Authors: Michael J. Ramos
ISBN-13: 9780470169315, ISBN-10: 0470169311
Format: Hardcover
Publisher: Wiley, John & Sons, Incorporated
Date Published: April 2008
Edition: 2nd Edition
MICHAEL RAMOS, CPA, is a consultant and professional writer specializing in auditing matters. He has written numerous successful publications, including nonauthoritative practice aids, implementation guides, and authoritative American Institute of Certified Public Accountants (AICPA) Audit and Accounting Guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio/video scripts. This is his third book on the internal control requirements of Sarbanes-Oxley and a follow-up to his bestselling How to Comply with Sarbanes-Oxley Section 404 (published by Wiley).
Book Synopsis
Every company that has successfully completed its first year of Sarbanes-Oxley Section 404 compliance now has to establish an ongoing process to maintain their compliance. New challenges companies have to address going forward are:
- How to create a methodology that is repeatable and easily taught to new employees who were not part of the original core project team
- How to make the assessment of internal control more effective and less of a drain on already limited resources
The Sarbanes-Oxley Section 404 Implementation Toolkit is a wellspring of detailed implementation practice aids to help companies continue to meet the complex internal control reporting requirements of Sarbanes-Oxley.
Providing a road map through the entire compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit offers clear instructions to help readers gather and assess information in order to form logical, supportable conclusions about internal control effectiveness. In addition, it lays out a very involved testing process that engages the project team with operating personnel to discover "what really goes on" at the company. To ensure successful discovery, this book helps the project team be highly active by encouraging them to ask multiple questions, make observations, and corroborate single instances of control compliance until a clear pattern emerges.
In addition to a wealth of forms and checklists, The Sarbanes-Oxley Section 404 Implementation Toolkit features a helpful CD-ROM containing all the tools in the book, including a collection of detailed work programs, audit checklists, and examples that can be tailored to meet the needs of any practice and client.
By refining the Sarbanes-Oxley compliance process and creating an integrated tool set, The Sarbanes-Oxley Section 404 Implementation Toolkit helps make the compliance process repeatable, more efficient, and more effective.
Table of Contents
About the Author vii
Preface ix
Acknowledgments xi
Tools for Management 1
General Work Program 3
Project Planning Summary 17
Checklist for Summarizing Project Team Competence and Objectivity 31
Worksheet for Determining and Documenting Significant Accounts and Disclosures 34
Mapping of Business Processes to Significant Accounts and Disclosures 40
Example Inquiries to Identify Changes to Internal Control 45
Senior Management Review Checklist 47
Checklist for Preparation of Management's Report on Internal Control Effectiveness 52
Documentation of Internal Control Design 57
Work Program for the Review of Documentation of Entity-Level Controls 59
Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls 62
Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls 66
Work Program for the Review of Documentation of Activity-Level Controls 80
Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls 82
Assessment of Internal Control Effectiveness:Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location 85
Documentation Techniques and Selected Examples for Routine Transactions 87
Checklist for Evaluating SOX 404 Software 110
Internal Control Testing Programs 113
Entity-Level Controls Testing Tools 115
Summary of Observations and Conclusions about Entity-Level Control Effectiveness 119
Checklist for Small Business Entity-Level Controls 135
Work Program for Testing Entity-Level Control Effectiveness 143
Index to Tests of Entity-Level Controls: Inquiries and Surveys 171
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Management 176
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Board Members 187
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Audit Committee Members 193
Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Employees 200
Example Employee Survey 207
Index to Tests of Entity-Level Controls: Inspection of Documentation 215
Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls 217
Index to Tests of Entity-Level Controls: Observation of Operations 220
Worksheet to Document Observation of Operation of Entity-Level Controls 22
Index to Tests of Entity-Level Controls: Reperformance of Controls 225
Worksheet to Document Reperformance of Entity-Level Controls 227
Work Program for Reviewing a Report on IT General Control Effectiveness 230
Planning and Review of Scope of Tests of IT General Control Effectiveness 235
Work Program for Performing an IT General Controls Review 241
Guidelines for Testing Activity-Level Control Effectiveness 245
Guidelines and Example Inquiries for Performing Walkthroughs 253
Example Testing Program for Activity-Level Tests of Controls 261
Example Testing Program for Control Operating Effectiveness: Revenue 262
Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures 267
Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements 271
Example Testing Program for Control Operating Effectiveness: Payroll 275
Work Program for the Review of a Type 2 SAS No. 70 Report 279
Type 2 SAS No. 70 Report Review Checklist 282
Process Owners' Monitoring of Control Effectiveness 289
Example Letters and Other Communications 295
Example Engagement Letter for Outside Consultants to Management 297
Example Management Representation Letter 301
Example Management Reports on Effectiveness of Internal Control over Financial Reporting 303
Example Subcertification 305
Appendix A 307
About the CD-ROM 385
Index 389
Subjects