APPENDIX SIX A
Entity-Level Control Assessment
CONTROL ASSESSMENT OVERVIEW
The Sarbanes-Oxley Act of 2002 (SOX) requires Securities and Exchange Commission (SEC) registrants to report on internal controls. Section 404 of SOX directs the SEC to adopt rules requiring annual reports of public companies to include an assessment, as of the end of the fiscal year, of the effectiveness of internal controls and procedures for financial reporting.
The following questionnaire is a comprehensive evaluation of the internal controls at the entity level that may have a pervasive effect on the organization. According to the Public Company Oversight Accounting Board (PCAOB) ruling of March 9, 2004:
[M]anagement is required to base its assessment of the effectiveness of the company’s internal control over financial reporting on a suitable, recognized control framework established by a body of experts that followed due-process procedures to develop the framework.
The Committee of Sponsoring Organizations (COSO) of the Treadway Commission developed such a framework, which is suitable to PCOAB. ABC Company has adopted the COSO Framework for its internal control evaluations. This questionnaire includes consideration of factors in each of the five components of internal control that can have a pervasive effect on the risk of errors or fraud. These five interrelated components included in the COSO Framework are:
1. Control environment. Establishes the foundation for an internal control system by providing ...