Beruflich Dokumente
Kultur Dokumente
Sox Team
SEC Requirements –302
& 404
in g
Stakeholders ort
p
l re
ia
nc
F ina
y on
ilit
liab
e re Management certification on
Th the Effectiveness of Internal Control
by assessing the controls (Fraud and Error
Internal Controls
over Financial
Reporting
Section 404:
Annual
and Procedures Management
“Assessment”
and Auditor
Attestation
Management Assessment
- 404
COSO COBIT
Disclosure Controls
des a B ksi R
p An wo Dpo T
Evaluation Phases:
Evaluate Overall
Understand and Management’s
Effectiveness,
Organize a Evaluate Internal Report
Understand Evaluate
Project Team Controls at the on
the Definition Internal Identify Matters for
to Conduct Process, Internal
of Internal Control at the Improvement, and
the Transaction, or Control
Control Entity Level
Evaluation Application
Establish Monitoring
Level
Systems
• The definition in the • Select an • Begin evaluation • This is a comprehensive, time- • The final step is to make an
COSO report is the appropriate team by considering consuming process of overall assessment based on
best starting point and establish internal control at documenting and understanding evaluation results.
for the evaluation. ground rules. the entity level. the flows of transactions and • Develop a monitoring
related controls.
process.
• Includes management testing
Entity
Financial Statements
Significant Management
Locations
Accounts Assertions
Disclosure
Fraud
SOX
Significant Processes / Sub Processes
Applications/Transactions
ITGC
ITGC
Key Areas for Auditor’s
Certification
Business Process
Business Process
Business Process
Business Process
Manufacturing
Controls
Logistics
Finance
Etc.
IT Services
OS/Data/Telecom/Continuity/Networks
IT General Controls
Source: IT Governance Institute
IT Control Components
Systems planningCollaboration
Environment
Systems Security /
IT General Controls Access
Change Management
System Development
Computer Operations
Authorization
Configuration / account
mapping
Application Controls Exception / edit reports
Interface / conversion
System access
MANAGEMENT FINAL THOUGHTS
…
Anti Fraud Assessment Anti Fraud Assessment
Process
Financial Statements