KnowledgeLeader is a one-stop source for valuable materials and informative guides on the Sarbanes-Oxley Act of 2002 (SOX). You will find updates, presentations and tools to help you execute the requirements of the act, in particular Section 302 and Section 404. These resources, along with many others, will help you save time and improve your Sarbanes-Oxley Act (SOX) compliance processes.
These links provide a sample of the materials posted on KnowledgeLeader to help you with Sarbanes-Oxley (SOX) compliance:
Tools
Achieve Sustainability by Integrating the Section 404 and Section 302 Compliance Process Questionnaire
For most companies, the administrative burden encountered during the first year of Section 404 compliance warranted a fresh look at the overall compliance process. This questionnaire focuses on strategies for integrating compliance activities around Sarbanes-Oxley Section 404 and Sarbanes-Oxley Section 302 with the objective of achieving a sustainable internal control structure.
COBIT Baseline Review Report – Sample Report
This sample report provides a template to assess the maturity of IT processes and controls using the COBIT framework.
Financial Elements and Business Process Prioritization Memo - Sample
This is an example memo used to define the process of prioritizing financial statement elements and related business processes for Sarbanes-Oxley Section 404 purposes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
Human Resources Internal Control Questionnaire
This questionnaire is to be utilized as a checklist of the basic controls for Sections 302 and 404 of the Sarbanes-Oxley Act. This document focuses on the Human Resources function and its associated internal control structure.
Request for Proposal – Internal Audit Services and Sarbanes-Oxley Regulatory Compliance - Sample
This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to establish an internal audit function with an emphasis on compliance with the Sarbanes-Oxley Act.
Sarbanes-Oxley Section 404 Compliance Project Work Paper Standards and Guidelines – Policy
The purpose of this document is to establish basic guidelines and standards for the preparation and review of work papers relating to the Sarbanes-Oxley Act Section 404 compliance project. These work paper standards will be used to document the results of testing key control activities for all critical business processes identified by the project team.
Sarbanes-Oxley (SOX) Process Walkthrough Questionnaire
The purpose of this template is to provide guidance to business units in the performance of walkthroughs associated with Sarbanes-Oxley Act (SOX) compliance requirements. It may also be used by management in other matters related to the evaluation of internal controls over financial reporting.
Sarbanes-Oxley Section 404 Program Executive Scorecard - Sample
This document serves as an executive report template focused on the progress of the Sarbanes-Oxley Section 404 program.
Sarbanes-Oxley Section 404: Compliance Plan – Sample
This sample document establishes a framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act.
Sarbanes-Oxley Year-End Audit Committee Report
This report to the audit committee focuses on the progress of the Sarbanes-Oxley Section 404 program.
Are you looking for: the sarbanes-oxley act of; the sarbanes-oxley act of 2002; sarbanes-oxley section; sarbanes-oxley act section 404; sarbanes-oxley reporting; Sarbanes-Oxley Act; COBIT; sarbanes-oxley section 302; exchange act of 1934; the sarbanes oxley; Sarbanes Oxley Act; sarbanes-oxley 404; requirements of sarbanes-oxley; sarbanes oxley requirements; sarbanes oxley legislation?
[Publications
2011 Sarbanes-Oxley Compliance Survey
The initial years of complying with the Sarbanes-Oxley Act of 2002 often require significant expenditure in terms of time, money and other resources. In subsequent years, costs tend to stabilize and even fall; and more organizations find that the benefits – including a stronger internal control environment and improved effectiveness and efficiency in operations – outweigh the costs. Protiviti’s second Sarbanes-Oxley Compliance Survey provides valuable and important insights into how companies are complying with the internal control related provisions of the Sarbanes-Oxley Act. This publication reports on the current state of Sarbanes-Oxley compliance for all types of organizations, the related costs, associated benefits and value, as well as how to achieve a desired state of verifiable compliance and sustainability, hopefully at a reasonable cost.
Applicability of Section 404 Requirements
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses commonly asked questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: Which companies are subject to the requirements of Section 404? Are foreign companies subject to the requirements of Section 404? And, does Section 404 apply to the MD&A disclosures?
The COSO Internal Control – Integrated Framework
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the COSO Internal Control – Integrated Framework. Some topics covered are: What is COSO? How is the framework applied at the entity level/process level during the Section 404 assessment process? And, will the COSO framework on ERM affect the Section 404 assessment?
Getting Started With Section 404 Compliance
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning getting started with Section 404 compliance. Some topics covered are: What are “control units,” and why are they important? How should companies validate their assessments of internal controls? And, will companies need to add internal resources to comply with Section 404 and 302?
