All that you wanted to know about SOX 404

by Boundless Management Advisory Services

What is SOX 404 ?

SOX 404 top-down risk assessment is a financial risk assessment executed to comply with Sarbanes-Oxley Act's Section 404.  The Act of 2002 is used to test any organisation's internal controls. The Act was enforced in the US in July 2002 by the US congress.

The act listed many sections that included quarterly certification of the management's financial results. The act also listed that internal controls are more effective compared to financial reporting which is Section 404 in other words.

Section 404 refers to the processes that involves financial reporting in an organisation. An auditor under section 404, gives opinion of internal controls over financial reporting process in any organisation. In addition to this, an auditor's opinion of the fair representation of financial results of a company is also considered.

The management is also required to document and measure the effectiveness of all internal controls in the process which are deemed effective for the organisation's financial reporting process.

The act is applicable to all publicly registered organisations under Securities and Exchange Commission's jurisdiction. The act required forming of a Public Company Accounting Oversight Board.

Requirements

1.       Annual Reports of public companies which includes the company's own assessment of internal controls.

2.       Auditor's attestation

Both requirements are for small public organisations.

There are some steps to pass Section 404 which are listed as follows. When followed can give you maximum benefits with high return on investments.

1. It is required to firstly identify your framework. Cobit is accepted by all primary auditing organisations.

2.  Using Cobit, develop a list of internal controls thatsupports to-the-point financial statements.

3. Thirdly, segregate the controls into general controls and application controls. General controls are omnipresent across all or most platforms.

4. The next step is to review the list of controls with the help of an external auditor. It may happen that the list is remarkably reduced in quantity.

5. External auditors are also interested in environmental practices and structures of an organisation that strengthens the complete control environment. The controls are measured in degrees of compliances.

6. External auditors perform detail testing of controls in order to see organisation's compliance with Section 404. Based on their testing, they classify controls in three sections: Lowest Reliance, Medium Reliance and Highest Reliance.

7. At times primary controls fail and if they do, external auditors create a remedial plan. After this, the controls are retested.

8. The next step will involve external auditors to combine the internal audit's testing and IT self testing results. Based on their evaluation, the auditors will test the effectiveness of IT controls and check whether the management's consideration of these controls supporting accurate financial statements, is correct or not.

9. The external auditors within a month or two will review their results, discuss improvement areas and examine management results. At the end of each year, the selected subset will be retested so as to ascertain that the control environment has not deteriorated.

10. Auditors will provide an opinion at the end of the fiscal year.

At Boundless, we implement SOX 404 into the business processes in such a way that the clients can get its internal controls audited by external auditors without any hassle under our direct involvement.For more details on SOX 404 audit, call us at +91 8459136607 ; +91-9717771415 or e-mail at info@boundlessindia.comor visit us at http://www.boundlessindia.com

 

Sponsor Ads

• Ad Space Available - Rent it Now!

Created on Dec 31st 1969 18:00. Viewed 0 times.

Comments