Choose the right tools for internal control reporting: pick internal control software for changing business conditions.Time is running out for many businesses to begin the complex process of complying with section 404 of the Sarbanes-Oxley Act See SOX. of 2002, which tightened internal control and financial reporting requirements. (See "Impact of Section 404," page 36.) This article is intended for readers in both industry and public accounting who seek, or need to offer, advice on selecting software--based on the extent to which a company already has compliance systems in place--for meeting section 404's requirements. Although it is not a detailed buyer's guide, it describes the features of specific software categories and thus can serve as a practical guide to what's available in the market and what to look for when examining software for employers and clients and discussing products with vendors. CPAs can play a valuable role in helping companies choose software tools whose functions include supporting compliance and also enhancing communication with investors, employees and regulators, making financial statements clear and easier to analyze and increasing efficiency by, for example, eliminating redundant or obsolete OBSOLETE. This term is applied to those laws which have lost their efficacy, without being repealed, 2. A positive statute, unrepealed, can never be repealed by non-user alone. 4 Yeates, Rep. 181; Id. 215; 1 Browne's Rep. Appx. 28; 13 Serg. & Rawle, 447. controls and improving workflow The automatic routing of documents to the users responsible for working on them. Workflow is concerned with providing the information required to support each step of the business cycle. . Acting as a technical adviser on financial internal controls design, financial processes and transaction flows, the CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. can help a client or employer answer three difficult but important questions: * Is it better to design a compliance program for the short term (one year or less) or a more sustainable one for the long term? * Which software tools are most capable of fostering complete, effective and sustainable compliance in a given business situation? * What other investments (new policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental , training and ethics ethics, in philosophy, the study and evaluation of human conduct in the light of moral principles. Moral principles may be viewed either as the standard of conduct that individuals have constructed for themselves or as the body of obligations and duties that a programs, for example) are necessary to achieve section 404 compliance and also to take full advantage of the software chosen? Companies are eager to contain the already spiraling costs of complying with Sarbanes-Oxley. Some are overhauling their business processes and integrating them into enterprise-wide systems. They also are installing software that produces always-up-to-date business process documentation in terms managers, investors and lenders can understand. This software enables companies to refine their financial controls, improve both their timing and public communication of key company events and provide more detailed evaluations of business results. ASK (AND UNDERSTAND) BEFORE BUYING CPAs can save clients or employers time and money by strongly recommending the selection of software be based on the criteria listed below in order of importance. * The software tool's most important functions, not its minor features. * The vendor's viability as a going concern. * The vendor's support plans and the software's position in its product line. * The product's ongoing compatibility with the company's operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and its scalability. * Whether the tool has a Web-based interface and employees can access it online without installing software on their individual PCs. * Whether customization of the product is available or required. * The availability of suitable vendor-supplied implementation services. * The level of training the vendor provides. * The extent of integration with other tools--for example, how proprietary is the database, and can users easily link it to other programs? * Price. * Maintenance, support and upgrade costs (direct and indirect--for example, hardware and staff). * Availability of information on any infrastructure and operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. changes or updates that could become necessary. BUYER, KNOW THYSELF The Ancient Greek aphorism "Know yourself" (Greek: γνῶθι σεαυτόν or gnothi seauton) was inscribed in the pronaos (forecourt) of the Temple of Apollo at Delphi - according to the Greek periegetic The extent to which a company has progressed in building a strong control environment will dictate TO DICTATE. To pronounce word for word what is destined to be at the same time written by another. Merlin Rep. mot Suggestion, p. 5 00; Toull. Dr. Civ. Fr. liv. 3, t. 2, c. 5, n. 410. what tools it needs to buy and when. CPAs can use an internal controls maturity framework to help companies determine whether their existing or proposed controls for a given activity or process are rigorous enough to manage related risks and that they are sufficiently documented for review by auditors who must assess section 404 compliance. A version of such a framework, developed by PricewaterhouseCoopers, appears below. As companies implement tools capable of providing real-time 1. real-time - Describes an application which requires a program to respond to stimuli within some small upper limit of response time (typically milli- or microseconds). Process control at a