You are previewing How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control.
O'Reilly logo
How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control

Book Description

Now fully revised and updated, the Third Edition of How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control is the perfect starting point for companies with no previous SOX experience. Packed with practice aids including forms, checklists, illustrations, diagrams, and tables, the new edition leads auditing professionals through every step of the audit processes associated with Section 404 compliance.

Table of Contents

  1. Copyright
  2. PREFACE
  3. ACKNOWLEDGMENTS
    1. TECHNICAL ADVISORY BOARD
    2. OTHER ACKNOWLEDGMENTS
  4. ABOUT THE AUTHOR
  5. The Evaluation Approach
    1. MANAGEMENT'S EVALUATION OF INTERNAL CONTROL
    2. RISK-BASED JUDGMENTS
    3. RISK-BASED, TOP-DOWN EVALUATION APPROACH
    4. WORKING WITH THE INDEPENDENT AUDITORS
  6. Internal Control Criteria
    1. NEED FOR CONTROL CRITERIA
    2. COSO INTERNAL CONTROL INTEGRATED FRAMEWORK
    3. INFORMATION AND COMMUNICATION
    4. INTERNAL CONTROL FOR SMALL BUSINESSES
    5. CONTROLS OVER INFORMATION TECHNOLOGY SYSTEMS
  7. Project Scoping
    1. INTRODUCTION
    2. Entity-Level Controls
    3. IDENTIFYING SIGNIFICANT ACTIVITY-LEVEL CONTROL OBJECTIVES
    4. APPENDIX 3A ACTION PLAN: IDENTIFYING SIGNIFICANT CONTROL OBJECTIVES
    5. APPENDIX 3B EXAMPLE CONTROL OBJECTIVES
  8. Project Planning
    1. Objective of Planning
    2. INFORMATION GATHERING FOR DECISION MAKING
    3. INFORMATION SOURCES
    4. STRUCTURING THE PROJECT TEAM
    5. COORDINATING WITH THE INDEPENDENT AUDITORS
    6. DOCUMENTING YOUR PLANNING DECISIONS
    7. Appendix 4A Action Plan: Project Planning
    8. Appendix 4B Summary of Planning Questions
  9. DOCUMENTATION OF INTERNAL CONTROLS
    1. IMPORTANCE OF DOCUMENTATION
    2. ASSESSING THE ADEQUACY OF EXISTING DOCUMENTATION
    3. Documentation of Entity-Level Control Policies and Procedures
    4. DOCUMENTING ACTIVITY-LEVEL CONTROLS
    5. SARBANES-OXLEY AUTOMATED COMPLIANCE TOOLS
    6. COORDINATING WITH THE INDEPENDENT AUDITORS
    7. Appendix 5A Action Plan: Documentation
    8. Appendix 5B Linkage of Significant Control Objectives to Example Control Policies and Procedures
    9. Notes
  10. Testing and Evaluating Entity-Level Controls
    1. OVERALL OBJECTIVE OF TESTING ENTITY-LEVEL CONTROLS
    2. TESTING TECHNIQUES
    3. EVALUATING THE EFFECTIVENESS OF ENTITY-LEVEL CONTROLS
    4. DOCUMENTING TEST RESULTS
    5. COORDINATING WITH THE INDEPENDENT AUDITORS
    6. Appendix 6A Action Plan: Testing and Evaluating Entity-Level Controls
    7. Appendix 6B SURVEY TOOLS
    8. Appendix 6C Example Inquiries Of Management Regarding Entity-Level Controls
    9. Notes
  11. Testing and Evaluating Activity-Level Controls
    1. INTRODUCTION
    2. CONFIRM YOUR UNDERSTANDING OF THE DESIGN OF CONTROLS
    3. ASSESSING THE EFFECTIVENESS OF DESIGN
    4. OPERATING EFFECTIVENESS
    5. EVALUATING TEST RESULTS
    6. DOCUMENTATION OF TEST PROCEDURES AND RESULTS
    7. COORDINATING WITH THE INDEPENDENT AUDITORS
    8. Appendix 7A Action Plan: Documentation
    9. Appendix 7B Example Inquiries
  12. Evaluating Control Defficiencies and Reporting on Internal Control Effectiveness
    1. CONTROL DEFICIENCIES
    2. EVALUATING CONTROL DEFICIENCIES
    3. ANNUAL AND QUARTERLY REPORTING REQUIREMENTS
    4. EXPANDED REPORTING ON MANAGEMENT'S RESPONSIBILITIES FOR INTERNAL CONTROL
    5. COORDINATING WITH THE INDEPENDENT AUDITORS AND LEGAL COUNSEL
    6. Appendix 8A Action Plan: Reporting