Guide to the Sarbanes-Oxley Act (SOX): Internal Control Requirements Frequently Asked Questions Regarding Section 404
Since the third edition of Protiviti's Guide to the Sarbanes-Oxley Act (SOX): FAQs Regarding Section 404 was released in August of 2004, enough changes have occurred to warrant an update to this publication. This fourth edition considers the SEC’s interpretive guidance to management and incorporates the PCAOB’s major revisions to Auditing Standard No. 2. It includes questions directed to foreign filers and U.S. domestic non-accelerated filers; it is updated for lessons learned since publication of the third edition; and also incorporates responses to frequently asked questions that both the SEC and PCAOB staff have published since the last edition of this publication.
Identifying Reporting Requirements and Relevant Processes
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the identification of Sarbanes-Oxley reporting requirements and relevant processes. Some topics covered are: How does management deploy a top-down, risk-based approach to determine the extent to which internal controls should be documented and validated? How are the critical processes identified? And, what role do process owners play?
Integrating Fraud Considerations Into the Assessment
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning integrating fraud considerations into the Section 404 assessment. Some topics covered are: What is the scope of an anti-fraud program and controls? How are fraud risks assessed? And, how should management get started with integrating fraud considerations into the Section 404 assessment?
Internal Audit’s Role in Sarbanes-Oxley Compliance
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning IA’s role in Sarbanes-Oxley activities. Some of the topics covered are: Should internal auditors play a role? Is it important for an internal audit function to adhere to The IIA Standards as it relates to Sarbanes-Oxley? And, can external auditors rely on the work of internal auditors relating to Section 404 compliance?
Moving Beyond the Initial Year Assessment
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on moving beyond the initial year assessment. Topics covered are: What are the elements of an effective Sarbanes-Oxley Section 404 compliance structure after the initial annual assessment is completed? How do companies “find the value” from Section 404 going forward? And, after the first year of compliance, what happens to Section 404 compliance costs?
Perspectives on Sarbanes-Oxley Compliance – Where Companies are Saving Costs and Achieving Greater Efficiencies
In 2002, the Sarbanes-Oxley Act became law amid a chorus of complaints that the burden and cost of compliance would be too much to bear. Nine years later, the results of a survey on SOX show that, after the first year of compliance, most companies view the benefits to outweigh the costs and are continuing to leverage compliance efforts to improve their organizations. In this podcast, Executive Vice President Bob Hirth and Managing Director Jim DeLoach review these and other notable findings from Protiviti's 2011 Sarbanes-Oxley Compliance Survey.
An Overview of the Regulatory Landscape
This section of Protiviti's "Guide to Business Continuity Management Basics – Frequently Asked Questions" provides an overview of the regulatory landscape. Topics covered include: What is COBIT? Is it focused solely on information technology disaster recovery planning? Does HIPAA include a requirement to implement BCM processes? And, why is the FFIEC regulation called “the BCP Gold Standard?”
Relevance to Sarbanes-Oxley Compliance
This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the relevance of Sarbanes-Oxley compliance. Topics covered include: Does the Sarbanes-Oxley Act of 2002 require companies to adopt ERM? Are there any other laws and regulations mandating ERM? Can ERM assist certifying officers with the discharge of their Sarbanes-Oxley Section 302 certification and Sarbane-Oxley Section 404 assessment responsibilities? And, should management broaden the focus on compliance to managing business risk?
Remediation
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the remediation of control deficiencies. Topics covered are: If control deficiencies or gaps are identified, how should we remediate them? How soon before the end of the fiscal year must the deficiency be corrected? And, since this Section 404 project requires a point-in-time review, how long do remediated controls need to be in place and in operation to be considered effective?
Reporting
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on reporting Sarbanes-Oxley results. Topics covered are: How should management formulate conclusions with respect to internal control over financial reporting? Must management disclose improvements of internal controls? And, can the results of the assessment of internal control over financial reporting affect the company’s executive certifications under Sections 302 and 906?
SEC Issues Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934
On May 25, 2011, the Securities and Exchange Commission (SEC) voted 3 to 2 to adopt its new rules for implementing the controversial whistleblower provisions of Section 21F of the Securities Exchange Act of 1934 entitled “Securities Whistleblower Incentives and Protection.” The purpose of the final rules is to reward individuals who provide the SEC with high-quality tips that lead to successful enforcement actions. The rules will be effective 60 days after publication in the Federal Register. We have highlighted major points of interest in this Flash Report.
