SOX – an Overview

8/3/2019 SOX an Overview

1/16

Hendrarini S


2/16

Section 302 - Corporate Responsibility for FinancialReports

Section 401 Disclosures in Periodic Reports

Section 404 Management Assessment of InternalControls

Section 409 Real Time Issuer Disclosures

Section 802 Criminal Penalties for Altering

Documents


3/16

Restore the public confidence in both publicaccounting and publicly traded securities

Assure ethical business practices through of executives

awareness and accountability


4/16

External Auditors

Internal Auditors

Boards of Director and their committees

Top Executives Regulators


5/16

Off-balance sheet transactions

Internal Control reports

Issuer must disclose wether or not its audit committee

is comprised of at least one financial expert, and if not,why.

Disclosure of material changes in the financialcondition or operations of the issuer


6/16

The CEO and CFO must certify in each periode filingthat the financial information :

does not contain any untrue statement of a materialfact

And

fairly presents in all material respects the financialcondition and results of operations of the issuer


7/16

Will our ASSET produce future benefit equal to theircost?

Do our LIABILITIES report all of the amounts we

expect to pay out? Is all REVENUE we reported really earned?

Have we recorded all of our EXPENSES for the period?

Have we described the critical ASSUMPTIONS

underlying our financial reports, and have wedescribed any significant CONTINGENCES?


8/16

Responsibility for establishing and maintainingadequate internal control over financial reporting forthe company

Identify the framework used by management toevaluate the effectiveness of this internal control

Assessment of the internal control as of the end of theCompanys most recent year


9/16

It is a process that provides reasonable assuranceregarding the reliability of financial reporting forexternal purposes, includes:

Provide the maintenance of records that reflect theCompanys transactions

Provide assurance that transactions are recorded inaccordance with GAAP

Provide assurance that assets are protected againsttheft or fraud


10/16

5 components (COSO):

Control Environment (How decisions and policies aremade within a business and how authority and responsibly areassigned)

Risk Assessment (what could go wrong?)

Control Activities (procedures to control against risk)

Information and communication (How policies andcontrol structures are communicated to people within theorganization)

Monitoring(Whether controls are actually operating as expected)


11/16

Identifying significant financial reporting elements(accounts or disclosures)

Identifying material financial statement risks within theseaccounts or disclosures

Determining which Entity Level Controls would addressthese risks with sufficient precision

Determining which Transaction Level Controls wouldaddress these risks in the absence of precise Entity Level

Controls Determining the nature, extent, and timing of evidence

gathered to complete the assessment of in-scope controls


12/16

Include; Controls related to the control environment Controls over management override The companys risk assessment process

Centralized processing & controls including shared serviceenvironments Controls to monitor results of operations Controls to monitor other controls, including IA function,

AC, and self-assessment programs

Controls over the period-end financial reporting process Policies that address significant business control and risk

management practices


13/16

Controls that apply to all systems components,processes, and data for a given organization orInformation Technology

Objective:

to ensure the proper development and implementationof applications, as well as the integrity of programs, data

files , and computer operations


14/16

Most common ITGC:

Data center security controls

Computer oepration controls

Program Change management controls System development life cycle controls


15/16

Sources:

Auditing Standard no. 5

Sarbanes Oxley Act 2002

Sarbanes Oxley for Dummies Various sources from Internet


16/16