chemical plant is the classic example. updates of business-process changes, their systems will begin to resemble the higher-numbered descriptions in the maturity model, reflecting greater efficiency and reduced risk. Here's how to use the model. First, the CPA and the company should review the company's existing controls and identify the level of maturity that best describes them. This comparison will highlight any less than optimal controls, reveal what additional levels of sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. are possible and enable the company to decide what goals it wants to establish for reinforcing its controls. The Maturity Framework Level 1: Unreliable. Unpredictable environment for which controls have not been designed or implemented. Level 2: Informal. Controls are present but inadequately documented and largely dependent on manual intervention A procedure used in a lawsuit by which the court allows a third person who was not originally a party to the suit to become a party, by joining with either the plaintiff or the defendant. . There are no formal communications or training programs related to the controls. Level 3: Standardized standardized pertaining to data that have been submitted to standardization procedures. standardized morbidity rate see morbidity rate. standardized mortality rate see mortality rate. . Controls are in place and documented, and employees have received formal communications about them. Undetected deviations from controls may occur. Level 4: Monitored. Standardized controls are in place and undergo periodic testing to evaluate their design and operation; test results are communicated to management. Limited use of automated au·to·mate v. au·to·mat·ed, au·to·mat·ing, au·to·mates v.tr. 1. To convert to automatic operation: automate a factory. 2. tools may support controls. Level 5: Optimized. An integrated internal controls framework with real-time monitoring by management is in place to implement continuous improvement. Automated processes and tools support the controls and enable the organization to quickly change the controls as necessary. BE THOROUGH Given the constant evolution of business processes, it makes sense for companies to adopt--if they're not already using--compliance software that can be fully integrated with company operations and reporting. Yet many companies still use paper-based systems or relatively uncomplicated software--such as spreadsheet spreadsheet Computer software that allows the user to enter columns and rows of numbers in a ledgerlike format. Any cell of the ledger may contain either data or a formula that describes the value that should be inserted therein based on the values in other cells. , word processing word processing, use of a computer program or a dedicated hardware and software package to write, edit, format, and print a document. Text is most commonly entered using a keyboard similar to a typewriter's, although handwritten input (see pen-based computer) and and flowchart flowchart Graphical representation of a process, such as a manufacturing operation or a computer operation, indicating the various steps taken as the product moves along the production line or the problem moves through the computer. programs--to document their business process controls for compliance purposes. But while these products and paper systems can produce initial documentation easily, they aren't well-suited to continually con·tin·u·al adj. 1. Recurring regularly or frequently: the continual need to pay the mortgage. 2. making or tracking changes in it. Companies reluctant to implement more complex systems equipped to track business process changes over time argue that Sarbanes-Oxley guidance and requirements still are not final, making significant software expenditures premature. Postponing the purchase of appropriate tools, however, may require the company to create compliance documentation using spreadsheets The following is a list of spreadsheets. Freeware/open source software Online spreadsheets
Many executives are reaching the same conclusion. In a CFO See Chief Financial Officer. magazine survey published in March 2003, only 11% of 245 CFOs said spreadsheet-based control reporting--which is very common--was accurate enough to make senior executives confident about certifying their companies' financial statement data, as the Sarbanes-Oxley Act requires. To help guide their employers and clients in choosing the right application to facilitate section 404 compliance, CPAs first need to explore the characteristics and relative merits of several types of software tools. WHAT TOOLS ARE AVAILABLE Many of today's commercial software products can help companies comply with the provisions of the Sarbanes-Oxley Act. These tools range from simple, stand-alone programs that focus on a specific issue (for example, a regulatory checklist) to more complex enterprise-wide, real-time systems Real-time systems Computer systems in which the computer is required to perform its tasks within the time restraints of some process or simultaneously with the system it is assisting. . Except for generic tools--discussed below--many of these products provide a framework for adding modules to be offered in the near future--even by other vendors. The best of them establish and maintain a relationship between the overall business and its core systems and provide an internal control architecture that changes to meet the organization's evolving compliance needs. CPAs should encourage their clients and employers to speak With multiple vendors when evaluating tools and request demonstrations of them to ensure understanding of their potential value to the