http://sarbanes.knowledgehills.

com/Sarbanes-Oxley-%28SOX%29-
Compliance-Tutorial/a31p1

Sarbanes Oxley (SOX) Compliance Information - What is the Sarbox

Act or Sarbanes-Oxley Act?

• Sarbanes-Oxley is a US law passed in 2002 to strengthen corporate

governance and restore investor confidence. Act was sponsored by US
Senator Paul Sarbanes and US Representative Michael Oxley.
• Sarbanes-Oxley law passed in response to a number of major
corporate and accounting scandals involving prominent companies in
the United States. These scandals resulted in a loss of public trust in
accounting and reporting practices.
• Legislation is wide ranging and establishes new or enhanced standards
for all US public company Boards, Management, and public accounting
firms.
• Sarbanes-Oxley law contains 11 titles, or sections, ranging from
additional Corporate Board responsibilities to criminal penalties.
Requires Security and Exchange Commission (SEC) to implement
rulings on requirements to comply with the new law.

What does Sarbanes Oxley Address?

• Establishes new standards for Corporate Boards and Audit Committees

• Establishes new accountability standards and criminal penalties for
Corporate Management
• Establishes new independence standards for External Auditors
• Establishes a Public Company Accounting Oversight Board (PCAOB)
under the Security and Exchange Commission (SEC) to oversee public
accounting firms and issue accounting standards
Sarbanes-Oxley (SOX) Section 404 Transaction Assessment Training

Who is targeted for this Sarbanes Oxley training?

Individuals who will conduct SOX 404 internal control assessments Sector /
Corporate Function subject matter experts

• Former Financial or Systems Audit Experience

• Public Accounting experience
• Internal Audit experience
• IT General Controls experience

What are our objectives?

• Provide Overview of Sarbanes Oxley Legislation and update on recently

published SOX 404 Audit Standard
• Communicate Our Company Plan to Address Sarbanes Oxley, Section
404
• Provide awareness training in Assessing Key Process Controls using the
Sox 404 Audit Standard

What does Sarbanes Oxley Section 302 Address?

Sarbanes Oxley Section 302 addresses all financial information disclosed to

investors including MD&A in the 10Q and 10K.

Under SOX Section 302, CEO and CFO must:

• Certify quarter and annual financial statements and other published

financial information are fairly presented; no untrue facts or omissions
• Establish and maintain disclosure controls and procedures as of period
end and for disclosing material changes in internal control
• Disclose to auditors and Audit Committee if control deficiencies,
material weaknesses, or fraud exist

What does Sarbanes Oxley Section 906 Address?

Section 906 addresses criminal penalties for certifying a misleading or

fraudulent report
Under Sarbanes Oxley 906 penalties are:

• Up to $5 Million in fines
• Up to 20 years in jail

Other sections of SOX provide additional authority to regulatory bodies and

courts relating to fines or imprisonment for matters involving corporate fraud
What does Sarbanes Oxley Section 404 Address?

Section 404 is a subset of Section 302 and addresses Financial Statement

Reporting controls

Under 404, CEO and CFO must:

• Issue Internal Control Report in 2004 Company Annual Report

• Certify Quarterly as to effectiveness of Internal Controls over Financial
Reporting beginning 2005

The Accounting Firm must:

• Issue two opinions on internal controls over financial reporting in

Company 2004 Annual Report: (1) Management's assessment process
and (2) effectiveness of controls

Management's Sox 404 Responsibilities

• Effective Year End 2004 CEO & CFO must include a report in the
Annual Report indicating:
o They have designed and maintained a system of internal
controls for financial reporting using a recognized internal
control framework
o They have tested internal controls and found them to be
designed and operating effectively

The Auditor has evaluated the design and effectiveness of the

controls and found them to be operating effectively

• Effective Q1 2005, CEO and CFO must certify quarterly that there are
no significant changes to internal controls for financial reporting using
a recognized internal control framework.

External Auditor's Sox 404 Responsibilities

The Accounting Firm (External Auditor) must render two opinions:

• Management's Assessment Process

• Effectiveness of the company's internal controls over financial
reporting

The Accounting Firm must comply with Public Company Accounting Oversight
Board (PCAOB) Audit Standards

In order to render opinions, The Accounting Firm may:

• Review our process documentation

• Perform walk trough’s to validate controls are designed effectively
• Review and re-perform a sample of test of controls
• Perform additional independent tests
• Evaluate controls to ascertain if errors of importance could occur in the
financial statements or if fraud could occur

Sarbanes-Oxley-SOX-404-What-would-cause-internal-controls-to-
be-ineffective?

• Controls are ineffective if one material weakness is identified by management

and/or by Accounting Company as of the end of the fiscal year
• Controls may be ineffective if a number of significant control deficiencies exist
which in aggregate could lead to a material misstatement of financial statements
• Examples of items potentially leading to a material weakness:
o Inadequate documentation to support management's assessment
o Inadequate internal controls over financial reporting
• The decision on what items are a material weaknesses will be determined by
Company's Disclosure Committee; Management; Accounting Firm; and the Audit
Committee