Escolar Documentos
Profissional Documentos
Cultura Documentos
This section is of course listed under Title IV of the act (Enhanced Financial Disclosures), and pertains to 'Disclosures in Periodic Reports'. Summary of Section 401 Financial statements are published by issuers are required to be accurate and presented in a manner that does not contain incorrect statements or admit to state material information. These financial statements shall also include all material off -balance sheet liabilities, obligations or transactions. The Commission was required to study and report on the extent of off-balance transactions resulting transparent reporting. The Commission is also required to determine whether generally accepted accounting prin cipals or other regulations result in open and meaningful reporting by issuers.
This section is listed under Title IV of the act (Enhanced Financial Disclosures), and pertains to 'Management Assessment of Internal Controls'.
Summary of Section 404 Issuers are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures. The registered accounting firm shall, in the same report, attest to and report on the assessment on the effectiveness of the internal control structure and procedures for financial reporting.
This section is listed within Title IV of the act (Enhanced Financial Disclosures), and pertains to 'Real Time Issuer Disclosures'. Summary of Section 409 Issuers are required to disclose to the public, on an urgent basis, information o n material changes in their financial condition or operations. These disclosures are to be presented in terms that are easy to understand supported by trend and qualitative information of graphic presentations as appropriate.
This section is listed within Title VIII of the act (Corporate and Criminal Fraud Accountability), and pertains to 'Criminal Penalties for Altering Documents'. Summary of Section 802 This section imposes penalties of fin es and/or up to 20 years imprisonment for altering, destroying, mutilating, concealing, falsifying records, documents or tangible objects with the intent to obstruct, impede or influence a legal investigation. This section also imposes penalties of fines a nd/or imprisonment up to 10 years on any accountant who knowingly and wilfully violates the requirements of maintenance of all audit or review papers for a period of 5 years.
that occur externally, such as changes by customers or business partners that could materially impact its own financial positioning (e.g. key customer/supplier bankruptcy and default). To comply with Section 409, organizations should assess their technological capabilities in the following categories: Availability of internal and external portals - Portals help route and identify reporting issues and requirements to investors and other relevant parties. These capabilities address the need for rapid disclosure. Breadth and adequacy of financial triggers and alert - The organization sets the trip wires that will kick off a Section 409 disclosure event. Adequacy of document repositories Repositories play a critical role for event monitoring to assess disclosure needs and provide mechanism to audit disclosure adequacy. Capacity to be an early adopter of Extensible Bus iness Reporting Language (XBRL) XBRL will be a key tool to integrate and interface transactional systems, reporting and analytical tools, portals and repositories. [edit]Section 802 & Records retention Section 802 of Sarbanes-Oxley requires public companies and their public accounting firms to maintain all audit or review work papers for a period of five years from the end of the fiscal period in which the audit or review was concluded. This includes electronic records which are created, sent, or received in connection with an audit or review. As external auditors rely to a certain extent on the work of internal audit, it would imply that internal audit records must also comply with Section 802. In conjunction with document retention, another issue is that of the security of storage media and how well electronic documents are protected for both current and future use. The five -year record retention requirement means that current technology must be able to support what was stored five years ago. Due to rapid changes in technology, some of today s media might be outdated in the next three or five years. Audit data retained today may not be retrievable not because of data degradation, but because of obsolete equipment and storage media. Section 802 expects organizations to respond to questions on the management of SOX content. IT -related issues include policy and standards on record retention, protection and destruction, online storage, audit trails, integration with an enterprise repository, market technology, SOX software and more. In addition, organizations should be prepared to defend the quality of their records management program (RM); comprehensiveness of RM (i.e. paper, electronic, transactional communications, which includes emails, instant messages, and spreadsheets that are used to analyze financial results), adequacy of retention life cycle, immutability of RM practices, audit trails and the accessibility and control of RM content. [edit]End-user application / Spreadsheet controls PC-based spreadsheets or databases are often used to provide critical data or calculations related to financial risk areas within the scope of a SOX 404 assessment. Financial spreadsheets are often categorized as end -user computing (EUC) tools that have historically been absen t traditional IT controls. They can support complex calculations and provide significant flexibility. However, with flexibility and power comes the risk of errors, an increased potential for fraud, and misuse for critical spreadsheets not following the sof tware development lifecycle (e.g. design, develop, test, validate, deploy). To remediate and control spreadsheets, public organizations may implement controls such as: Inventory and risk-rank spreadsheets that are related to critical financial risks identi fied as in-scope for SOX 404 assessment. These typically relate to the key estimates and judgments of the enterprise, where sophisticated calculations and assumptions are involved. Spreadsheets used merely to download and upload are less of a concern. Perform a risk based analysis to identify spreadsheet logic errors. Automated tools exist for this purpose. Ensure the spreadsheet calculations are functioning as intended (i.e., "baseline" them). Ensure changes to key calculations are properly approved. Responsibility for control over spreadsheets is a shared responsibility with the business users and IT. The IT organization is typically concerned with providing a secure shared drive for storage of the spreadsheets and data backup. The business personnel are responsible for the remainder.