Sox 404 Guide

Only available on StudyMode
  • Download(s) : 134
  • Published : March 1, 2013
Open Document
Text Preview
SARBANES-OXLEY SECTION 404:

A Guide for Management by Internal Controls Practitioners

SARBANES-OXLEY SECTION 404:
A Guide for Management by Internal Controls Practitioners

The Institute of Internal Auditors
2nd Edition, January 2008

Table of Contents
About the Second Edition...........................................................................................................iii How to Use This Guide .............................................................................................................. iv Introduction................................................................................................................................. 1 Summary for the CEO and CFO ................................................................................................. 3 A. Section 404: Rules or Principles ............................................................................................ 9 B. C. Revisiting the Principles of Internal Control ...................................................................... 11 The COSO Framework ....................................................................................................... 15 What Constitutes an Effective System of Internal Control as it Relates to the Requirements of Section 404?............................................................................................. 18

D. Who Is Responsible for Internal Controls? ......................................................................... 19 E. F. What Is the Scope of Management’s Assessment of the System of Internal Control Over Financial Reporting?.................................................................................................. 21 Defining the Detailed Scope for Section 404 ....................................................................... 25 1) 2) 3) 4) 5) 6) 7) Using a Top-down and Risk-based Approach to Defining the Scope .......................... 25 The Detailed Process for Defining the Scope ............................................................... 27 Materiality .................................................................................................................. 28 Significant Accounts and Disclosures.......................................................................... 28 Financial Statement Assertions ................................................................................... 30 Significant Locations, Business Processes, and Major Classes of Transactions............ 30 Key Control ................................................................................................................ 31 a. b. c. d. e. 8) 9) Identifying Key Controls Within Business Processes ........................................... 32 Identifying Key ITGCs ........................................................................................ 35 Other Entity-level Controls .................................................................................. 39 Spreadsheets and Other End-user Computing Issues ........................................... 41 Controls Performed by Third-party Organizations (SAS 70 Type II Reports)...... 44

Fraud Risk Assessment ............................................................................................... 45 Process and Control Documentation .......................................................................... 46

The Institute of Internal Auditors / www.theiia.org

i

TABLE Of CONTENTS

G. Testing Key Controls .......................................................................................................... 48 1) 2) Testing Automated Controls ....................................................................................... 51 Testing Indirect Entity-level Controls.......................................................................... 52

H. Assessing the Adequacy of Controls, Including Assessing Deficiencies .............................. 54 I. J....
tracking img