How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control / Edition 3

How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control / Edition 3

5.0 1
by Michael J. Ramos
     
 

How to Comply with Sarbanes-Oxley Section 404 Third Edition

Now fully revised and updated, the Third Edition of How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control is the perfect starting point for companies with no previous SOX experience to get up to speed quickly. Packed with practice aids including forms,

See more details below

Overview

How to Comply with Sarbanes-Oxley Section 404 Third Edition

Now fully revised and updated, the Third Edition of How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control is the perfect starting point for companies with no previous SOX experience to get up to speed quickly. Packed with practice aids including forms, checklists, illustrations, diagrams, and tables, the new edition leads auditing professionals through every step of the audit processes associated with Section 404 compliance.

Written by author and renowned auditing expert Michael Ramos, the Third Edition of this easy-to-follow and practical guide updates readers on a number of changes that have taken place since publication of the Second Edition. This indispensable guide includes:

  • Full incorporation of new interpreta-tions from SEC, PCAOB and COSO, with particular emphasis on SOX 404 as it relates to smaller public companies
  • Comprehensive, step-by-step approach for engagement performance with in-depth explanations and practice aids
  • Practical advice on making sound judgments about the internal control testing and evaluation process
  • Guidance on making the assessment of internal control more effective and less of a drain on already limited resources
  • Coverage of post-implementation best practices that enable companies to develop strategies and approaches for ongoing compliance

Sarbanes-Oxley is about process and requires more than just the reporting of results alone. How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control, Third Edition provides auditing professionals with everything necessary to apply these matters now so important to our financial reporting system.

Read More

Product Details

ISBN-13:
9780470169308
Publisher:
Wiley
Publication date:
03/07/2008
Edition description:
Revised, Update
Pages:
288
Product dimensions:
6.14(w) x 9.21(h) x 0.69(d)

Table of Contents

Preface.

Acknowledgments.

Chapter 1. The Evaluation Approach.

Chapter Summary.

Management’s Evaluation of Internal Control.

Overview of the Evaluation Process.

Risk-Based Judgments.

Why Understanding Risk is Important.

A Risk-Based, Top-Down Evaluation Approach.

Identification of Misstatement Risk.

Assessment of Misstatement Risk.

The Likelihood of Control Failure.

A "Top-Down" Approach to Identifying Relevant Controls.

The Independent Auditor's Reporting Responsibilities.

Overall Objective of the Auditor's Engagement.

Use of Work of Internal Auditors and Others.

Working with the Independent Auditors.

Chapter 2. Internal Control Criteria.

Chapter Summary.

The Need for Control Criteria.

The COSO Internal Control Integrated Framework.

Key Characteristics of the COSO Framework.

By Way of Analogy.

Five Components of Internal Control.

The Control Environment.

Risk Assessment.

Control Activities.

Information and Communication.

Monitoring.

Internal Control for Small Businesses.

Controls Over Information Technology Systems.

COSO Guidance.

The COBIT Framework.

Chapter 3. Project Scoping.

Chapter Summary.

Introduction.

One Size Does Not Fit All.

Entity-Level Controls.

Applying the Top-Down, Risk Based Approach.

Corporate Culture.

Personnel Policies.

IT General Controls.

Risk Identification.

Monitoring.

Anti-Fraud Programs and Controls.

Period-End Financial Reporting Processes.

Identifying Significant Activity-Level Control Objectives.

Appendix A. Action Plan: Identifying Significant Control Objectives.

Appendix B.Example Control Objectives.

Chapter 4. Project Planning.

Chapter Summary.

The Objective Of Planning.

Information Gathering For Decision Making.

Organize Your Project According to Business Process Activities.

Areas of Focus.

Defining Internal Control Deficiencies.

Project Scope and Existing Efforts to Assess Internal Control Effectiveness.

Other Scope Considerations.

Information Sources.

SEC Form 10K.

Other Information Sources.

Inquiries.

Additional Guidance.

Structuring The Project Team.

