Praise for Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL\ "Having managed several dozen consultants assisting numerous clients to become SOx compliant, I can say Bob Moeller truly knows his stuff. This book should be read as much as a technical reference source as for its value as a pragmatic how-to guide. It's packed with winning methods that can be implemented immediately."\ —Michael Shapow, Regional Vice President–Consulting ServicesRobert Half...
Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL is essential reading for professionals facing the obstacle of improving internal controls in their businesses. This timely resource provides at-your-fingertips critical compliance and internal audit best practices for today's world of SOx internal controls. Detailed and practical, this introductory handbook will help you to revitalize your business and drive greater performance.
Preface xiIntroduction: Sarbanes-Oxley and Establishing Effective Internal Controls 1Changes Since SOx Was First Introduced 3Converging Trends: ITIL, CobiT, and Others 7Sarbanes-Oxley Act Today: Changing Perspectives 13Sarbanes-Oxley Act: Key Elements 14Impact of the Sarbanes-Oxley Act 51AS5 Standards for Auditing Internal Controls 53AS5 Objectives 54Reviewing Section 404 Internal Controls Under AS5: Introduction 57Planning the SOx AS5 Audit 59AS5's Top-Down Approach 66Testing Internal Controls 72Evaluating Identified Audit Deficiencies 75Wrapping Up the AS5 Audit 76Reporting on AS5 Audit Internal Controls 78Improving Internal Controls Using AS5 Guidance 79Going Forward: Potential Risks and Rewards 80Establishing Internal Controls Through COSO 83Importance of Effective Internal Controls 84Internal Control Standards: Background 86Events Leading to the Treadway Commission 90COSO Internal Control Framework 94Other Dimensions of the COSO InternalControl Framework 116Using CobiT Framework to Improve SOx Controls and Governance 119CobiT Framework 122Using CobiT to Assess Internal Controls 127CobiT and Sarbanes-Oxley 141Performing Section 404 Reviews Under AS5: An Ongoing Process 149SOx Section 404 Assessments of Internal Controls Today 150SOx Section 404 Requirements 152Section 404 Filing Rules: Changing Deadlines for Eligibility 168Gaps and Compliance Committees Under Today's SOx Rules 173Documenting Internal Controls Going Forward 178Control Objectives and Risks Under Section 404 180Other SOx Requirements: Sections 302, 409, and Others 183Other Important SOx Compliance Rules 184Section 302: Management's Financial Report Responsibilities 184Section 401: Off-Balance Sheet Disclosures 188Section 409: Disclosures on Financial Conditions and Operations 190Section 802: Penalties for Altering Documents 192Section 806: Whistleblower Provisions 193Keeping SOx Rules in Focus 201Using ITIL to Align IT with Business Processes 203Importance of the Information Technology Infrastructure 204ITIL Framework 206ITIL Service Delivery Best Practices 208ITIL Service Support Best Practices 221Security Management 237Linking ITIL with CobiT and SOx Internal Controls 239Importance of Enterprise Risk Management 241Importance of Risk Management 243COSO ERM Framework 247Other Dimensions of the COSO ERM Framework 270Putting It All Together 280Auditing COSO ERM Processes 281COSO ERM in Perspective 282International Standards: ISO, Quality Auditing, and SOx 285Importance of ISO Standards in Today's Global World 286ISO Standards Overview 289Quality Audit Process 301IFAC International Accounting Standards 310Internal Audit in a Sarbanes-Oxley Environment 315Profession of Internal Auditing 316Internal Audit Professional Standards 322CBOK: Internal Audit's Common Body of Knowledge 341Importance of Effective Corporate Governance 351Reporting Whistleblower Incidents: Establishing a Hotline Facility 352Building an Enterprise-Wide Ethical Culture 356Chief Compliance Officer Roles and Responsibilities 361Board of Directors and the Audit Committee 364Assessing SOx Internal Controls 366Index 369