BetaWatch News Online - Sarbanes-Oxley Primer

Volume 1, Issue 1

PRESIDENT'S MESSAGE
"BetaWatch’s mission is to provide risk assessments, help identify gaps and deliver a plan of action that integrates into employee workflow. The BetaWatch team measures its success through customer satisfaction and rapid growth in the use of the BetaWatch digital due diligence™ service."
Temi Grafstein

If you wish to receive BetaWatch's bi-weekly Sarbanes-Oxley Primer, click here gspenser@betawatch.com and write 'Receive Sarbanes Primer' in the subject line.

Sarbanes-Oxley Primer Index

Volume 1: Issue 1

Welcome to the world of technology audit enthusiasts
Welcome to the first biweekly issue of BetaWatch's Sarbanes-Oxley Primer. We hope you will find this free e-note to be a quick, informative read. It is our goal to deliver useful information about section 404 that will help you understand the required audit methodology and engage BetaWatch Inc. It is a challenge for many to keep up with the stringency expected by stakeholders and the feds while maintaining a focus on the day-to-day challenges.

BetaWatch can help your people bring your organization to post-Enron standards. With clipboards in hand, our team is also poised to run your external audit, write evidential matter, including documentation and records management, regarding both the design of internal control and testing processes. BetaWatch Inc. strengthens the digital due diligence team [D3] with appointment of systems and people veteran Nora Bencsics. http://betawatch.com/press-releases/pr03nov.htm

Section 404 Sarbanes-Oxley Primer

In this issue: Auditor to Auditor

COSO framework

Control Environment

President’s Message

Auditor to Auditor
Although most audits begin with a blank piece of paper, the requirements of section 404, Sarbanes-Oxley is an auditor-to-auditor communication. Prior to the external auditor's investigation, analysis, report, and attestation to the accuracy of internal controls, the internal auditor must have the below listed details in place;

1) Easily monitored business process models

2) Managed records and documents

3) Written list of employees' responsibilities

4) Risk architecture that provides a 48-hour snapshot of what took place in the system, when, and by whom

COSO
Under new rules, management must disclose any material weakness and must report the company's effectiveness of internal control over financial reporting. "The framework on which management's evaluation is based will have to be a suitable, recognized control framework that is established by a body or group that has followed due-process procedures, including the broad distribution of the framework for public comment." http://www.sec.gov/news/press/2003-66.htm

The 1992 COSO document, Internal Controls -- Integrated Framework, changed the way internal control is viewed. Intended to provide a common understanding and standards of internal control among all stakeholders and to aid C level people to exercise better control over an enterprise, the COSO Framework evaluates hard controls, such as segregation of duties, as well as soft controls, such as the competence and professionalism of employees. The consensus amongst auditors is that Sarbanes-Oxley section 404 is to use COSO evaluation criteria because it is a process that provides assurance regarding the achievement of effectiveness and efficiency of operations and compliance with applicable laws and regulations.

The first volume of this Primer will explain COSO evaluation criteria. One often hears auditors talk about the COSO pyramid. This depicts the interrelated way a company is best managed and the components are the evaluation criteria used to measure internal control. Working from the base to the tip these are:

1)	Control Environment
2)	Risk Assessment
3)	Control Activities, and
4)	Monitoring

Wrap these principles with Information and Communication and you will be ready for a COSO compliant audit.

Control Environment
Accurately placed at the foundation of the pyramid, the control environment sets the values of the organization providing direction and structure, and consequently affects the consciousness and actions of internal stakeholders. To ensure that your control environment is COSO compliant and that your internal staff are accountable, we have listed below some of the required written documentation.

1)	Standards of integrity and values
2)	Corporate governance blueprint that impacts the Control Environment
3)	Employee skill-set and core-competency registry of who does transactions and who monitors internal controls
4)	Board of Directors or audit committee that oversee the organization's activities
5)	Organizational structure that encourages reporting relationships and promotes segregation of duties
6)	Human Resources policies that contribute to and ensure personnel integrity

Next release - Volume 1: Issue 2 COSO Risk Assessment

Return to: Sarbanes-Oxley Primer Index

ßetaWatch Inc. digital due diligence™

Digital Due Diligence™ is a business process improvement tool that provides corporate information management, system stability, pro-active accountable directors and stakeholder satisfaction. Digital Due Diligence™ helps you achieve business process models and risk architecture, For more information, visit http://betawatch.com/sarbanes-oxley.htm or write to: gspenser@betawatch.com or call Grafstein at 1-866-638-2382.

KNOWLEDGE PROVIDED PURSUANT TO THIS COMPLIANCE IS FOR INFORMATION PURPOSES ONLY. The knowledge can be interpreted as a commitment on the part of BetaWatch and BetaWatch guarantees the accuracy of any information. The section 404 Sarbanes-Oxley Primer newsletter may be copied and distributed subject to the following conditions: All text must be copied without modification and all pages must be included. All copies must contain BetaWatch's copyright notice and any other notices provided there. This document may not be distributed for profit.