 |
|
|
|
|
|
Volume 1, Issue 2
PRESIDENT'S
MESSAGE
"Increasing board responsibilities demand a deeper knowledge of your
organization. We can set up structured programs to prepare for compliance
audit, centralize information from all systems, set risk flags, and build you a
real-time knowledge dashboard. The BetaWatch team measures its success through
customer satisfaction and rapid growth in the use of the BetaWatch digital due
diligence™ service."
- Temi Grafstein, President & Senior Consultant, BetaWatch Inc.
Would a friend or a colleague be interested in section 404
Sarbanes-Oxley Primer? Please forward a copy! If you would like to be
removed from our newsletter mailing list click here gspenser@betawatch.com
and write remove in the subject line. |
Sarbanes-Oxley
Primer Index
Volume 1: Issue 1
Volume 1: Issue 2
Welcome to the
world of technology audit enthusiasts
Welcome to BetaWatch's biweekly Sarbanes-Oxley Primer.
We hope you will find this free e-note to be a quick,
informative read. It is our goal to deliver useful information about
Corporate Governance that will help you understand the required audit methodology
and engage BetaWatch Inc. It is a challenge for many to keep up with the
stringency expected by stakeholders and the feds while maintaining a
focus on the day-to-day challenges.
BetaWatch can help the significant effort
required to comply to Sarbanes-Oxley section 404, 802, and Bill 198. In our
sixth year of best practice technology our team is also poised to help your internal
audit group set up the required dashboard.
Background
COSO
Companies must be prepared to perform the following in preparation for section 404 attestation.
Firstly, management must accept responsibility for the effectiveness of the internal control
environment reporting. Secondly, the organization must evaluate the effectiveness
of internal controls utilizing the COSO evaluation criteria.
The first volume of this Primer will
explain COSO evaluation criteria. This issue describes risk assessment.
One often hears auditors talk about the COSO pyramid. This triangle
depicts the interrelated way a company is best managed and the components
are the evaluation criteria used to measure internal control. Working from the
base to the tip these are: 1) Control Environment, 2) Risk Assessment,
3) Control Activities, and 4) Monitoring. Wrap these principles with Information and
Communication and you will be ready for a COSO compliant audit.
IT Risk and
Control
Now that financial controls and
processes must be verified and documented as to their effectiveness
by an external auditor, boards of directors, CEOs and CFOs are
changing their existing reporting templates to comply with section
404, Sarbanes-Oxley. Greater transparency is ensured in the
mandatory quarterly disclosure of controls and procedures audit.
The CIO' s group builds and runs the applications that the business
units store the data. Segregation of duties must be established to
record and report risk. The internal auditor has to match control
objectives with where they take place and provide assurance that the
applications designed and the transaction data are separated.
Change Control, a process for monitoring procedures like access to
sensitive accounts, must be measured for accuracy, completeness,
timeliness and also tested at critical points. The eight steps to
Risk Assessment compliance are:
1) Automated controls
2) Limited and secure access to transactions and data
3) Data Validation
4) Error checking and reporting
5) Calculations
6) Accurate reporting
7) Tracking interface
8) Reliance on computer generated reports
COSO
Risk Assessment
On the second layer above Control
Environment COSO evaluation criteria, is Risk Assessment. Organizations
address external and internal risks and most importantly one must
establish objectives and link them to all levels consistently.
Compliance to COSO Risk Assessment requires one to identify and analyze
risks in relation to the established objectives. For your ready
reference we have listed below some of the required tasks.
| 1) |
Establish control
objectives to provide guidance for company's objective achievement. |
| 2) |
Method and process to
identify internal and external risks. |
| 3) |
Relevancy, timeliness
and accuracy of risk assessment process. |
| 4) |
Business transaction
practices known to accounting staff. |
| 5) |
Boards of directors,
CEOs, and CFOs aware of the strategic risks facing the
organization. |
|
|
|
|
|
|
Next
release - Volume 1: Issue 3 COSO Control Activities
Return to: Sarbanes-Oxley
Primer Index
ßetaWatch Inc. digital due diligence™
Digital Due Diligence™
is a business process improvement tool that provides corporate
information management, system stability, pro-active accountable
directors and stakeholder satisfaction. Digital Due Diligence™ helps
you achieve business process models, and risk architecture, For more
information, visit http://betawatch.com/sarbanes-oxley.htm
or write to: gspenser@betawatch.com
or call Grafstein at 1-866-638-2382.
|
