The Sarbanes-Oxley Section 404 Implementation Toolkit: Practice Aids for Managers and Auditors

✍ Scribed by Michael J. Ramos

Year: 2008
Tongue: English
Leaves: 410
Edition: 2
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

Now updated and fully revised, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition helps large or small companies continue to meet the complex internal control reporting requirements of Sarbanes-Oxley. Brimming with a wealth of forms and checklists, the new edition helps you get up to speed quickly with SOX 404 requirements and makes the compliance process repeatable, more efficient, and more effective.

✦ Table of Contents

THE SARBANES-OXLEY SECTION 404 IMPLEMENTATION TOOLKIT, Second Edition......Page 3
Contents......Page 5
About the Author......Page 9
Preface......Page 11
Acknowledgments......Page 13
Part I: Tools for Management......Page 15
ADM-1: General Work Program......Page 17
ADM-2: Project Planning Summary......Page 31
ADM-2A: Checklist for Summarizing Project Team Competence and Objectivity......Page 45
ADM-2B.1: Worksheet for Determining and Documenting Significant Accounts and Disclosures......Page 48
ADM-2B.2: Mapping of Business Processes to Significant Accounts and Disclosures......Page 54
ADM-2C: Example Inquiries to Identify Changes to Internal Control......Page 59
ADM-3: Senior Management Review Checklist......Page 61
ADM-4: Checklist for Preparation of Management’s Report on Internal Control Effectiveness......Page 66
Part II: Documentation of Internal Control Design......Page 71
DOC-1: Work Program for the Review of Documentation of Entity-Level Controls......Page 73
DOC-1A: Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls......Page 76
DOC-1B: Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls......Page 80
DOC-2: Work Program for the Review of Documentation of Activity-Level Controls......Page 94
DOC-2A: Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls......Page 96
DOC-2B: Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location......Page 99
DOC-3: Documentation Techniques and Selected Examples for Routine Transactions......Page 101
DOC-4: Checklist for Evaluating SOX 404 Software......Page 124
Part III: Internal Control Testing Programs......Page 127
Entity-Level Controls Testing Tools......Page 129
TST-ENT-1: Summary of Observations and Conclusions about Entity-Level Control Effectiveness......Page 133
TST-ENT-1A: Checklist for Small Business Entity-Level Controls......Page 149
TST-ENT-2: Work Program for Testing Entity-Level Control Effectiveness......Page 157
TST-ENT-3: Index to Tests of Entity-Level Controls: Inquiries and Surveys......Page 185
TST-ENT-3A: Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Management......Page 190
TST-ENT-3B: Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Board Members......Page 201
TST-ENT-3C: Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Audit Committee Members......Page 207
TST-ENT-3D: Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Employees......Page 214
TST-ENT-3E: Example Employee Survey......Page 221
TST-ENT-4: Index to Tests of Entity-Level Controls: Inspection of Documentation......Page 229
TST-ENT-4A: Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls......Page 231
TST-ENT-5: Index to Tests of Entity-Level Controls: Observation of Operations......Page 234
TST-ENT-5A: Worksheet to Document Observation of Operation of Entity-Level Controls......Page 236
TST-ENT-6: Index to Tests of Entity-Level Controls: Reperformance of Controls......Page 239
TST-ENT-6A: Worksheet to Document Reperformance of Entity-Level Controls......Page 241
TST-ENT-7: Work Program for Reviewing a Report on IT General Control Effectiveness......Page 244
TST-ENT-7A: Planning and Review of Scope of Tests of IT General Control Effectiveness......Page 249
TST-ENT-8: Work Program for Performing an IT General Controls Review......Page 255
Guidelines for Testing Activity-Level Control Effectiveness......Page 259
TST-ACT-1: Guidelines and Example Inquiries for Performing Walkthroughs......Page 267
TST-ACT-2: Example Testing Program for Activity-Level Tests of Controls......Page 275
TST-ACT-2A: Example Testing Program for Control Operating Effectiveness: Revenue......Page 276
TST-ACT-2B: Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures......Page 281
TST-ACT-2C: Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements......Page 285
TST-ACT-2D: Example Testing Program for Control Operating Effectiveness: Payroll......Page 289
TST-ACT-3: Work Program for the Review of a Type 2 SAS No. 70 Report......Page 293
TST-ACT-3A: Type 2 SAS No. 70 Report Review Checklist......Page 296
TST-ACT-4: Process Owners’ Monitoring of Control Effectiveness......Page 303
Part IV: Example Letters and Other Communications......Page 309
COM-1: Example Engagement Letter for Outside Consultants to Management......Page 311
COM-2: Example Management Representation Letter......Page 315
COM-3: Example Management Reports on Effectiveness of Internal Control over Financial Reporting......Page 317
COM-4: Example Subcertification......Page 319
Appendix A......Page 321
About the CD-ROM......Page 399
Index......Page 403

📜 SIMILAR VOLUMES

The Sarbanes-Oxley 404 implementation to

📁 The Sarbanes-Oxley 404 implementation toolkit : practice aids for management and auditors

✍ Michael J Ramos 📂 Library 📅 2005 🏛 Wiley 🌐 English

Risk Management Solutions for Sarbanes-O

📁 Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance

✍ John S. Quarterman 📂 Library 📅 2006 🏛 Wiley 🌐 English

<ul><li>Examines how risk management security technologies must prevent virus and computer attacks, as well as providing insurance and processes for natural disasters such as fire, floods, tsunamis, terrorist attacks<li>Addresses four main topics: the risk (severity, extent, origins, complications,

Risk management solutions for Sarbanes-O

📁 Risk management solutions for Sarbanes-Oxley section 404 IT compliance

✍ John S Quarterman 📂 Library 📅 2006 🏛 Wiley Pub 🌐 English

FEI Survey on Sarbanes-Oxley Section 404

📁 FEI Survey on Sarbanes-Oxley Section 404 Implementation: May 2007

✍ Financial Executives Research Foundation 📂 Library 📅 2007 🌐 English

The purpose of this study is to help financial executives benchmark their costs of compliance with Section 404 of the Sarbanes-Oxley Act of 2002. This study analyzes the results of a survey of 200 FEI members in which they were asked for their own costs incurred during 2006 for compliance with Secti

Security controls for Sarbanes-Oxley sec

📁 Security controls for Sarbanes-Oxley section 404 IT compliance : authorization, authentication, and access

✍ Dennis C Brewer 📂 Library 📅 2006 🏛 Wiley Pub 🌐 English

Security Controls for Sarbanes-Oxley Sec

📁 Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access

✍ Dennis C. Brewer 📂 Library 📅 2005 🏛 Wiley 🌐 English

In 2005, after significant staff increases takes affect, the SEC will begin massive, quarterly and yearly IT security audits to certify all public companies. Lack of IT certification will lead to fines up to $5 million and prison time up to 20 years for willful violation. The law does not stop at U.