company. The tools can be classified into four categories. * Generic tools enable users to document internal controls, reduce potential risks and provide some level of comfort that compliance initiatives are in place. Many companies already have such compliance software built into their general accounting systems (see exhibit 1, at left). But since such software is not dynamic--that is, it can't easily adjust to a company's changing business requirements--it provides only the most basic level of assurance and applies only to a given point in time. Further, since companies often adopt such tools without going through a formal software evaluation process and postpurchase measurement of their use and performance, it's difficult to ascertain their reliability. Exhibit 1: Generic Software Tools Accounting (products with enhanced internal control capabilities) * ACCPAC International Inc. (www.acpac.com). * Best Software (www.bestsoftware.com). * Creative Solutions Inc. (www.creativesolutions.com). * Hyperion Solutions Corp. (www.hyperion.com). * J.D. Edwards & Co. (www.jdedwards.com). * Lawson Software (www.lawson.com). * Microsoft Corp. (www.microsoft.com). * Peoplesoft Inc. (www.peoplesoft.com). * Oracle Corp. (www.oracle.com). * SAP AG (www.sap.com). Communication and collaboration * Akonix (http://akonix.com). * FaceTime Auditor (http://facetime.com). * IM-Age (http://im-age.com). * IM Logic (http://imlogic.com). * Iron Mountain (www.ironmountain.com/digital). * KVS (http://kvsinc.com). * Legato (http://legato.com). * Sector (http:/sectorinc.com). * WiredRed (http:/wiredred.com). * Zantaz (http://zantaz.com). Regulatory and technical reference * BNA Inc: (www.bna.com). * CCH Inc. (www.cch.com). * Factiva (www.factiva.com). * LexisNexis (www.lexisnexis.com). * PPC (www.ppcnet.com). * The Thomson Corp. (www.thomson.com). * WG&L (www.riahone.com/brands/default.asp). These generic tools help companies comply with section 404. Their capabilities are limited, however, and do not match those of other products that are the best in their respective categories. However, vendors of accounting products are augmenting them with self-documenting audit trails that automatically record and provide access to incremental Additional or increased growth, bulk, quantity, number, or value; enlarged. Incremental cost is additional or increased cost of an item or service apart from its actual cost. changes, with analysis tools to help auditors examine transactions within the system, with business intelligence tools that make it possible to delve into or summarize sum·ma·rize intr. & tr.v. sum·ma·rized, sum·ma·riz·ing, sum·ma·riz·es To make a summary or make a summary of. sum data, with consolidation interfaces linking disparate accounting systems, and with flags and alerts that signal when predetermined pre·de·ter·mine v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines v.tr. 1. To determine, decide, or establish in advance: cost or other limits have been reached and require review by an analyst. The CPA should emphasize the importance of his or her client's or employer's contacting their accounting software vendors to evaluate their plans for assistance and support in section 404 compliance. This will provide a starting point Noun 1. starting point - earliest limiting point terminus a quo commencement, get-go, offset, outset, showtime, starting time, beginning, start, kickoff, first - the time at which something is supposed to begin; "they got an early start"; "she knew from the for their deciding what, if any, additional tools are needed and how best to connect them to the company's existing systems. Besides accounting products, other subcategories of generic tools include those for communication and collaboration and regulatory and technical reference purposes (see exhibit 1). Security products, of which there are too many to mention, constitute another group of these generic tools. Communication and collaboration tools A collaboration tool is something that helps people collaborate. The term is often used to mean collaborative software, but collaboration tools were being used before computers existed, a piece of paper can for example can be used as collaboration tool. also are used to set up audit trails and documentation. E-mail, instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or , webcast conferences and virtual team workspaces--locations employees share for common projects--all are repositories While acknowledging services such as [ROAR: [1]] and [OpenDOAR: [2]] it is perhaps necessary to provide a list of individual repositories described in more detail within wikipedia here. of critical business and process information that organizations rely on and must document and analyze. Security-focused generic tools often provide finely detailed analyses for segregation segregation: see apartheid; integration. of duties, intrusion detection See IDS and IPS. , encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , firewall implementation, antivirus Refers to detecting and blocking computer viruses. See antivirus program, behavior blocking, virus and virus hoaxes. protection, enterprise security and disaster recovery plan updates as important components of a strong internal control system. Regulatory and technical reference tools provide a strong environment for obtaining accurate and up-to-date regulatory information for an organization. CPAs should focus their clients and employers--when they shop for such tools--on the importance of obtaining from vendors a detailed explanation of how their products might integrate with the company's internal control environment and with other vendors' tools. While such