What are common SOX tests and how frequently are they performed to meet SOX compliance?

The external auditor will give its opinion based on the processes and validity of your Control Environment, how the company goes about and establish its risk assessment, what policies-procedures and control activities are in place to address the identified risks and what monitoring processes are in place to evaluate the efficiency and report on the effectiveness of the design and execution of the controls.

Sox testing is very broad since the objective is adequate controls around financial reporting objectives. Similar scoping applies to Sox testing as to financial statement audits. Since the auditor's opinion on internal controls is typically rendered in conjunction with the opinion on the financials, control testing will occur with similar frequency as the traditional audit reviews. If you are a large public organization or significant subsidiary, it will be quarterly. If you are a less significant subsidiary of a public org, it might be done annually (or not at all). If you are interested in finding detailed test steps, I am sure there are checklist and similar materials available on the web. P.S. I've been at a private company for the past 3+ years so my thoughts may be somewhat dated.