The Sarbanes-Oxley Section 404 Implementation Toolkit: Practice Aids for Managers and Auditors » (2nd Edition)

MICHAEL RAMOS, CPA, is a consultant and professional writer specializing in auditing matters. He has written numerous successful publications, including nonauthoritative practice aids, implementation guides, and authoritative American Institute of Certified Public Accountants (AICPA) Audit and Accounting Guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio/video scripts. This is his third book on the internal control requirements of Sarbanes-Oxley and a follow-up to his bestselling How to Comply with Sarbanes-Oxley Section 404 (published by Wiley).

Every company that has successfully completed its first year of Sarbanes-Oxley Section 404 compliance now has to establish an ongoing process to maintain their compliance. New challenges companies have to address going forward are:

• How to create a methodology that is repeatable and easily taught to new employees who were not part of the original core project team
• How to make the assessment of internal control more effective and less of a drain on already limited resources

The Sarbanes-Oxley Section 404 Implementation Toolkit is a wellspring of detailed implementation practice aids to help companies continue to meet the complex internal control reporting requirements of Sarbanes-Oxley.

Providing a road map through the entire compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit offers clear instructions to help readers gather and assess information in order to form logical, supportable conclusions about internal control effectiveness. In addition, it lays out a very involved testing process that engages the project team with operating personnel to discover "what really goes on" at the company. To ensure successful discovery, this book helps the project team be highly active by encouraging them to ask multiple questions, make observations, and corroborate single instances of control compliance until a clear pattern emerges.

In addition to a wealth of forms and checklists, The Sarbanes-Oxley Section 404 Implementation Toolkit features a helpful CD-ROM containing all the tools in the book, including a collection of detailed work programs, audit checklists, and examples that can be tailored to meet the needs of any practice and client.

By refining the Sarbanes-Oxley compliance process and creating an integrated tool set, The Sarbanes-Oxley Section 404 Implementation Toolkit helps make the compliance process repeatable, more efficient, and more effective.

About the Author     vii
Preface     ix
Acknowledgments     xi
Tools for Management     1
General Work Program     3
Project Planning Summary     17
Checklist for Summarizing Project Team Competence and Objectivity     31
Worksheet for Determining and Documenting Significant Accounts and Disclosures     34
Mapping of Business Processes to Significant Accounts and Disclosures     40
Example Inquiries to Identify Changes to Internal Control     45
Senior Management Review Checklist     47
Checklist for Preparation of Management's Report on Internal Control Effectiveness     52
Documentation of Internal Control Design     57
Work Program for the Review of Documentation of Entity-Level Controls     59
Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls     62
Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls     66
Work Program for the Review of Documentation of Activity-Level Controls     80
Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls     82
Assessment of Internal Control Effectiveness:Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location     85
Documentation Techniques and Selected Examples for Routine Transactions     87
Checklist for Evaluating SOX 404 Software     110
Internal Control Testing Programs     113
Entity-Level Controls Testing Tools     115
Summary of Observations and Conclusions about Entity-Level Control Effectiveness     119
Checklist for Small Business Entity-Level Controls     135
Work Program for Testing Entity-Level Control Effectiveness     143
Index to Tests of Entity-Level Controls: Inquiries and Surveys     171
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Management     176
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Board Members     187
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Audit Committee Members     193
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Employees     200
Example Employee Survey     207
Index to Tests of Entity-Level Controls: Inspection of Documentation     215
Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls     217
Index to Tests of Entity-Level Controls: Observation of Operations      220
Worksheet to Document Observation of Operation of Entity-Level Controls     22
Index to Tests of Entity-Level Controls: Reperformance of Controls     225
Worksheet to Document Reperformance of Entity-Level Controls     227
Work Program for Reviewing a Report on IT General Control Effectiveness     230
Planning and Review of Scope of Tests of IT General Control Effectiveness     235
Work Program for Performing an IT General Controls Review     241
Guidelines for Testing Activity-Level Control Effectiveness     245
Guidelines and Example Inquiries for Performing Walkthroughs     253
Example Testing Program for Activity-Level Tests of Controls     261
Example Testing Program for Control Operating Effectiveness: Revenue     262
Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures     267
Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements     271
Example Testing Program for Control Operating Effectiveness: Payroll     275
Work Program for the Review of a Type 2 SAS No. 70 Report     279
Type 2 SAS No. 70 Report Review Checklist     282
Process Owners' Monitoring of Control Effectiveness     289
Example Letters and Other Communications     295
Example Engagement Letter for Outside Consultants to Management     297
Example Management Representation Letter     301
Example Management Reports on Effectiveness of Internal Control over Financial Reporting     303
Example Subcertification     305
Appendix A     307
About the CD-ROM     385
Index     389