How can companies easily comply with Sarbanes-Oxley Section 404?\ Looking for a highly accessible, simple, and practical approach to help your company easily comply with Sarbanes-Oxley Section 404? The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition presents a detailed road map to help companies not only streamline their compliance process, but also make the process manageable and repeatable year after year.\ A must-read for all CFOs, internal auditors, CPA firms, and...
Every company that has successfully completed its first year of Sarbanes-Oxley Section 404 compliance now has to establish an ongoing process to maintain their compliance. New challenges companies have to address going forward are:How to create a methodology that is repeatable and easily taught to new employees who were not part of the original core project teamHow to make the assessment of internal control more effective and less of a drain on already limited resourcesThe Sarbanes-Oxley Section 404 Implementation Toolkit is a wellspring of detailed implementation practice aids to help companies continue to meet the complex internal control reporting requirements of Sarbanes-Oxley.Providing a road map through the entire compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit offers clear instructions to help readers gather and assess information in order to form logical, supportable conclusions about internal control effectiveness. In addition, it lays out a very involved testing process that engages the project team with operating personnel to discover "what really goes on" at the company. To ensure successful discovery, this book helps the project team be highly active by encouraging them to ask multiple questions, make observations, and corroborate single instances of control compliance until a clear pattern emerges.In addition to a wealth of forms and checklists, The Sarbanes-Oxley Section 404 Implementation Toolkit features a helpful CD-ROM containing all the tools in the book, including a collection of detailed work programs, audit checklists, and examples that can be tailored to meet the needs of any practice and client.By refining the Sarbanes-Oxley compliance process and creating an integrated tool set, The Sarbanes-Oxley Section 404 Implementation Toolkit helps make the compliance process repeatable, more efficient, and more effective.
About the Author viiPreface ixAcknowledgments xiTools for Management 1General Work Program 3Project Planning Summary 17Checklist for Summarizing Project Team Competence and Objectivity 31Worksheet for Determining and Documenting Significant Accounts and Disclosures 34Mapping of Business Processes to Significant Accounts and Disclosures 40Example Inquiries to Identify Changes to Internal Control 45Senior Management Review Checklist 47Checklist for Preparation of Management's Report on Internal Control Effectiveness 52Documentation of Internal Control Design 57Work Program for the Review of Documentation of Entity-Level Controls 59Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls 62Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls 66Work Program for the Review of Documentation of Activity-Level Controls 80Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls 82Assessment of Internal Control Effectiveness:Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location 85Documentation Techniques and Selected Examples for Routine Transactions 87Checklist for Evaluating SOX 404 Software 110Internal Control Testing Programs 113Entity-Level Controls Testing Tools 115Summary of Observations and Conclusions about Entity-Level Control Effectiveness 119Checklist for Small Business Entity-Level Controls 135Work Program for Testing Entity-Level Control Effectiveness 143Index to Tests of Entity-Level Controls: Inquiries and Surveys 171Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Management 176Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Board Members 187Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Audit Committee Members 193Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Employees 200Example Employee Survey 207Index to Tests of Entity-Level Controls: Inspection of Documentation 215Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls 217Index to Tests of Entity-Level Controls: Observation of Operations 220Worksheet to Document Observation of Operation of Entity-Level Controls 22Index to Tests of Entity-Level Controls: Reperformance of Controls 225Worksheet to Document Reperformance of Entity-Level Controls 227Work Program for Reviewing a Report on IT General Control Effectiveness 230Planning and Review of Scope of Tests of IT General Control Effectiveness 235Work Program for Performing an IT General Controls Review 241Guidelines for Testing Activity-Level Control Effectiveness 245Guidelines and Example Inquiries for Performing Walkthroughs 253Example Testing Program for Activity-Level Tests of Controls 261Example Testing Program for Control Operating Effectiveness: Revenue 262Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures 267Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements 271Example Testing Program for Control Operating Effectiveness: Payroll 275Work Program for the Review of a Type 2 SAS No. 70 Report 279Type 2 SAS No. 70 Report Review Checklist 282Process Owners' Monitoring of Control Effectiveness 289Example Letters and Other Communications 295Example Engagement Letter for Outside Consultants to Management 297Example Management Representation Letter 301Example Management Reports on Effectiveness of Internal Control over Financial Reporting 303Example Subcertification 305Appendix A 307About the CD-ROM 385Index 389