Hendrarini S

Section 302 - Corporate Responsibility for Financial

Reports Section 401 Disclosures in Periodic Reports Section 404 Management Assessment of Internal Controls Section 409 Real Time Issuer Disclosures Section 802 Criminal Penalties for Altering Documents

 Restore the public confidence in both public

accounting and publicly traded securities Assure ethical business practices through of executives awareness and accountability

 External Auditors

Internal Auditors
Boards of Director and their committees Top Executives

Regulators

 Off-balance sheet transactions

Internal Control reports

Issuer must disclose wether or not its audit committee

is comprised of at least one financial expert, and if not, why. Disclosure of material changes in the financial condition or operations of the issuer

The CEO and CFO must certify in each periode filing that the financial information : does not contain any untrue statement of a material fact And fairly presents in all material respects the financial condition and results of operations of the issuer

 Will our ASSET produce future benefit equal to their

cost? Do our LIABILITIES report all of the amounts we expect to pay out? Is all REVENUE we reported really earned? Have we recorded all of our EXPENSES for the period? Have we described the critical ASSUMPTIONS underlying our financial reports, and have we described any significant CONTINGENCES?

 Responsibility for establishing and maintaining

adequate internal control over financial reporting for the company Identify the framework used by management to evaluate the effectiveness of this internal control Assessment of the internal control as of the end of the Companys most recent year

It is a process that provides reasonable assurance regarding the reliability of financial reporting for external purposes, includes: Provide the maintenance of records that reflect the Companys transactions Provide assurance that transactions are recorded in accordance with GAAP Provide assurance that assets are protected against theft or fraud

5 components (COSO): Control Environment (How decisions and policies are

made within a business and how authority and responsibly are assigned)

Risk Assessment (what could go wrong?)

Control Activities (procedures to control against risk)

Information and communication (How policies and
control structures are communicated to people within the organization)

Monitoring (Whether controls are actually operating as expected)

 Identifying significant financial reporting elements

(accounts or disclosures) Identifying material financial statement risks within these accounts or disclosures Determining which Entity Level Controls would address these risks with sufficient precision Determining which Transaction Level Controls would address these risks in the absence of precise Entity Level Controls Determining the nature, extent, and timing of evidence gathered to complete the assessment of in-scope controls

Include; Controls related to the control environment Controls over management override The companys risk assessment process Centralized processing & controls including shared service environments Controls to monitor results of operations Controls to monitor other controls, including IA function, AC, and self-assessment programs Controls over the period-end financial reporting process Policies that address significant business control and risk management practices

Controls that apply to all systems components, processes, and data for a given organization or Information Technology Objective: to ensure the proper development and implementation of applications, as well as the integrity of programs, data files , and computer operations

Most common ITGC: Data center security controls Computer oepration controls Program Change management controls System development life cycle controls

Sources: Auditing Standard no. 5 Sarbanes Oxley Act 2002 Sarbanes Oxley for Dummies Various sources from Internet