How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control / Edition 3

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 98%)
Other sellers (Hardcover)
  • All (13) from $1.99   
  • New (7) from $51.03   
  • Used (6) from $1.99   


How to Comply with Sarbanes-Oxley Section 404 Third Edition

Now fully revised and updated, the Third Edition of How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control is the perfect starting point for companies with no previous SOX experience to get up to speed quickly. Packed with practice aids including forms, checklists, illustrations, diagrams, and tables, the new edition leads auditing professionals through every step of the audit processes associated with Section 404 compliance.

Written by author and renowned auditing expert Michael Ramos, the Third Edition of this easy-to-follow and practical guide updates readers on a number of changes that have taken place since publication of the Second Edition. This indispensable guide includes:

  • Full incorporation of new interpreta-tions from SEC, PCAOB and COSO, with particular emphasis on SOX 404 as it relates to smaller public companies
  • Comprehensive, step-by-step approach for engagement performance with in-depth explanations and practice aids
  • Practical advice on making sound judgments about the internal control testing and evaluation process
  • Guidance on making the assessment of internal control more effective and less of a drain on already limited resources
  • Coverage of post-implementation best practices that enable companies to develop strategies and approaches for ongoing compliance

Sarbanes-Oxley is about process and requires more than just the reporting of results alone. How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control, Third Edition provides auditing professionals with everything necessary to apply these matters now so important to our financial reporting system.

Read More Show Less

Product Details

  • ISBN-13: 9780470169308
  • Publisher: Wiley
  • Publication date: 3/7/2008
  • Edition description: Revised, Update
  • Edition number: 3
  • Pages: 288
  • Product dimensions: 6.14 (w) x 9.21 (h) x 0.69 (d)

Meet the Author

Michael J. Ramos, CPA, also author of Wiley GAAS, is a consultant who writes extensively on emerging auditing matters. He has written numerous successful pro-ducts, including non-authoritative practiceaids, implementation guides and authorita-tive AICPA audit and accounting guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio and video scripts. Ramos has written in the areas of ethics, auditing, internal control, and fraud detection.

Read More Show Less

Table of Contents



Chapter 1. The Evaluation Approach.

Chapter Summary.

Management’s Evaluation of Internal Control.

Overview of the Evaluation Process.

Risk-Based Judgments.

Why Understanding Risk is Important.

A Risk-Based, Top-Down Evaluation Approach.

Identification of Misstatement Risk.

Assessment of Misstatement Risk.

The Likelihood of Control Failure.

A "Top-Down" Approach to Identifying Relevant Controls.

The Independent Auditor's Reporting Responsibilities.

Overall Objective of the Auditor's Engagement.

Use of Work of Internal Auditors and Others.

Working with the Independent Auditors.

Chapter 2. Internal Control Criteria.

Chapter Summary.

The Need for Control Criteria.

The COSO Internal Control Integrated Framework.

Key Characteristics of the COSO Framework.

By Way of Analogy.

Five Components of Internal Control.

The Control Environment.

Risk Assessment.

Control Activities.

Information and Communication.


Internal Control for Small Businesses.

Controls Over Information Technology Systems.

COSO Guidance.

The COBIT Framework.

Chapter 3. Project Scoping.

Chapter Summary.


One Size Does Not Fit All.

Entity-Level Controls.

Applying the Top-Down, Risk Based Approach.

Corporate Culture.

Personnel Policies.

IT General Controls.

Risk Identification.


Anti-Fraud Programs and Controls.

Period-End Financial Reporting Processes.

Identifying Significant Activity-Level Control Objectives.

Appendix A. Action Plan: Identifying Significant Control Objectives.

Appendix B.Example Control Objectives.

Chapter 4. Project Planning.

Chapter Summary.

The Objective Of Planning.

Information Gathering For Decision Making.

Organize Your Project According to Business Process Activities.

Areas of Focus.

Defining Internal Control Deficiencies.

Project Scope and Existing Efforts to Assess Internal Control Effectiveness.

Other Scope Considerations.

