What's the big deal with 404? 615



  • I am unable to find a consice summary of section 404. What does it do basically? All information I have gotten on this section has been too comprehensive for me to understand, could someone explain to me in simple terms what 404 does, why it is so hard/expensive to comply with, and why everyone hates it?
    Thanks in advance,
    Kyle



  • What 404 does…
    Section 404 of the Sarbanes-Oxley Act of 2002 requires management to file a report (signed by the CEO and CFO) on internal controls over financial reporting with the annual report. This contains these elements:
    A statement of management’s responsibility for establishing and maintaining adequate internal controls and procedures for financial reporting;
    A statement identifying the framework (call me COSO) used by management to evaluate the effectiveness of internal control over financial reporting;
    Management’s assessment of the effectiveness of internal control over financial reporting as of the end of the company’s most recent fiscal year; and
    A statement that the issuer’s independent auditor has issued an attestation report on management’s assessment.
    Why it is so hard/expensive to comply with…
    CEO nad CFO will not sign if they are sure… Ten years imprisonment if the officer made such certificate 'knowing that the periodic report accompanying the statement does not comport with all the requirements, and up to twenty years for the same act if done willfully.
    So we need:
    Identify financial statement elements
    Financial statement risk assessment
    Entity level risk assessment
    Document internal controls, information flows, policies and procedures of critical processes and… document again…
    Define critical processes supporting the financial reporting function
    Mitigate the key risks
    Assess control design effectiveness and operating effectiveness
    Test…Test…Test…
    Validate assessment with external auditor
    Why everyone hates it?
    Not everyone… external auditors love it 😉



  • Thank you very much, is there a place other than this site to reference the information you just listed?



  • There are many sites. We start with:
    //www.sec.gov
    //pcaobus.org
    //www.coso.org


Log in to reply