Michael J. Ramos
Hardcover
336 pages
March 2006
From the Publisher:
If your company has successfully completed its first year of Sarbanes-Oxley Section 404 compliance, it now needs to establish an ongoing process to maintain compliance. This requires a workable system in which new employees can be easily trained in compliance rules and regulations and in which effective internal control evaluation is in place without draining your company's assets.
Written by Michael Ramos, a CPA and auditor by training and background, the Second Edition of this easy-to-follow and practical guide leads you through every step of the audit processes associated with Section 404 compliance. Packed with practice aids including forms, checklists, illustrations, diagrams, and tables, the new edition will be relied upon by CFOs, internal auditors, and outside consultants in the planning or performance of an evaluation.
The Second Edition updates you on a number of changes that have taken place since publication of the First Edition, most notably:
- Coverage of post-implementation best practices that enable companies to develop strategies and approaches for ongoing compliance
- Interpretative guidance on the Public Company Accounting Oversight Board's (PCAOB) most recent authoritative guidance on the requirements for assessing internal control effectiveness
- New discussion on the importance of evaluating risk and the effectiveness of entity-level controls before coverage of individual activity-level controls
- Increased guidance on the evaluation of control deficiencies and material weaknesses
This area of auditing and corporate governance will continue to evolve and bring about business and cultural change. How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control, Second Edition equips you to apply these matters that have become so important to our financial reporting system.
"In his Second Edition of How to Comply with Sarbanes-Oxley Section 404, Michael Ramos incorporates new developments and lessons learned in the last two years into the definitive guide on SOX 404 implementation . . . An effective tool not just for consultants, this book is THE reference guide for every corporate manager facing SOX 404 implementation."
—David W. Hinshaw Executive Vice President and Chief Financial Officer Southern Community Financial Corporation
"Very informative . . . this is a book you can actually sit down and read . . . Michael Ramos is extremely knowledgeable and insightful, and his level of detail related to proper documentation has been invaluable in helping me effectively perform Section 404 consulting engagements . . . This Second Edition contains the most pertinent updates and important PCAOB releases. Most importantly, Mr. Ramos has managed to effectively include real-world examples and lessons learned in the field over the last few years. This has saved me countless hours of research and my clients countless dollars."
—Christina M. Wenk, CPA Director-Sarbanes-Oxley Compliance Grassi & Co.
"How to Comply with Sarbanes-Oxley Section 404, Second Edition brings practical clarity to this complex topic and guides the reader, step by step, through implementation. Mike Ramos draws on his deep understanding of the technical 404 requirements as well as his keen insights as a storyteller . . . Our firm has used Mike's guides over the years to understand and implement technical standards. This guide will be indispensable as we assist companies in the future."
—Michael C. Knowles Partner Frank, Rimerman & Co. LLP
MICHAEL J. RAMOS, CPA, also author of Wiley Practitioner's Guide to GAAS and The Sarbanes-Oxley Section 404 Implementation Toolkit, is a consultant and professional writer primarily in auditing and accounting technical matters, and Vice President of AuditWatch. He has written numerous successful products, including nonauthoritative practice aids, implementation guides, and authoritative AICPA audit and accounting guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio and video scripts. Ramos has written in the areas of ethics, auditing, and fraud detection.
Table of Contents Include:
- The Engagement Approach.
- Management’s Required Assessment of the Entity’s Internal Control.
- The Independent Auditor’s Reporting Responsibilities.
- A Risk-Based, Top-Down Approach for Evaluating Internal Control.
- Considerations for Outside Consultants.
- Appendix 1A: Action Plan: Structuring the Engagement.
- Appendix 1B: Requirements for Management’s Assessment Process: Cross Reference to Guidance.
- Internal Control Criteria.
- The Need for Control Criteria.
- The COSO Internal Control Integrated Framework.
- Information and Communication.
- Monitoring.
- Business Process Activities.
- Controls Over Information Technology Systems.
- Appendix 2A: Example Value Chains.
- Appendix 2B: Internal Control for Small Business.
- Project Planning.
- The Objective of Planning.
- Information Gathering for Decision Making.
- Information Sources.
- Structuring the Project Team.
- Coordinating with the Independent Auditors.
- Documenting Your Planning Decisions.
- Appendix 3A: Action Plan: Project Planning.
- Appendix 3B: Summary of Planning Questions.
- Identifying Significant Control Objectives.
- Introduction.
- Entity-Level Control Objectives Presumed to Be Significant.
- System-Wide Monitoring.
- Identifying Significant Activity-Level Control Objectives.
- Coordinating with the Independent Auditors.
- Appendix 4A: Action Plan: Identifying Significant Control Objectives.
- Appendix 4B: Example Significant Control Objectives.
- Appendix 4C: Map to the COSO Framework.
- Appendix 4D: Map to the Auditing Literature.
- Documentation of Significant Controls.
- Documentation: What It Is … And Is Not.
- Assessing the Adequacy of Existing Documentation.
- Documentation of Entity-Level Control Policies and Procedures.
- Documenting Activity-Level Controls.
- Sarbanes-Oxley Automated Compliance Tools.
- Coordinating with the Independent Auditors.
- Appendix 5A: Action Plan: Documentation.
- Appendix 5B: Linkage of Significant Control Objectives to Example Control Policies and Procedures.
- Testing and Evaluating Entity-Level Controls.
- Introduction.
- Internal Control Reliability Model.
- Overall Objective of Testing Entity-Level Controls.
- Testing Techniques.
- Evaluating the Effectiveness of Entity-Level Controls.
- Documenting Test Results.
- Coordinating with the Independent Auditors.
- Appendix 6A: Action Plan: Testing and Evaluating Entity-Level Controls.
- Appendix 6B: Survey Tools.
- Appendix 6C: Example Inquiries of Management Regarding Entity-Level Controls.
- Appendix 6D: Guidance for Designing an IT General Controls Review.
- Testing and Evaluating Activity-Level Controls.
- Introduction.
- Confirm Your Understanding of the Design of Controls.
- Assessing the Effectiveness of Design.
- Operating Effectiveness.
- Evaluating Test Results.
- Documentation of Test Procedures and Results.
- Coordinating with the Independent Auditors.
- Appendix 7A: Action Plan: Documentation.
- Appendix 7B: Example Inquiries.
- Evaluating Internal Control Deficiencies and Reporting on Internal Control Effectiveness.
- Internal Control Reporting—No Material Weaknesses.
- Internal Control Reporting—Material Weaknesses.
- Expanded Reporting on Management’s Responsibilities for Internal Control.
- Coordinating with the Independent Auditors and Legal Counsel.
- Appendix 8A: Action Plan: Reporting.
- Appendix 8B: Example Disclosures of a Material Weakness.
- Appendix 8C: Example Reports on Management’s Responsibilities for Reporting and Internal Control.
- Appendix 8D: A Framework for Evaluating Control Exceptions and Deficiencies: Version 3.