The Sarbanes-Oxley Section 404 Implementation Toolkit, with CD ROM

How can companies easily comply with Sarbanes-Oxley Section 404? Looking for a highly accessible, simple, and practical approach to help your company easily comply with Sarbanes-Oxley Section 404? The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition presents a detailed road map to help companies not only streamline their compliance process, but also make the process manageable and repeatable year after year. A must-read for all CFOs, internal auditors, CPA firms, and independent auditors involved in the compliance process, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition is packed with work programs, audit checklists, and examples that readers can tailor to meet their own unique needs. Author and consultant Michael Ramos updates you on everything 404, including: - Detailed implementation practice aids for Sarbanes-Oxley 404 compliance based on new rules set by PCAOB and SEC - The best practices in the rapidly changing field of SOX 404 compliance - A new SEC appendix containing immediately useful information - New guidance for small businesses Fully updated and revised, The Sarbanes-Oxley Section 404 Implementation Toolkit, Second Edition embraces the common approaches and methodologies that have proven successful in the new world of Sarbanes-Oxley internal control testing and reporting. Also included is a website that contains all of the tools from the book, this timely workbook includes best practices that will benefit anyone who participates in the planning or performance of the effectiveness of internal control.

Michael J. Ramos, CPA, is a consultant who writes extensively on emerging auditing matters. He has written numerous successful products, including non-authoritative practice aids, implementation guides and authoritative AICPA Audit and Accounting Guides. In addition to text-based products, he has also authored a variety of training programs, including computer-based multimedia training and audio and video scripts. Ramos has written in the areas of ethics, auditing, internal control and fraud detection.

About the Author vii Preface ix Acknowledgments xi Part I Tools for Management 1 ADM-1 General Work Program 3 ADM-2 Project Planning Summary 17 ADM-2a Checklist for Summarizing Project Team Competence and Objectivity 31 ADM-2b.1 Worksheet for Determining and Documenting Significant Accounts and Disclosures 34 ADM-2b.2 Mapping of Business Processes to Significant Accounts and Disclosures 40 ADM-2c Example Inquiries to Identify Changes to Internal Control 45 ADM-3 Senior Management Review Checklist 47 ADM-4 Checklist for Preparation of Management's Report on Internal Control Effectiveness 52 Part II Documentation of Internal Control Design 57 DOC-1 Work Program for the Review of Documentation of Entity-Level Controls 59 DOC-1a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls 62 DOC-1b Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls 66 DOC-2 Work Program for the Review of Documentation of Activity-Level Controls 80 DOC-2a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls 82 DOC-2b Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location 85 DOC-3 Documentation Techniques and Selected Examples for Routine Transactions 87 DOC-4 Checklist for Evaluating SOX 404 Software 110 Part III Internal Control Testing Programs 113 Entity-Level Controls Testing Tools 115 TST-ENT-1 Summary of Observations and Conclusions about Entity-Level Control Effectiveness 119 TST-ENT-1a Checklist for Small Business Entity-Level Controls 135 TST-ENT-2 Work Program for Testing Entity-Level Control Effectiveness 143 TST-ENT-3 Index to Tests of Entity-Level Controls: Inquiries and Surveys 171 TST-ENT-3a Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Management 176 TST-ENT-3b Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Board Members 187 TST-ENT-3c Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Audit Committee Members 193 TST-ENT-3d Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Employees 200 TST-ENT-3e Example Employee Survey 207 TST-ENT-4 Index to Tests of Entity-Level Controls: Inspection of Documentation 215 TST-ENT-4a Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls 217 TST-ENT-5 Index to Tests of Entity-Level Controls: Observation of Operations 220 TST-ENT-5a Worksheet to Document Observation of Operation of Entity-Level Controls 222 TST-ENT-6 Index to Tests of Entity-Level Controls: Reperformance of Controls 225 TST-ENT-6a Worksheet to Document Reperformance of Entity-Level Controls 227 TST-ENT-7 Work Program for Reviewing a Report on IT General Control Effectiveness 230 TST-ENT-7a Planning and Review of Scope of Tests of IT General Control Effectiveness 235 TST-ENT-8 Work Program for Performing an IT General Controls Review 241
Guidelines for Testing Activity-Level Control Effectiveness 245 TST-ACT-1 Guidelines and Example Inquiries for Performing Walkthroughs 253 TST-ACT-2 Example Testing Program for Activity-Level Tests of Controls 261 TST-ACT-2a Example Testing Program for Control Operating Effectiveness: Revenue 262 TST-ACT-2b Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures 267 TST-ACT-2c Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements 271 TST-ACT-2d Example Testing Program for Control Operating Effectiveness: Payroll 275 TST-ACT-3 Work Program for the Review of a Type 2 SAS No. 70 Report 279 TST-ACT-3a Type 2 SAS No. 70 Report Review Checklist 282 TST-ACT-4 Process Owners' Monitoring of Control Effectiveness 289 Part IV Example Letters and Other Communications 295 COM-1 Example Engagement Letter for Outside Consultants to Management 297 COM-2 Example Management Representation Letter 301 COM-3 Example Management Reports on Effectiveness of Internal Control over Financial Reporting 303 COM-4 Example Subcertification 305 Appendix A 307 About the CD-ROM 385 Index 389