Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies / Edition 4

Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies / Edition 4

by Lynford Graham
     
 

ISBN-10: 0470572558

ISBN-13: 9780470572559

Pub. Date: 04/05/2010

Publisher: Wiley

Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies

Once your small, publicly held company has successfully completed its initial implementation of Sarbanes-Oxley Section 404 compliance, it needs to establish an ongoing process to maintain compliance. This requires a workable system in which new employees can be easily

…  See more details below

Overview

Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies

Once your small, publicly held company has successfully completed its initial implementation of Sarbanes-Oxley Section 404 compliance, it needs to establish an ongoing process to maintain compliance. This requires a workable system in which new employees can be easily trained in compliance rules and regulations, and in which effective internal control evaluation is in place without draining your company's assets.

Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies provides in-depth guidance and citations from authoritative sources to allow professionals to better distinguish among requirements, suggestions, and guidance. Focusing on proven techniques to make the 404 implementation and annual compliance process more efficient, this book features a step-by-step process for evaluating a company's internal control and proving these systems are effectively in place.

This hands-on resource is packed with such practice aids as forms, checklists, illustrations, diagrams, and tables to assist anyone who participates in the planning or performance of an evaluation—including CFOs, internal auditors, and outside consultants. Clearly and logically organized, Complying with Sarbanes-Oxley Section 404 covers:

  • Management's required assessment of internal control

  • Working and coordinating with independent auditors

  • Information technology controls

  • Understanding fraud risk assessment

  • Documenting your planning decisions

  • Evaluating the effectiveness of entity-level controls

  • Testing and evaluating activity-level controls

  • Evaluating control deficiencies

Providing smaller public companies with guidance for understanding and complying with the SOX 404 requirements, this book provides updated citations and references to SEC and PCAOB materials, links to current guidance online, and specific guidance on working with auditors to achieve benefits and cost reductions. It also provides invaluable coverage of IT and IT general controls, and clarifies guidance directed to companies versus guidance directed to auditors.

Read More

Product Details

ISBN-13:
9780470572559
Publisher:
Wiley
Publication date:
04/05/2010
Series:
Wiley Corporate F&A Series, #2
Pages:
368
Sales rank:
1,004,470
Product dimensions:
6.20(w) x 9.10(h) x 1.30(d)

Related Subjects

Table of Contents

Preface ix

Acknowledgments xi

About the Author xiii

Chapter 1 Introduction and Company Requirements 1

Chapter Summary 1

Lessons Learned 1

Management's Evaluation of Internal Control 4

SEC Company Requirements 8

Working with the Independent Auditors 23

Chapter 2 The COSO Internal Control Framework 25

Chapter Summary 25

Need for Control Criteria 25

The Triangle of Efficiency 26

COSO Internal Control Integrated Framework 27

Information and Communication 50

Internal Control for Small Businesses 54

Information Technology Controls 58

Control Objectives and Assertions: The Building Blocks of Controls Documentation 64

Example Control Objectives by COSO Component 65

Appendix 2A Understanding and Awareness of Control Responsibilities 71

Appendix 2B Management Antifraud Programs and Controls: An Element of the Control Environment 73

Appendix 2C Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees 95

Chapter 3 Project Scoping 97

Chapter Summary 97

Introduction 97

Does "In Scope" Imply Extensive Testing? 100

Review Obvious Information Sources 103

A Process for Risk Assessment 116

Appendix 3A Summary of Scoping Inquiries 133

Appendix 3B Understanding Fraud Risk Assessment 137

Chapter 4 Project Planning 143

Chapter Summary 143

Objective of Planning 143

Information Gathering for Decision Making 144

Structuring the Project Team 147

Consider Project Tools and Software 153

Consider a Pilot Project 163

Coordinating with the Independent Auditors 167

Documenting Your Planning Decisions 169

Chapter 5 Documentation of Internal Controls 173

Chapter Summary 173

Importance of Documentation 173

Assessing the Adequacy of Existing Documentation 175

Documentation Supporting the Control Environment 177

Documenting Activity-Level Controls 182

Finding Control Activity Control Objectives 208

Appendix 5A Sample Control Objectives for Major Control Activities 210

Appendix 5B Linkage of Significant Control Objectives to Example Control Policies and Procedures 223

Chapter 6 Testing and Evaluating Entity-Level Controls 231

Chapter Summary 231

Overall Objective of Testing Entity-Level Controls 231

Testing Techniques and Evidence 234

Evaluating the Effectiveness of Entity-Level Controls 252

Documenting Test Results 257

Appendix 6A Conducting Interviews: Gathering Internal Control Information 259

Appendix 6B Example Practice Aids Gathering Internal Control Information 267

Appendix 6C Example Inquiries of Management Regarding Entity-Level Controls Gathering Internal Control Information 274

Chapter 7 Testing and Evaluating Activity-Level Controls 281

Chapter Summary 281

Introduction 281

Confirm Your Understanding of the Design of Controls First 281

Assessing the Effectiveness of Design 286

Assessing Operating Effectiveness 288

Evaluating Test Results 304

Documentation of Test Procedures and Results 305

Interactions with the Independent Auditors 305

Appendix 7A Sample Size Tutorial 307

Appendix 7B Example Inquiries 310

Chapters 8 Evaluating Control Deficiencies and Reporting on Internal Control Effectiveness 313

Chapter Summary 313

Control Deficiencies 313

Evaluating Control Deficiencies 314

Annual and Quarterly Reporting Requirements 326

Reporting on Management's Responsibilities for Internal Control 332

Required Company and Auditor Communications 333

Reporting the Remediation of Weaknesses 337

Coordinating with the Independent Auditors and Legal Counsel 337

Appendix 8A Action Plan: Reporting 339

Appendix 8B Assessing the Potential Magnitude of a Control Deficiency 341

Key Resources 345

Final Rule: Management's Report on Internal Control over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports 345

Index 349

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >