4 or more issues 1183

  • I am having trouble trying to establish 4 or more issues concerning Sarbanes-Oxley Section 404 for UK companies in US listing, The scenario is that i have been asked to provide a report to brief the finance director. Focusing on other information sources on these issues that might inform the finance director development of policy within our company.
    Can anyone please suggest any issues that i can research.

  • leman,
    This can be helpful…(I am assuming that your focus is on IT controls)
    Assessing the Readiness of IT
    The Sarbanes-Oxley Act now requires all qualifying SEC-registered
    organizations to document, evaluate, monitor and report on internal control
    over financial reporting and disclosure controls and procedures, which
    include IT controls. The first step in this process is to assess the overall IT
    organization’s Sarbanes-Oxley financial reporting controls readiness by
    considering the questions illustrated in figure 4.
    Figure 4Sarbanes-Oxley IT Diagnostic Questions

    1. Does the Sarbanes-Oxley steering committee understand the risks inherent in IT
      systems and their impact on compliance with section 404?
    2. Have business process owners defined their requirements for financial reporting
    3. Has IT management implemented suitable IT controls to meet these business
    4. Does the CIO have an advanced knowledge of the types of IT controls necessary to
      support reliable financial processing?
    5. Are policies governing security, availability and processing integrity established,
      documented and communicated to all members of the IT organization?
    6. Are the roles and responsibilities for all those involved in processing financial IT
      systems related to section 404 documented and understood by all members of the
    7. Do members of the IT department and all those involved in processing financial IT
      systems understand their roles, do they possess the requisite skills to perform their
      job responsibilities relating to internal control, and are they supported with appropriate
      skill development?
    8. Is the IT department’s risk assessment process integrated with the company’s overall
      risk assessment process for financial reporting?
    9. Does the IT department document, evaluate and remediate IT controls related to
      financial reporting on an annual basis?
    10. Does the IT department have a formal process in place to identify and respond to IT
      control deficiencies?
    11. Is the effectiveness of IT controls monitored and followed up on a regular basis?

Log in to reply