Documentos de Académico
Documentos de Profesional
Documentos de Cultura
A. The Sarbanes-Oxley Act of 2002 (also known as the Public Company Accounting Reform and
Investor Protection Act of 2002 and commonly called SOX, S-Ox or Sarbox; July 30, 2002) is
a controversial United States federal law named after sponsors Senator Paul Sarbanes (D-
Md.) and Representative Michael G. Oxley (R-Oh.), the Act was approved by the House by a
vote of 423-3 and by the Senate 99-0. The legislation establishes new or enhanced standards
for all U.S. public company boards, management, and public accounting firms. The Act
contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to
criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement
rulings on requirements to comply with the new law. The first part of the Act establishes a
new quasi-public agency, the Public Company Accounting Oversight Board, which is charged
with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as
auditors of public companies. The Act also covers issues such as auditor independence,
corporate governance, internal control assessment, and enhanced financial disclosure.
A. Any company governed by the Securities and Exchange Commission (SEC) which includes
all publicly traded companies; including all divisions, and their wholly owned subsidiaries,
must comply with Sarbanes-Oxley. In addition Sarbanes-Oxley also applies to any non-US
public multinational company engaging in business in the US.
A. The law was passed in response to a number of major corporate and accounting scandals
including those affecting Enron, Tyco International and WorldCom. These scandals resulted in
a decline of public trust in accounting and financial reporting practices. quisitions of
companies into a larger public entity.
A. Section 404 of the Sarbanes-Oxley Act relates to Management's assessment of internal control
over financial reporting. Both management and the external auditor are responsible for
performing their assessment in the context of a top-down risk assessment, which requires
management to base both the scope of its assessment and evidence gathered on risk.
Acquisitions of companies into a larger public entity.
Q. What does SOX 404 have to do with information technology?
A. The financial reporting processes of most organizations are driven by IT systems. Few
companies manage their data manually and most companies rely on electronic management of
data, documents, and key operational processes. Therefore, it is apparent that IT plays a vital
role in internal control. Chief information officers are responsible for the security, accuracy
and the reliability of the systems that manage and report the financial data. Systems such as
ERP (Enterprise Resource Planning) are deeply integrated in the initiating, authorizing,
processing, and reporting of financial data. As such, they are inextricably linked to the overall
financial reporting process and need to be assessed, along with other important process for
compliance with Sarbanes-Oxley Act. So, although S-Ox signals a fundamental change in
business operations and financial reporting, and places responsibility in corporate financial
reporting on the chief executive officer (CEO) and chief financial officer (CFO), the chief
information officer (CIO) plays a significant role in management's assessment of internal
control under Section 404 and in supporting the financial statement certification process.
A. For non-accelerated filers (registered companies with a market cap of $75 million or less), the
implementation date for complying with the reporting requirements regarding management's
evaluation of internal controls has changed several times. In December 2006, the Securities
and Exchange Commission (SEC) issued its most recent final regulation which states:
• a non-accelerated filer must include its management report on internal control over financial
reporting for fiscal years ending on or after December 15, 2007
• a non-accelerated filer is required to file its auditor's attestation report on internal control
over financial reporting when it files its annual report for fiscal years ending on or after
December 15, 2008.
In addition, the SEC has amended its filing requirements regarding the reporting on internal
control for newly public companies. Under the new amendments, a company will not be
required to include its report on internal controls until the year following its first annual
report.
A. The United States Securities and Exchange Commission (commonly known as the SEC) is a
United States government agency having primary responsibility for enforcing the federal
securities laws and regulating the securities industry/stock market. The SEC was created by
section 4 of the Securities Exchange Act of 1934 (now commonly referred to as the 1934
Act). In addition to the 1934 Act that created it, the SEC enforces the Securities Act of 1933,
the Trust Indenture Act of 1939, the Investment Company Act of 1940, the Investment
Advisers Act of 1940, the Sarbanes-Oxley Act of 2002 and other statutes. Christopher Cox is
the current chairman of the SEC.
Q. What is GAAP?
Q. What is COSO?
A. The Public Company Accounting Oversight Board (or PCAOB) (sometimes called
"Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a
2002 United States federal law, to oversee the auditors of public companies. Its stated purpose
is to 'protect the interests of investors and further the public interest in the preparation of
informative, fair, and independent audit reports.
Q. What is AS5?
A. The recently released Auditing Standard No. 5 of the Public Company Accounting Oversight
Board (PCAOB), which superseded Auditing Standard No 2, has the following key
requirements for the external auditor:
• Assess both the design and operating effectiveness of selected internal controls related to
significant accounts and relevant assertions, in the context of material misstatement risks;
•Understand the flow of transactions, including IT aspects, sufficiently to identify points at
which a misstatement could arise;
• Evaluate company-level (entity-level) controls, which correspond to the components of the
COSO framework;
• Perform a fraud risk assessment;
• Evaluate controls designed to prevent or detect fraud, including management override of
controls;
• Evaluate controls over the period-end financial reporting process;
• Scale the assessment based on the size and complexity of the company;
• Rely on management's work based on factors such as competency, objectivity, and risk;
• Evaluate controls over the safeguarding of assets; and
• Conclude on the adequacy of internal control over financial reporting.