How to Comply with Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control如何符合Sarbanes-Oxley法案404条款：内部审计效果评估

作者： Michael J. Ramos 著

出 版 社： 吉林长白山

出版时间： 2006-3-1字数：版次： 1页数： 316印刷时间： 2006/03/01开本： 16开印次： 1纸张： 胶版纸I S B N ： 9780471740667包装： 精装内容简介

This practical guide offers helpful guidance on how to go about to submitting to the SEC a company's annual assessment of the effectives of their internal control. Complete with practice aids-including forms, checklists, illustrations, diagrams, and tables-this comprehensive book provides a step-by-step approach for engagement performance and practical guidance on how an entity should test and evaluate its internal controls.

作者简介：

MICHAEL J. RAMOS, CPA, also author of Wiley Practitioner's Guide to GAAS and The Sarbanes-Oxley Section 404 Implementation Toolkit, is a consultant and professional writer primarily in auditing and accounting technical matters, and Vice President of AuditWatch. He has written numerous successful products, including nonauthoritative practice aids, implementation guides, and authoritative AICPA audit and accounting guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio and video scripts. Ramos has written in the areas of ethics, auditing, and fraud detection.

目录

Preface

Preface to the Second Edition

Acknowledgments

1. The Engagement Approach

Management's Required Assessment of the Entity's Internal Control

The Independent Auditor's Reporting Responsibilities

A Risk-Based, Top-Down Approach for Evaluating Internal Control

Considerations for Outside Consultants

Appendix 1A: Action Plan: Structuring the Engagement

Appendix 1 B: Requirements for Management's Assessment Process: Cross Reference to Guidance

2. Internal Control Criteria

The Need for Control Criteria

The COSO Internal Control Integrated Framework

Information and Communication

Monitoring

Business Process Activities

Controls Over Information Technology Systems

Appendix 2A: Example Value Chains

Appendix 2B: Internal Control for Small Business

3. Project Planning

The Objective of Planning

Information Gathering for Decision Making

Information Sources

Structuring the Project Team

Coordinating with the Independent Auditors

Documenting Your Planning Decisions

Appendix 3A: Action Plan: Project Planning

Appendix 3B: Summary of Planning Questions

4. Identifying Significant Control Objectives

Introduction

Entity-Level Control Objectives Presumed to Be Significant

System-Wide Monitoring

Identifying Significant Activity-Level Control Objectives

Coordinating with the Independent Auditors

Appendix 4A: Action Plan: Identifying Significant Control Objectives

Appendix 4B: Example Significant Control Objectives

Appendix 4C: Map to the COSO Framework

Appendix 4D: Map to the Auditing Literature

5. Documentation of Significant Controls

Documentation: What It Is ... And Is Not

Assessing the Adequacy of Existing Documentation

Documentation of Entity-Level Control Policies and Procedures

Documenting Activity-Level Controls

Sarbanes-Oxley Automated Compliance Tools

Coordinating with the Independent Auditors

Appendix 5A: Action Plan: Documentation

Appendix 5B: Linkage of Significant Control Objectives to Example Control Policies and Procedures

6. Testing and Evaluating Entity-Level Controls

Introduction

Internal Control Reliability Model

Overall Objective of Testing Entity-Level Controls

Testing Techniques

Evaluating the Effectiveness of Entity-Level Controls

Documenting Test Results

Coordinating with the Independent Auditors

Appendix 6A: Action Plan: Testing and Evaluating Entity-Level Controls

Appendix 6B: Survey Tools

Appendix 6C: Example Inquiries of Management Regarding Entity-Level Controls

Appendix 6D: Guidance for Designing an IT General Controls Review

7. Testing and Evaluating Activity-Level Controls

Introduction

Confirm Your Understanding of the Design of Controls

Assessing the Effectiveness of Design

Operating Effectiveness

Evaluating Test Results

Documentation of Test Procedures and Results

Coordinating with the Independent Auditors

Appendix 7A: Action Plan: Documentation

Appendix 7B: Example Inquiries

8. Evaluating Internal Control Deficiencies and

Reporting on Internal Control Effectiveness

Internal Control Reporting--No Material Weaknesses

Internal Control Reporting--Material Weaknesses

Expanded Reporting on Management's Responsibilities for Internal Control

Coordinating with the Independent Auditors and Legal Counsel

Appendix 8A: Action Plan: Reporting

Appendix 8B: Example Disclosures of a Material Weakness

Appendix 8C: Example Reports on Management's Responsibilities for Reporting and Internal Control

Appendix 8D: A Framework for Evaluating Control Exceptions and Deficiencies: Version 3

Index