners
→ Review current and prior-year control deficiencies in order to determine the remediation status
→ Update process maps
→ Prepare control deficiency reports and follow up on remediation efforts
→ Meet with external auditors as necessary to provide status updates and remediation efforts of ongoing work
|Chief Financial Officer||Executive Sponsor of the SOX program|
|Control Owners||Responsible for:
→ Confirming control description for controls that are assigned to them
→ Update SOX Internal controls page for any changes in the people, process and platform and provide edits to the SOX PMO for review within 30 days of change
→ Make themselves available to speak with the SOX PMO upon their request for walkthroughs, sign-offs , testing and for discussion of test results
→ Provide test evidence to the SOX PMO upon request.
→ Remediate control deficiencies
Following outputs of SOX program will be maintained and monitored by the SOX PMO function.