XML Feeds
| « Centralized Information Security Management - CISM Exam Tutorial | Training Workshops for Sarbanes Oxley » |
Identifying Controls to Evaluate for Sarbanes Oxley
Identifying Controls to Evaluate for Sarbanes Oxley
Yesterday, in our office, we had a training session on Sarbanes Oxley for our new recruits. Jason, a bright and young intern in our firm pursing his CPA, posed a question in the Q & A session following the training.
"Which Controls Should be Evaluated as part of Sarbanes Oxley Compliance?".
Here's the gist of the answer given by the trainer. As a first step companies need to identify financial statement assertions relevant to significant account and disclosures. Once this is done, one can identify controls that meet the control objectives for these assertions. The identified controls are the one's required to be evaluated. Apart from the company identifying controls that need to be evaluated, the SEC has also identified controls which it believes as signifcant and need to be evaluated. These controls mainly pertain to-
1. Controls related to the initiation, recording, processing and reconciling of account balances, classes of transactions, disclosures, and related assertions included in the financial statements.
2. Controls related to the initiation and processing of non routine and non systematic transactions.
3. Controls related to the selection and application of accounting policies.
4. Controls related to the prevention, identification, and detection of fraud.
This is not all. The PCAOB in its auditing standard also lists down controls which might need to evaluate. The controls listed by PCAOB are as under:
1. Information technology general controls better known as ITGC. Such IT general controls include access controls, data center operation controls, application development controls, system controls and so on.
2. Controls over significant non routine / non systematic transactions such as accounts involving judgement and estimates.
3. Lastly PCAOB suggests evaluating company level controls which form part of the overall control environment and controls over the period end financial reporting process.
I hope Jason got the answer to his question.
Related Posts
Sarbanes Oxley Internal Control Documentation
Internal Audit Control Frameworks
Planning and Scoping for Section 404 Implementation
Sarbanes Oxley - Learnings from Fortune 500 Companies
Feedback awaiting moderation
This post has 36 feedbacks awaiting moderation...