Scribd Logo
Unggah

Selamat datang di Scribd!

  • Sas 404

    Diunggah oleh

    Kanda Sigit Anggara N
    59 tayangan5 halaman
    asal upload :D

    Judul Asli

    SAS 404

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    asal upload :D

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    59 tayangan5 halaman

    Sas 404

    Diunggah oleh

    Kanda Sigit Anggara N
    asal upload :D

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    SARBANES-OXLEY ACT (SOX) 404

    In July 2002, the United States Congress passed the Sarbanes-Oxley Act ("the Act") into law.
    The Act was primarily designed to restore

    investor confidence following well-publicized bankruptcies and internal control breakdowns
    that brought chief executives, audit

    committees, and the independent auditors under heavy scrutiny. The Act is applicable to all
    publicly registered companies under the

    jurisdiction of the Securities and Exchange Commission (SEC).

    The Act called for the formation of a Public Company Accounting Oversight Board
    (PCAOB) and specified several requirements

    ("sections") that include management's quarterly certification of their financial results
    (Section 302) and management's annual assertion

    that internal controls over financial reporting are effective (Section 404). In the case of
    Section 404, the independent auditor of the

    organization is required to opine on the effectiveness of internal control over financial
    reporting in addition to the auditor's opinion on the

    fair presentation of the organization's financial statements (also referred to as the "integrated
    audit").

    Section 404 draws attention to the significant processes that feed and comprise the financial
    reporting process for an organization. In

    order for management to make its annual assessment on the effectiveness of its internal
    control, management is required to document

    and evaluate all controls that are deemed significant to the financial reporting processes. If
    the organization uses a service provider to

    process transactions, host data, or other significant services, management may need to
    evaluate the design and test the operating

    effectiveness of the service organization's controls.

    Management will either need to conduct an evaluation of the service organization's controls,
    or management may obtain a Type 2 SAS

    No. 70 service auditor's report from the service organization, if a service auditor has been
    engaged, to gain an understanding of the

    service organization's controls. The relevant audit guidance for SAS No. 70 already requires
    that a service auditor's report contain

    information on the five components of internal control as it relates to the service
    organization.

    Service organizations that have customers who are publically registered companies should
    expect an increase in demand for

    information on the service organization's controls. Service organizations should consider the
    following:

    What are the fiscal year-ends of the service organization's customers?
    When will the management of the service organization's customers conduct their evaluations
    and assessments?
    If the service organization currently receives a SAS 70 audit, is the scope adequate to meet
    the needs of customer management and the

    auditors of the customers?
    If the service organization does not currently receive a SAS 70 audit, does the service
    organization have the bandwidth from a resource

    standpoint to handle the additional requests that may result from Section 404 of the Act?
    The SEC published its final rules related to the adoption of Section 404, which can be viewed
    at the SEC website. Public companies that

    meet the definition of an "accelerated" filer were the first issuers who had to comply with the
    internal control reporting requirements for

    fiscal years ending after November 15, 2004. Public companies that are not accelerated filers,
    including foreign private issuers, must

    begin to comply with the annual internal control report for its first fiscal year ending on or
    after December 15, 2007. The non-accelerated

    filer deadline was deferred by the SEC to 2006 in March 2005, and then again to 2007 in
    September 2005.

    On December 20, 2006, the SEC released proposed interpretive guidance for management
    regarding its evaluation of internal control

    over financial reporting. The interpretive guidance sets forth an approach by which
    management can conduct a top-down, risk-based

    evaluation of internal control over financial reporting. You can download a PDF copy of the
    proposed rule from the SEC website. The

    interpretive guidance was approved by the SEC on May 23, 2007.

    The PCAOB is responsible for publishing the guidance that practitioners (i.e., auditors) must
    follow when examining management's

    assertion on the effectiveness of controls over financial reporting. On March 9, 2004, the
    PCAOB released Auditing Standard No. 2 ("AS

    2") entitled "An Audit of Internal Control over Financial Reporting in Conjunction with an
    Audit of Financial Statements". Appendix B of the

    file rule contains information on service organizations and confirms that a SAS 70 service
    auditor's report is an acceptable format to allow

    management to assess the operating effectiveness of controls at the service organization. The
    SEC adopted the PCAOB's Auditing

    Standard No. 2 on June 17, 2004. You can download a PDF copy of AS 2 from the PCAOB
    website.

    On May 24, 2007, the PCAOB released Auditing Standard No. 5 ("AS 5") entitled "An Audit
    of Internal Control over Financial Reporting

    That is Integrated with an Audit of Financial Statements." AS 5 supersedes AS 2 and was
    designed specifically to improve the

    implementation of the internal control reporting requirements by focusing the auditors on the
    "most important matters" and by eliminating

    procedures that the PCAOB believes are unnecessary to an effective audit of internal control.
    Under AS 5 (Appendix B17-B27), SAS 70

    audit reports continue to play an important role in allowing management and auditor to
    evaluate the operating effectiveness of controls at

    a service organization. AS 5 was approved by the SEC on July 25, 2007 and is effective for
    audits of internal control over financial

    reporting required under Section 404 for fiscal years ending on or after November 15, 2007.
    More information can obtained via the news

    release on the PCAOB's web site.

    Section 404 of the Sarbanes-Oxley Act is also referred to "SOX 404" in many discussion
    forums.

    The AICPA maintains a web page dedicated to the latest developments surrounding the
    Sarbanes-Oxley Act. You can access this web

    page at: http://www.aicpa.org/sarbanes/index.asp

    The IT Governance Institute has published a very handy reference guide entitled "IT Control
    Objectives for Sarbanes-Oxley". The guide

    was updated in September 2006. You can download a PDF copy of this powerful research
    tool which maps many of the CobIT control

    objectives to the widely-recognized COSO framework for internal control.

    Anda mungkin juga menyukai