New here and need urgent assistance 1455



  • I am new in the SOX field and am trying to get started.
    I could find much material concerning the Act, its background and considerations, but I’m having trouble finding the controls themselves.
    The actual guidelines of the Act, that would tell me what actually needs to be done. I’m especially interested in security topics (I guess it’s only the 404 section…).
    Could someone please assist me in finding the document that consists of these controls???
    Thanks,
    Jenny



  • Hi,
    The controls that are required for SOX compliance are not identified in the Sarbanes-Oxley Act of 2002. However, example ‘control activities’ in the significant financial cycles and business processes may be found in various resource documents about SOX.
    PwC has a good document that identifies sample control activities. It is called, Sarbanes-Oxley Act: Section 404 - Practical Guidance for Management.
    whitepapers.zdnet.co.uk/0,39025945,60129346p-39000418q,00.htm
    Hope this helps,
    Milan



  • Thanks Milan,
    Does it mean that the actual controls are interpertaions of various sources?
    Does the Act give any practical directions or guidelines?
    Where could I find the Sox’s guidelines from which these sources do their interpertations? I could only find very general material (background, consideraions, etc.).
    Jenny



  • Hi,
    Please check out the protiviti whitepaper FAQ’s for SOX…the document will contain answers to all of your questions and then some…
    protiviti.com/portal/site/pro-us/?epi_menuItemID=51c70ec7a3467071bb078e9ca7cebfa0-and-epi_menuID=8b5ea5c82fb6ef61bb078e9ca7cebfa0
    -and-epi_baseMenuID=e895a64d2cd7bc72af03a975a7cebfa0
    The SOX Act is quite general and the section of interest to you, Section 404, is quite broad. It provides no clear examples and simply interpreted by groups such as the PCAOB, SEC, and other groups for implementation purposes.
    The PCAOB has a lot of useful materials that may be helpful in learning more about the Act and its requirements.
    pcaob.org
    Sorry that I can’t be more helpful, but your questions are quite broad and much has been written about SOX…too much for a quick ‘reader’s digest’ recap on this Forum.
    cheers,
    Milan



  • Thanks again Milan,
    appreciate your help.



  • Does it mean that the actual controls are interpertaions of various sources?

    The actual controls will necessarily vary from business to business and process to process and therefore it’s actually not possible to give guidance on which specific controls would be required - without being so generic as to be useless.
    Does the Act give any practical directions or guidelines?
    No. Section 404 is actually a very short piece of text. However, the supporting notes require you to assess internal control using a recognised framework - for which the vast majority of companies have chosen to use COSO.
    Where could I find the Sox’s guidelines from which these sources do their interpertations? I could only find very general material (background, consideraions, etc.).

    The papers Milan has referenced are a good starting point. You might also consider the PCAOB Audit Standard #2 which gives very detailed guidance on what auditors need to do on a SOx assignment but is quite informative for management. You just need to bear in mind that you don’t actually need to comply with that standard.
    All the Big 4 accounting firms also have decent guidance documents freely available on their websites.
    If you are mostly interested in Security then you are actually proably most interested in COBIT - which is the control framework used by most companies to evaluate the relevant IT controls. Look for a document by the IT Governance Institute on IT Controls for Sarbanes-Oxley. It is linked from another thread in this forum.



  • Thanks, your information is a great starting point.



  • In addition to AS #2 on the PCAOB website, you will also want to read all of the FAQ publications related to SOX on the PCAOB and SEC websites.
    sec.gov/spotlight/soxcomp.htm
    pcaobus.org/Standards/Staff_Questions-and-Answers/index.aspx



  • And register for KPMG run webinars for getting to know about emerging trends. It is also a good platform to get requisite CPE credits


Log in to reply