Audit
Programs
AuditNet Links
AuditNet Virtual
Library
AuditNet
Newsletter
Ask
the Auditor
Audit
Jobs
Partner
Discounts
Search the Site
Our
Sponsors
Advertise
AuditNet
Home Page
AuditNet®
2nd Edition now available!
Table of Contents
Sample Chapter
This popular e-book available to current subscribers for free or to non-subscribers for purchase was recently updated. The Section 404 compliance date for smaller companies has been pushed back twice. But it appears now that the new target date for compliance, July 2007 will go ahead as scheduled and there will be no further extensions. The larger public companies or accelerated filers, have gone through two rounds of SOX audits now and many lessons have been learned regarding the scope of these audits and their costs. The second edition of this publication hopes to shed some light on what those lessons are and how small public companies can benefit.
The second edition of this publication was a result of the authors’ experience over the last two years with several Sarbanes Oxley compliance projects the PCAOB’s additional guidelines published after the first year of SOX audits and the new COSO proposed framework for smaller companies.
On October 26 2005, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an exposure draft, “Guidance for Smaller Public Companies Reporting on Internal Control Over Financial Reporting”. Although as of the date of this writing the guide is still undergoing review it is likely to be adopted as the standard for SOX compliance involving smaller public companies. The draft is available for download at http://www.coso.org.
The new COSO framework provides more guidance regarding IT controls than does the original COSO internal control framework released in 1992. It also makes clear that none of the components of the original framework are eliminated for the smaller firm. The difference is in the way a smaller company implements the framework. Many of the recommendations can well apply to larger companies as well in terms of cost efficient controls.
The Section 404 compliance date for smaller companies has been pushed back twice. But it appears now that the new target date for compliance, July 2007 will go ahead as scheduled and there will be no further extensions.
The larger public companies or accelerated filers, have gone through two rounds of SOX audits now and many lessons have been learned regarding the scope of these audits and their costs. The second edition of this publication hopes to shed some light on what those lessons are and how small public companies can benefit.
"Many
IT professionals are learning the hard way that Sarbanes-Oxley has
as much to do with IT as it does with determining the quarterly
profit margin." Article published in DM Review Magazine December
2004
"Lack of IT Controls Seen As Reason For Earnings Restatement. As
SunTrust Banks’ Financial-reporting problems show, CIOs and CFOs
need to map out business processes and controls used to produce
financial statements." Information Week 10/13/2004
"AMR Research says 85 percent of companies predict that the Sarbanes
Oxley Act will require them to make changes to their IT and
application infrastructure." CIO.com 5/28/2003
"SOX affects IT more than any other department except finance,
according to Braunstein. Sixty-five percent of the attendees at the
session said that SOX is having a major impact on them, and 40% said
that SOX was a "bet your job" project that would put their jobs on
the line every year." Search CIO.com July 2004
Information Technology plays a fundamental roll in Section 404
compliance.
This report details what that role is and provides guidelines and
specific information that will help ensure your readiness to comply.
The report also provides:
Specific information about Section 404 requirements and the PCAOB
auditing standards.
Examples of policies and procedures that should be in place for
compliance with Section 404.
Descriptions of IT General Controls and Application Controls that
will be audited.
Detailed information about what is involved with a typical Sarbanes
Oxley Project.
Sample methodology that can be used in evaluating your internal
control effectiveness.
Detailed information about recognized standards for IT internal
control and management such as ITIL, SEI CMM,CMMI, COSO, Cobit,
OWASP, CERT, ISO 17799 and more....
Because the new auditing standards related to Sarbanes Oxley Section
404 require a much more in depth analysis, public companies can
expect their auditing fees to increase.
The book presents examples of ways managers can help reduce auditing
fees to contain costs intially and going forward.
Learn how ineffective Information Technology Controls could have a
negative effect on the price of your company's stock.
Read how Open Source Software, Outsourcing and Wireless Technologies
may be a problem for Sarbanes Oxley compliance and cost you more
than you expected.
Find out what the top ten design and security flaws are for web
applications and web services and how you can fail an audit if you
don't address them.
Learn simple ways to protect your systems and data from intrusion
and theft.
______________________