integration is possible, it tends to be less than optimal because generic tools are not designed to link to other products. * Document management and workflow tools are more capable of interacting with other software than are generic products and can address relatively straightforward functions such as report tracking (see exhibit 2, above). These products monitor workflows and processes--applying a business unit's self-defined rules--to make them more event-driven and thus easier to manage. They allow users to perform detailed indexing and searching of multiple document types, including e-mail, flowcharts and narratives, to organize and retrieve text, images and numeric data Refers to quantities and money amounts used in calculations. Contrast with string or character data. . They also enable companies to collect and integrate data from their various accounting systems and to create links between separate business units' discrete business processes. Companies using them can better understand and analyze the frequency of control activities, categorize cat·e·go·rize tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es To put into a category or categories; classify. cat internal control types, test their effectiveness and reveal relationships between key job responsibilities and their place in the workflow. Exhibit 2: Document Management and Workflow Software Tools * Documentum (www.documentum.com). * eFileCabinet (www.efilecabinet.com). * EMC Centera (www.emc.com). * FileNet (www.filenet.com). * GoFileRoom (http://immediatech.com). * IBM/Lotus (www.lotus.com). As an alternative, the following products do not possess Sarbanes-Oxley-specific compliance features but do have content-management capabilities. * Hummingbird (http://hummingbird.com). * iManage Worksite MP (www.interwoven.com/ products/worksite_mp). * Onbase by Hyland (http://onbase.com). These tools also are used to analyze risk and controls, rank them in terms of importance, materiality MATERIALITY. That which is important; that which is not merely of form but of substance. 2. When a bill for discovery has been filed, for example, the defendant must answer every material fact which is charged in the bill, and the test in these cases seems to and impact and organize them by work group in a way that can be continuously updated to correspond with changing business conditions and be summarized for quarterly review and management approval. * Data mining, file retrieval, pattern recognition and business intelligence tools can gather data from separate systems and organize and analyze them. This enables companies to detect patterns in financial statement data and thus improve the effectiveness of internal controls and the accuracy of financial information (see exhibit 3, at left). Exhibit 3: Data Mining, File Retrieval, Pattern Recognition and Business Intelligence Software Tools Data mining, file retrieval and pattern recognition * ACL (http://acl.com). * Caseware's IDEA (www.caseware.com). Business intelligence * Brio/Hyperion (www.hyperion.com). * Business Objects/Crystal (http://businessobjects.com). * Cognos Inc. (www.cognos.com). * SAS Financial Management (www.sas.com/solutions/financial). CPAs should impress upon companies the central role that three types of software in this group--data mining, file retrieval and pattern recognition--play in helping organizations fully understand the information they produce about their activities. Tools that perform these functions typically analyze, manipulate manipulate To cause a security to sell at an artificial price. Although investment bankers are permitted to manipulate temporarily the stock they underwrite, most other forms of manipulation are illegal. , sample and extract data. They also compare actual trends and patterns in financial statement accounts with expected norms to help identify irregularities that could indicate fraud or errors. A fourth type of software in this group---business intelligence tools--makes it possible to examine the results of business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets , delving deep into data and modifying variables to see how they affect a situation. It also enables users to review data for patterns, and it has strong reporting and graphical capabilities. And, with the advent of tools that are easier to connect to financial systems, this kind of software also has become cost-effective cost-effective, n the minimal expenditure of dollars, time, and other elements necessary to achieve the health care result deemed necessary and appropriate. . * Business performance management and real-time compliance tools provide management with real-time, enterprise-wide data (see exhibit 4, page 40). These tools can smoothly interact with other software and systems and provide one repository (1) A database of information about applications software that includes author, data elements, inputs, processes, outputs and interrelationships. A repository is used in a CASE or application development system in order to identify objects and business rules for reuse. for all company information, facilitate the development of consistent and more efficient processes, help optimize optimize - optimisation information timeliness and accuracy and promptly notify management of compliance problems and supply the means to resolve them, all of which enable the company to respond quickly to changing business conditions. Exhibit 4: Business Performance Management and Real-Time Compliance Tools Business performance management (BPM) Vendors are building software products with the ability to exchange data with other software to meet the functional and performance needs of both