The Sarbanes Oxley Act lays down several reporting requirements. The act is very clear on items which have to be included in the internal control report. Once a company is through with evaluating its internal controls under Section 404, a report is to be submitted by the management to SEC. I have listed below the items which have to be included in the internal control report.

The internal control report should include a statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting. There has to be an express statement from the companies management which mentions management's responsibility clearly.

The second important thing required in the internal control report is management's assessment on the effectiveness of internal controls.

Third, the internal control report should have a statement which identifies the Internal Control Framework used by the managment to evaluate the effectiveness of internal controls.

Finally, all the above have to attested by a CPA firm. More precisely, the CPA firm who has audited the company's financial statement will have to issue a statement attesting the internal controls as assessed by the management.

More on SOX >>

Section 106 , Section 103 , SOX for Foreign Companies