Establishing Responsibilities and Lines of Reporting.

Project Team Members.

Coordinating With The Independent Auditors.

Reach Consensus on Planning Matters.

Documenting Your Planning Decisions.

Appendix 4A. Action Plan: Project Planning.

Appendix 4B. Summary of Planning Questions.

Chapter 5. Documentation of Internal Controls.

Chapter Summary.

The Importance of Documentation.

Assessing The Adequacy Of Existing Documentation.

What Should Be Documented.

How Much to Document.

Documentation Of Entity-Level Control Policies And Procedures.

Corporate Governance Documents.

Code of Conduct.

Other Documentation.

Documenting Activity-Level Controls.

Determine the Controls to Be Documented.

How to Design Internal Control Documentation.

Flowcharting.

Narratives.

Matrixes.

Sarbanes-Oxley Automated Compliance Tools.

Functions of an Automated Sarbanes-Oxley Tool.

Implementation Is Critical.

Assessing the Control Warehouse Function.

Managing the Testing of Controls.

Automated Control Procedures.

The Value of an Automated Compliance Tool.

Coordinating With The Independent Auditors.

Appendix 5A. Action Plan: Documentation.

Appendix 5B. Linkage of Significant Control Objectives to Example Control Policies and Procedures.

Note.

Chapter 6. Testing and Evaluating Entity-Level Controls.

Chapter Summary.

Overall Objective Of Testing Entity-Level Controls.

Relationship between Entity-Level and Application-Level Controls.

Design Effectiveness versus Operational Effectiveness.

Testing Techniques.

The Nature of Available Evidence.

Survey and Inquiries of Employees.

Inquiries of Management.

IT General Controls.

Reading and Assessment of Key Documents.

Observation of Processes.

Monitoring.

Evaluating The Effectiveness Of Entity-Level Controls.

Making the Assessment.

Five Levels of Reliability.

Responding to Identified Weaknesses.

Documenting Test Results.

Coordinating With The Independent Auditors.

Appendix 6A. Action Plan: Testing and Evaluating Entity-Level Controls.

Appendix 6B. Survey Tools.

Example Letter To Employees In Advance Of Employee Survey.

Notes.

Example Employee Survey Of Corporate Culture And Personnel Policies.

Purpose of the Survey.

Confidentiality.

Instructions.

Notes.

Evaluation Of Employee Survey Results.

Evaluating Results.

Appendix 6C. Example Inquiries of Management Regarding Entity-Level Controls.

Instructions For Use.

Chapter 7. Testing and Evaluating Activity-Level Controls.

Chapter Summary.

Introduction.

Confirm Your Understanding Of The Design Of Controls.

What’s a Walkthrough?

Suggestions for Performing a Walkthrough.

Assessing The Effectiveness Of Design.

Financial Statement Assertions and Controls.

Information-Processing Streams.

Operating Effectiveness.

Test Design Considerations.

A Risk-Based Approach to Designing Tests.

Sample Sizes and Extent of Tests.

Types of Tests.

Evaluating Test Results.

Documentation Of Test Procedures And Results.

Coordinating With The Independent Auditors.

Appendix 7A. Action Plan: Documentation.

Appendix 7B. Example Inquiries.

Chapter 8. Evaluating Control Deficiencies and Reporting on Internal Control Effectiveness.

Chapter Summary.

Control Deficiencies.

Evaluating Control Deficiencies.

Assessing the Likelihood and Significance of Misstatement.

Deficiencies that May be Material Weaknesses.

Compensating Controls.

The "Prudent Official Test".

Annual and Quarterly Reporting Requirements.

Management's Report When a Material Weakness Exists at Year-End.

"As Of" Reporting Implications.

Expanded Reporting On Management's Responsibilities For Internal Control.

Responsibility for Financial Reporting.

Coordinating With The Independent Auditors And Legal Counsel.

Independent Auditors.

Legal Counsel.

Appendix 8A. Action Plan: Reporting.

2. Prepare Required Report.

Index.

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >