KnowledgeLeader is a one-stop source for valuable materials and informative guides on the Sarbanes-Oxley Act of 2002 (SOX). You will find updates, presentations and tools to help you execute the requirements of the act, in particular Section 302 and Section 404. These resources, along with many others, will help you save time and improve your Sarbanes-Oxley Act (SOX) compliance processes.
These links provide a sample of the materials posted on KnowledgeLeader to help you with Sarbanes-Oxley (SOX) compliance:
A Cost Effective Approach to Validating Performance of the Internal Control Structure – Questionnaire
How will your company transition its Section 404 compliance activity from an ad hoc, high-cost project to an ongoing, cost-effective process? This questionnaire focuses on implementing a cost-effective approach to validating the operating effectiveness of ICFR. These questions address management’s assessment process, not the external audit of ICFR.
Applicability of Section 404 Requirements
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses commonly asked questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: Which companies are subject to the requirements of Section 404? Are foreign companies subject to the requirements of Section 404? And, does Section 404 apply to the MD&A disclosures?
Deriving Value Out of the Section 404 Compliance Process – Questionnaire
No one is arguing that the oft-stated assertion that the first year cost of complying with Section 404 is sky high. Evidence makes it clear that the administrative burden of compliance is significant enough for most companies to warrant a review of strategies and tactics for maximizing value-add from the compliance process. While the SOX-stated purpose of protecting investors by improving the reliability for public reporting is an important goal, both executive management and directors are asking tough questions. This document provides a sampling of these questions.
Documentation – 404 Readiness Checklist
This checklist can be used to evaluate the adequacy of Section 404 process documentation prior to submitting it to the external auditor for review and prior to creating testing plans.
Entity-Level Fraud Risk Assessment Process - Sample
Section 404 of SOX requires that each company have a documented, on-going process to identify, assess and evaluate fraud risks related to internal control over financial reporting. This example provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risk that pertain to internal control over financial reporting.
Financial Elements and Business Process Prioritization Memo
This is an example memo used to define the process a company used to explain the models they employed to prioritize the financial elements and processes for Section 404 purposes. This memo describes using the Process Classification Framework and the ranking criteria applied to financial statement elements and associated processes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
Glossary of Sarbanes-Oxley Section 404 Key Terms
This glossary contains frequently used terms related to the Sarbanes-Oxley Section 404 compliance process. This document includes terms such as: assertions, control gap, ICFR risk, and segregation of duties.
Human Resources Internal Control Questionnaire
This questionnaire is to be utilized as a checklist of the basic controls for Sections 302 and 404 of the Sarbanes-Oxley Act. This document focuses on the Human Resources function and its associated internal control structure.
Payroll Process - SAS 70 Review Report Sample
The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report provides an example of how to communicate the findings of a Type II SAS 70 review when a company out-sources the processing of its employee payroll checks. It assesses how the results of the report impact the company’s Sarbanes-Oxley (SOX) compliance process.
Process Level Documentation Requirements Memo
This is an example of a memo used by a public company to describe the documentation they prepared for each process determined applicable to their Section 404 compliance efforts. The three levels of documentation described correlate to the priority rating of the financial statement elements and associated processes. Also included are descriptions of standard documentation types (process narrative, process flow, and risk control matrix).
Sarbanes-Oxley Section 404 Compliance Project Work Paper Standards and Guidelines – Policy
The purpose of this document is to establish basic guidelines and standards for the preparation and review of work papers relating to the Sarbanes-Oxley Act Section 404 compliance project. These work paper standards will be used to document the results of testing key control activities for all critical business processes identified by the project team.
Sarbanes-Oxley (SOX) Policy Evaluation Checklist
Policies are an important part of the internal control over financial reporting evaluation process. This is a sample checklist to use when identifying the availability and status of company policies associated with the financial reporting process. This tool also assists with organizing policies by financial statement, area of significance, and financial statement element.
Sarbanes-Oxley (SOX) Process Walkthrough Questionnaire
The purpose of this template is to provide guidance to business units in the performance of walkthroughs associated with Sarbanes-Oxley Act (SOX) compliance requirements. It may also be used by management in other matters related to the evaluation of internal controls over financial reporting.
Sarbanes-Oxley (SOX) Self-Assessment and Self-Testing Instructions
This guide provides instructions to companies performing a self-assessment and self-testing for Sarbanes-Oxley compliance. Topics include mapping global risks, reporting results, and managing the project timeline.
Sarbanes-Oxley (SOX) Testing Review Checklist
This excel-based template provides an example of how to review Sarbanes-Oxley (SOX) testing documentation. You would use this review process sheet to document the reviewer’s comments and tester’s response. The excel form allows you to record comments related to the test plan, test execution, and documentation format.
Sarbanes-Oxley (SOX) Walkthrough Checklist
The purpose of this checklist is to provide guidance to help a process owner prepare for a process walkthrough. It also includes post-walkthrough questions to help the process owner document any questions or issues raised.
SOX Control Writing and Testing of Operating Effectiveness Guidance
The purpose of this document is to provide guidance when documenting controls by category and testing the operating effectiveness of these controls.
SOX Coordinator Job Description
This job description provides an overview of the SOX coordinator position responsibilities. Job responsibilities include: documenting internal control processes, assisting in remediation of control deficiencies, and coordinating and tracking the testing of internal controls.
Update Testing – Control Self-Assessment Questionnaire
This questionnaire is designed to facilitate an assessment of whether the controls within a business unit are currently operating effectively. To meet the guidelines of Section 404 requiring management attestation as of a company’s fiscal year-end, this questionnaire is used to identify any changes that have occurred or are planned prior to year-end. Questions in this tool focus on verifying that process documentation is complete and accurate, all key internal controls and key information systems have been identified, and all areas within a business unit that are relevant to Sarbanes-Oxley have been identified.
The COSO Internal Control – Integrated Framework
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the COSO Internal Control – Integrated Framework. Some topics covered are: What is COSO? How is the framework applied at the entity level/process level during the Section 404 assessment process? And, will the COSO framework on ERM affect the Section 404 assessment?
Getting Started With Section 404 Compliance
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning getting started with Section 404 compliance. Some topics covered are: What are “control units,” and why are they important? How should companies validate their assessments of internal controls? And, will companies need to add internal resources to comply with Section 404 and 302?
Guide to the Sarbanes-Oxley Act (SOX): Managing Application Risks and Controls
This FAQ booklet from Protiviti contains questions that have arisen in our discussions with clients and others in the marketplace that frequently deal with Sarbanes-Oxley (SOX) compliance matters and are focused on improving internal control over their critical business applications. The booklet contains suggestions for effectively segregating incompatible duties, efficiently testing application security, and utilizing automated application controls to reduce the burden of manual procedures.
Guide to the Sarbanes-Oxley Act (SOX): Internal Control Requirements Frequently Asked Questions Regarding Section 404
Since the third edition of Protiviti's Guide to the Sarbanes-Oxley Act (SOX): FAQs Regarding Section 404 was released in August of 2004, enough changes have occurred to warrant an update to this publication. This fourth edition considers the SEC’s interpretive guidance to management and incorporates the PCAOB’s major revisions to Auditing Standard No. 2. It includes questions directed to foreign filers and U.S. domestic non-accelerated filers; it is updated for lessons learned since publication of the third edition; and also incorporates responses to frequently asked questions that both the SEC and PCAOB staff have published since the last edition of this publication.
Identifying Reporting Requirements and Relevant Processes
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the identification of Sarbanes-Oxley reporting requirements and relevant processes. Some topics covered are: How does management deploy a top-down, risk-based approach to determine the extent to which internal controls should be documented and validated? How are the critical processes identified? And, what role do process owners play?
Integrating Fraud Considerations Into the Assessment
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning integrating fraud considerations into the Section 404 assessment. Some topics covered are: What is the scope of an anti-fraud program and controls? How are fraud risks assessed? And, how should management get started with integrating fraud considerations into the Section 404 assessment?
Internal Audit’s Role in Sarbanes-Oxley Compliance
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning IA’s role in Sarbanes-Oxley activities. Some of the topics covered are: Should internal auditors play a role? Is it important for an internal audit function to adhere to The IIA Standards as it relates to Sarbanes-Oxley? And, can external auditors rely on the work of internal auditors relating to Section 404 compliance?
Moving Beyond the Initial Year Assessment
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on moving beyond the initial year assessment. Topics covered are: What are the elements of an effective Sarbanes-Oxley Section 404 compliance structure after the initial annual assessment is completed? How do companies “find the value” from Section 404 going forward? And, after the first year of compliance, what happens to Section 404 compliance costs?
Moving Internal Audit Back into Balance - A Post-Sarbanes-Oxley Survey
Protiviti conducted its fourth annual internal audit rebalancing survey in late 2009 to continue monitoring progress made towards rebalancing the internal audit function and how the landscape has changed. It has now been two years since the SEC and PCAOB made significant SOX-related announcements. The survey consisted of a series of questions grouped into two divisions: “Rebalance Strategy” and “Internal Audit Organization and Focus.” One of the most interesting trends emerging is an apparent drop among organizations in activities and perceived benefits relating to PCAOB AS5 and the SEC’s Interpretive Guidance.
Remediation
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the remediation of control deficiencies. Topics covered are: If control deficiencies or gaps are identified, how should we remediate them? How soon before the end of the fiscal year must the deficiency be corrected? And, since this Section 404 project requires a point-in-time review, how long do remediated controls need to be in place and in operation to be considered effective?
Reporting
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on reporting Sarbanes-Oxley results. Topics covered are: How should management formulate conclusions with respect to internal control over financial reporting? Must management disclose improvements of internal controls? And, can the results of the assessment of internal control over financial reporting affect the company’s executive certifications under Sections 302 and 906?
Sarbanes-Oxley (SOX) Costs are Dropping – Companies Improve Compliance and Operational Efficiencies
According to a recent survey by Financial Executives International, Sarbanes-Oxley (SOX) compliance costs have fallen by more than half since 2005. In this article, Patrick Taylor, CEO of Oversight Systems Inc., attributes greater awareness of risks and processes that need to be audited, and more use of automation, as big reasons for the lower expenses. Taylor also reminds companies to be aware of the Foreign Corrupt Practices Act, in addition to focusing on Sarbanes-Oxley (SOX) compliance.
SEC Enforcement of Sarbanes-Oxley Clawback Provisions against an Executive Who Did Not Engage in Wrongdoing Raises the Stakes for Internal Control over Financial Reporting
On July 22, 2009, the Securities and Exchange Commission asked a court to order the former CEO of a large specialty retailer of auto parts and accessories to reimburse the company and its shareholders more than $4 million that he received in bonuses and stock sale profits while the company was committing accounting fraud. Section 304 of the Sarbanes-Oxley Act addresses the forfeiture of certain bonuses and profits. The SEC's enforcement action is significant because it is the first action seeking reimbursement under the Section 304 "clawback" provisions from an individual who is not alleged to have otherwise violated the securities laws. This Flash Report discusses this matter further.
Special Circumstances and Situations
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning special circumstances and situations when complying with the Sarbanes-Oxley Act. Topics covered include: How are material acquisitions occurring during the fiscal year handled for purposes of determining the scope of the Section 404 assessment? How are divestitures of significant entities (or net assets) and discontinued operations considered for purposes of evaluating internal control over financial reporting? And, is monitoring of debt compliance within the scope of Section 404 compliance?
Summarizing Risks and Developing Control Objectives
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning summarizing risks and developing control objectives. Some topics covered are: Why identify risks? How are risks identified? What are control objectives and how do they relate to risks? And, how are control objectives defined?
What Is Meant by “Internal Control Over Financial Reporting” and “Disclosure Controls and Procedures”?
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning internal control over financial reporting and disclosure controls and procedures. Some topics covered are: What are examples of disclosure controls and procedures that generate required disclosures? How is internal control over financial reporting distinguished from disclosure controls and procedures? And, are there examples of internal control over financial reporting that fall outside the realm of disclosure controls and procedures?
What Is Section 404 and How Does It Relate to Sections 302 and 906?
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: What does Section 404 require companies to do annually? How are the requirements under Section 404 and the requirements under Sections 302 and 906 of the Sarbanes-Oxley Act related? And, how does the Section 404 assessment enhance the Section 302 executive certification process?
When Is Section 404 Effective for Different Companies?
This section of Protiviti's "Guide to the Sarbanes-Oxley Act" addresses common questions concerning when Sarbanes-Oxley Section 404 is effective for different companies. Some topics covered are: When do companies have to comply with the Section 404 requirements? When is the internal control report due? And, is a quarterly assessment required of internal control over financial reporting?
Financial Executives Institute (FEI) Sarbanes-Oxley (SOX) Resource Page
The FEI has published a page to serve as a resource for information, updates, analysis and relevant implementation guides for the provisions of the Act. Items include: 1) SEC Proposals, 2) Summaries of Provisions, 3) Implementation Guidance, 4) The Act.
Holme Roberts & Owen LLP - Attorneys at Law - Sarbanes-Oxley Act (SOX) Publications
HRO has published a variety of valuable alerts and guides for the public on the Sarbanes-Oxley act including summaries, timetables, sample charters and certificates, and regulatory updates. When you reach the site, simply search on "Sarbanes-Oxley" to view the library of publications.
IIA Corporate Governance Resource Page
This page published by the Institute of Internal Auditors includes a variety of tools and resources for dealing with corporate governance initiatives and recent legislation; including implementation guides to various sections of the Sarbanes Oxley Act (SOX).
PCAOB Website
The official website of the Public Company Accounting Oversight Board - a private, non-profit corporation, created by the Sarbanes-Oxley Act of 2002 (SOX). PCAOB is responsible for improving quality and transparency in financial reporting and independent audits.
Sarbanes-Oxley Act (SOX) Community Forum
This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of the Sarbanes-Oxley Act (SOX). It is also intended to act as a guide, offering useful resources and tips.
Sarbanes Oxley Act of 2002 (SOX)
PDF file featuring the text of the corporate reform bill.
Sarbanes-Oxley (SOX) Audit Resource Center - from AuditNet
This section of AuditNet® provides tools and resources for internal auditors to acquaint themselves with the Sarbanes-Oxley (SOX) Act and share guidance and best practices for partnering with audit committees. Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.
Sarbanes-Oxley (SOX) Institute
The Sarbanes-Oxley (SOX) Institute was established just months after the passing of the Sarbanes-Oxley Act (SOX) and is a global provider of Sarbanes-Oxley (SOX) professional certifications. The Institute is committed to establishing and encouraging best practices for Sarbanes-Oxley compliance, professionalism, knowledge, expertise and ethics.
Sarbanes-Oxley (SOX) Site
This site provides another resource for keeping up on the latest provisions and studies related to the US Sarbanes-Oxley Act of 2002 (SOX) as determined by governing bodies. The site details the final rulings as of January 26, 2003 and provides information on the new Public Company Accounting Oversight Board (PCAOB) and other regulatory updates.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.