Synopses & Reviews
The Sarbanes-Oxley Section 404 Implementation ToolkitNow updated and fully revised, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition is a useful source of detailed implementation practice aids to help companies—whether large corporations or smaller public companies—continue to meet the complex internal control reporting requirements of Sarbanes-Oxley.
Providing a road map through the entire compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition offers clear instructions to help readers gather and assess information in order to form logical, supportable conclusions about internal control effectiveness. In addition, it lays out a very involved testing process that engages the project team with operating personnel to discover "what really goes on" at the company. To ensure successful discovery, this book helps the project team be highly active by encouraging them to ask multiple questions, make observations, and corroborate single instances of control compliance until a clear pattern emerges.
New coverage includes:
- New guidance for small businesses and large companies
- Detailed implementation practice aids for Sarbanes-Oxley 404 compliance based on new rules set by PCAOB and SEC
- Best practices in this emerging, rapidly changing field of SOX 404 compliance
- A valuable CD-ROM containing all of the tools in the book including a collection of detailed work programs, audit checklists, and examples that can be tailored to meet the needs of any practice and client
- A new SEC appendix
Brimming with a wealth of forms and checklists, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition helps you get up to speed quickly with SOX 404 requirements and makes the compliance process repeatable, more efficient, and more effective.
Synopsis
The Sarbanes-Oxley 404 Implementation Toolkit: Practice Aids for Management and Auditors with CD-ROM, Second Edition, provides detailed implementation practice aids for Sarbanes-Oxley compliance. This workbook is an integrated set of detailed work programs, audit checklists, examples, and other practice aids. It allows users to tailor the practice aids in the book to meet the needs of their own practices or their clients
Synopsis
How can companies easily comply with Sarbanes-Oxley Section 404?Looking for a highly accessible, simple, and practical approach to help your company easily comply with Sarbanes-Oxley Section 404? The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition presents a detailed road map to help companies not only streamline their compliance process, but also make the process manageable and repeatable year after year.
A must-read for all CFOs, internal auditors, CPA firms, and independent auditors involved in the compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition is packed with work programs, audit checklists, and examples that readers can tailor to meet their own unique needs.
Author and consultant Michael Ramos updates you on everything 404, including:
- Detailed implementation practice aids for Sarbanes-Oxley 404 compliance based on new rules set by PCAOB and SEC
- The best practices in the rapidly changing field of SOX 404 compliance
- A new SEC appendix containing immediately useful information
- New guidance for small businesses
Fully updated and revised, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition embraces the common approaches and methodologies that have proven successful in the new world of Sarbanes-Oxley internal control testing and reporting. Also included is a website that contains all of the tools from the book, this timely workbook includes best practices that will benefit anyone who participates in the planning or performance of the effectiveness of internal control.
Synopsis
Now updated and fully revised, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition helps large or small companies continue to meet the complex internal control reporting requirements of Sarbanes-Oxley. Brimming with a wealth of forms and checklists, the new edition helps you get up to speed quickly with SOX 404 requirements and makes the compliance process repeatable, more efficient, and more effective.
About the Author
Michael J. Ramos, CPA, also author of Wiley Practitioner's Guide to GAAS and How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control, Third Edition is a consultant and professional writer primarily in auditing and accounting technical matters. He has written numerous successful products, including nonauthoritative practice aids, implementation guides, and authoritative AICPA audit and accounting guides. In addition to text-based products, he has authored a variety of training programs, including computer-based multimedia training and audio and video scripts. Ramos has also written in the areas of ethics, auditing, and fraud detection.
Table of Contents
About the Author vii
Preface ix
Acknowledgments xi
Part I Tools for Management 1
ADM-1 General Work Program 3
ADM-2 Project Planning Summary 17
ADM-2a Checklist for Summarizing Project Team Competence and Objectivity 31
ADM-2b.1 Worksheet for Determining and Documenting Significant Accounts and Disclosures 34
ADM-2b.2 Mapping of Business Processes to Significant Accounts and Disclosures 40
ADM-2c Example Inquiries to Identify Changes to Internal Control 45
ADM-3 Senior Management Review Checklist 47
ADM-4 Checklist for Preparation of Management's Report on Internal Control Effectiveness 52
Part II Documentation of Internal Control Design 57
DOC-1 Work Program for the Review of Documentation of Entity-Level Controls 59
DOC-1a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls 62
DOC-1b Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls 66
DOC-2 Work Program for the Review of Documentation of Activity-Level Controls 80
DOC-2a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls 82
DOC-2b Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location 85
DOC-3 Documentation Techniques and Selected Examples for Routine Transactions 87
DOC-4 Checklist for Evaluating SOX 404 Software 110
Part III Internal Control Testing Programs 113
Entity-Level Controls Testing Tools 115
TST-ENT-1 Summary of Observations and Conclusions about Entity-Level Control Effectiveness 119
TST-ENT-1a Checklist for Small Business Entity-Level Controls 135
TST-ENT-2 Work Program for Testing Entity-Level Control Effectiveness 143
TST-ENT-3 Index to Tests of Entity-Level Controls: Inquiries and Surveys 171
TST-ENT-3a Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Management 176
TST-ENT-3b Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Board Members 187
TST-ENT-3c Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Audit Committee Members 193
TST-ENT-3d Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets—Employees 200
TST-ENT-3e Example Employee Survey 207
TST-ENT-4 Index to Tests of Entity-Level Controls: Inspection of Documentation 215
TST-ENT-4a Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls 217
TST-ENT-5 Index to Tests of Entity-Level Controls: Observation of Operations 220
TST-ENT-5a Worksheet to Document Observation of Operation of Entity-Level Controls 222
TST-ENT-6 Index to Tests of Entity-Level Controls: Reperformance of Controls 225
TST-ENT-6a Worksheet to Document Reperformance of Entity-Level Controls 227
TST-ENT-7 Work Program for Reviewing a Report on IT General Control Effectiveness 230
TST-ENT-7a Planning and Review of Scope of Tests of IT General Control Effectiveness 235
TST-ENT-8 Work Program for Performing an IT General Controls Review 241
Guidelines for Testing Activity–Level Control Effectiveness 245
TST-ACT-1 Guidelines and Example Inquiries for Performing Walkthroughs 253
TST-ACT-2 Example Testing Program for Activity-Level Tests of Controls 261
TST-ACT-2a Example Testing Program for Control Operating Effectiveness: Revenue 262
TST-ACT-2b Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures 267
TST-ACT-2c Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements 271
TST-ACT-2d Example Testing Program for Control Operating Effectiveness: Payroll 275
TST-ACT-3 Work Program for the Review of a Type 2 SAS No. 70 Report 279
TST-ACT-3a Type 2 SAS No. 70 Report Review Checklist 282
TST-ACT-4 Process Owners’ Monitoring of Control Effectiveness 289
Part IV Example Letters and Other Communications 295
COM-1 Example Engagement Letter for Outside Consultants to Management 297
COM-2 Example Management Representation Letter 301
COM-3 Example Management Reports on Effectiveness of Internal Control over Financial Reporting 303
COM-4 Example Subcertification 305
Appendix A 307
About the CD-ROM 385
Index 389