Information Sources.

SEC Form 10K.

Other Information Sources.


Additional Guidance.

Structuring The Project Team.

Establishing Responsibilities and Lines of Reporting.

Project Team Members.

Coordinating With The Independent Auditors.

Reach Consensus on Planning Matters.

Documenting Your Planning Decisions.

Appendix 4A. Action Plan: Project Planning.

Appendix 4B. Summary of Planning Questions.

Chapter 5. Documentation of Internal Controls.

Chapter Summary.

The Importance of Documentation.

Assessing The Adequacy Of Existing Documentation.

What Should Be Documented.

How Much to Document.

Documentation Of Entity-Level Control Policies And Procedures.

Corporate Governance Documents.

Code of Conduct.

Other Documentation.

Documenting Activity-Level Controls.

Determine the Controls to Be Documented.

How to Design Internal Control Documentation.




Sarbanes-Oxley Automated Compliance Tools.

Functions of an Automated Sarbanes-Oxley Tool.

Implementation Is Critical.

Assessing the Control Warehouse Function.

Managing the Testing of Controls.

Automated Control Procedures.

The Value of an Automated Compliance Tool.

Coordinating With The Independent Auditors.

Appendix 5A. Action Plan: Documentation.

Appendix 5B. Linkage of Significant Control Objectives to Example Control Policies and Procedures.


Chapter 6. Testing and Evaluating Entity-Level Controls.

Chapter Summary.

Overall Objective Of Testing Entity-Level Controls.

Relationship between Entity-Level and Application-Level Controls.

Design Effectiveness versus Operational Effectiveness.

Testing Techniques.

The Nature of Available Evidence.

Survey and Inquiries of Employees.

Inquiries of Management.

IT General Controls.

Reading and Assessment of Key Documents.

Observation of Processes.


Evaluating The Effectiveness Of Entity-Level Controls.

Making the Assessment.

Five Levels of Reliability.

Responding to Identified Weaknesses.

Documenting Test Results.

Coordinating With The Independent Auditors.

Appendix 6A. Action Plan: Testing and Evaluating Entity-Level Controls.

Appendix 6B. Survey Tools.

Example Letter To Employees In Advance Of Employee Survey.


Example Employee Survey Of Corporate Culture And Personnel Policies.

Purpose of the Survey.




Evaluation Of Employee Survey Results.

Evaluating Results.

Appendix 6C. Example Inquiries of Management Regarding Entity-Level Controls.

Instructions For Use.

Chapter 7. Testing and Evaluating Activity-Level Controls.

Chapter Summary.


Confirm Your Understanding Of The Design Of Controls.

What’s a Walkthrough?

Suggestions for Performing a Walkthrough.

Assessing The Effectiveness Of Design.

Financial Statement Assertions and Controls.

Information-Processing Streams.

Operating Effectiveness.

Test Design Considerations.

A Risk-Based Approach to Designing Tests.

Sample Sizes and Extent of Tests.

Types of Tests.

Evaluating Test Results.

Documentation Of Test Procedures And Results.

Coordinating With The Independent Auditors.

Appendix 7A. Action Plan: Documentation.

Appendix 7B. Example Inquiries.

Chapter 8. Evaluating Control Deficiencies and Reporting on Internal Control Effectiveness.

Chapter Summary.

Control Deficiencies.

Evaluating Control Deficiencies.

Assessing the Likelihood and Significance of Misstatement.

Deficiencies that May be Material Weaknesses.

Compensating Controls.

The "Prudent Official Test".

Annual and Quarterly Reporting Requirements.

Management's Report When a Material Weakness Exists at Year-End.

"As Of" Reporting Implications.

Expanded Reporting On Management's Responsibilities For Internal Control.

Responsibility for Financial Reporting.

Coordinating With The Independent Auditors And Legal Counsel.

Independent Auditors.

Legal Counsel.

Appendix 8A. Action Plan: Reporting.

2. Prepare Required Report.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted January 10, 2010

    No text was provided for this review.

Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)