Special Circumstances and Situations
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning special circumstances and situations when complying with the Sarbanes-Oxley Act. Topics covered include: How are material acquisitions occurring during the fiscal year handled for purposes of determining the scope of the Section 404 assessment? How are divestitures of significant entities (or net assets) and discontinued operations considered for purposes of evaluating internal control over financial reporting? And, is monitoring of debt compliance within the scope of Section 404 compliance?
Summarizing Risks and Developing Control Objectives
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning summarizing risks and developing control objectives. Some topics covered are: Why identify risks? How are risks identified? What are control objectives and how do they relate to risks? And, how are control objectives defined?
Testing
This section of Protiviti's "Guide to the Sarbanes-Oxley Act: Managing Application Risks and Controls – Frequently Asked Questions" addresses common questions about testing application controls. Topics covered include: How are IT controls tested? Who should test automated controls? And, how are application controls tested?
What Is Meant by “Internal Control Over Financial Reporting” and “Disclosure Controls and Procedures”?
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning internal control over financial reporting and disclosure controls and procedures. Some topics covered are: What are examples of disclosure controls and procedures that generate required disclosures? How is internal control over financial reporting distinguished from disclosure controls and procedures? And, are there examples of internal control over financial reporting that fall outside the realm of disclosure controls and procedures?
What Is Section 404 and How Does It Relate to Sections 302 and 906?
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning the Sarbanes-Oxley Section 404 requirements. Some topics covered are: What does Section 404 require companies to do annually? How are the requirements under Section 404 and the requirements under Sections 302 and 906 of the Sarbanes-Oxley Act related? And, how does the Section 404 assessment enhance the Section 302 executive certification process?
When Is Section 404 Effective for Different Companies?
This section of Protiviti's "Guide to the Sarbanes-Oxley Act" addresses common questions concerning when Sarbanes-Oxley Section 404 is effective for different companies. Some topics covered are: When do companies have to comply with the Section 404 requirements? When is the internal control report due? And, is a quarterly assessment required of internal control over financial reporting?
Working Through Restatements and Reconciliation Issues to Position for Continuous Improvement
The Sarbanes-Oxley Act has driven companies to a disciplined approach toward reliable financial reporting. Seamless accounting and transaction processing procedures have been put in place to record and capture information in financial records accurately. However, many companies continue to face challenges from inadequate procedures and lack of sufficient oversight when reporting financial results.
Are you looking for: the sarbanes-oxley act of; the sarbanes-oxley act of 2002; sarbanes-oxley section; sarbanes-oxley act section 404; sarbanes-oxley reporting; Sarbanes-Oxley Act; COBIT; sarbanes-oxley section 302; exchange act of 1934; the sarbanes oxley; Sarbanes Oxley Act; sarbanes-oxley 404; requirements of sarbanes-oxley; sarbanes oxley requirements; sarbanes oxley legislation? Visit our KL Topics tab and click on Sarbanes-Oxley Act to view all of our related content.
External Resources
Financial Executives Institute (FEI) Sarbanes-Oxley (SOX) Resource Page
The FEI has published a page to serve as a resource for information, updates, analysis and relevant implementation guides for the provisions of the Act. Items include: 1) SEC Proposals, 2) Summaries of Provisions, 3) Implementation Guidance, 4) The Act.
Information Systems Audit and Control Association and Foundation
The Information Systems Audit and Control Association and Foundation (ISACA) is a global professional association representing information systems (IS) auditing, control, and security practitioners worldwide.
PCAOB Website
The official website of the Public Company Accounting Oversight Board - a private, non-profit corporation, created by the Sarbanes-Oxley Act of 2002 (SOX). PCAOB is responsible for improving quality and transparency in financial reporting and independent audits.
Sarbanes-Oxley Act (SOX) Community Forum
This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of the Sarbanes-Oxley Act (SOX). It is also intended to act as a guide, offering useful resources and tips.
Sarbanes Oxley Act of 2002 (SOX)
PDF file featuring the text of the corporate reform bill.
Sarbanes-Oxley (SOX) Audit Resource Center - from AuditNet
This section of AuditNet® provides tools and resources for internal auditors to acquaint themselves with the Sarbanes-Oxley (SOX) Act and share guidance and best practices for partnering with audit committees. Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.
Sarbanes-Oxley (SOX) Institute
The Sarbanes-Oxley (SOX) Institute was established just months after the passing of the Sarbanes-Oxley Act (SOX) and is a global provider of Sarbanes-Oxley (SOX) professional certifications. The Institute is committed to establishing and encouraging best practices for Sarbanes-Oxley compliance, professionalism, knowledge, expertise and ethics.