large and small companies. These products generally are easy to customize for specific situations and can be implemented without redesigning underlying systems. Examples of such software include * Fuego (http://fuego.com). * GEAC Enterprise Solutions (http://americas.geac.com). * SAS (http://sas.com). * Savvion Business Manager 5 (http://savion.com). Real-time compliance These products, many of which have BPM capabilities, are the optimal solution for companies aiming to implement an enterprise-wide internal control system. Among the vendors in this category are * Approva Bizrights (http://approva.net). * Axentis Enterprise (http://axentis.com). * CARDmap (http://carddecisions.com). * Centerprise Corporate Control Center (http://centerprise.com). * Certus (www.nthorbit.com). * CommerceQuest Traxion (http://commercequest.com). * Compli Enterprise (http://compli.com). * Concur Control (www.concur.com). * Handysoft SOXA Accelerator (www.handysoft.com). * KnowRisk (http://corprofit.com). * Magique (www.darcangelosoftwareservices.com). * Microsoft's SharePoint Portal Server (www.microsoft.com). * Movaris Certainty (http://movaris.com). * OpenText Livelink and IXOS (www.opentext.com). * Paisley Focus (http://paisleyconsulting.com). * Paisley Risk Navigator (http://risknav.com). * Protiviti (www.protiviti.com). * Providus RiskResolve (http://providus.com). * Sarbanes-Oxley Express (www.openpages.com). * Sempire Enterprise Governance (http://sempire.com). * S-O Comply (http://onproject.com/soa). * SOA Director (http://soadirector.com). * Virtual Commitment (www.virtualcommitment.com). The Gartner Group (company) Gartner Group - One of the biggest IT industry research firms. Address: Connecticut, USA. (www.gartner.com), a technology research and consulting company Noun 1. consulting company - a firm of experts providing professional advice to an organization for a fee consulting firm business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a , estimates that 40% of companies will adopt business performance management (BPM (Business Process Management) A structured approach that models an enterprise's human and machine tasks and the interactions between them as processes. BPM software provides users with a dashboard interface that offers a high-level view of the operation that typically ) tools by 2005. BPM tools add continuous auditing capability to real-time enterprise systems in the form of customized computer screens--called dashboards--that present key performance indicators Key Performance Indicators (KPI) are financial and non-financial metrics used to quantify objectives to reflect strategic performance of an organization. KPIs are used in Business Intelligence to assess the present state of the business and to prescribe a course of action. managers use to decide when and how to react to changing business conditions. Managers' actions might include defining, improving and monitoring business processes on a timely basis, measuring and tracking the workflow of business functions and the changes in resources at each step of a process and--based on these--dynamically adjusting business processes. (An example would be production and inventory adjustments based on sales trends and related changes to approvals and workflow.) There is a wide range of products in this category. Some link to specific enterprise-resource-planning systems, while others perform specific functions such as setting automatic triggers or real-time alerts to obtain quick responses. Some BPM tools enable you to instruct in·struct v. in·struct·ed, in·struct·ing, in·structs v.tr. 1. To provide with knowledge, especially in a methodical way. See Synonyms at teach. 2. To give orders to; direct. v. the system to alert management whenever, for example, company sales goals are missed or surpassed or multiple approvals are needed of large transactions. Real-time compliance tools store all information in one "data warehouse," provide consistent and efficient processing, optimize timeliness and accuracy, include rapid warning and response systems and make it easier to monitor and manage risks. These tools also provide performance management and workflow functions. CPAs should ensure that all products being considered serve the needs of organizations in which employees report to a variety of departments in different locations. The software must link controls to processes, analyze and describe the processes and link them to objectives and risks. The tools also should enable users to categorize, and set priorities for, risk and business objectives comprehensively in all areas of an organization. DEAL WITH THE INEVITABLE Sarbanes-Oxley has begun a new era of reporting for public companies. In order to meet the expectations of employees, shareholders and government, companies will need real-time systems that inform management of changing business conditions, such as changes in revenue, expenses, cash flow, production and employee-related issues as they occur. Many companies will respond with static, manual "quick fixes" or patchwork solutions--such as spreadsheet-based systems--without lasting value, but others will build the appropriate architecture and tools to monitor processes and ensure their integration into standard operations, thereby providing the mechanisms that ensure the reporting of complete, accurate, valid and reliable information. Note that this article does not pretend to cover all available products in any of the software categories it discusses. Instead, it presents a starting point from which readers can begin their own exploration of the subject. Impact of Section 404 This section of the Sarbanes-Oxley Act of 2002 generally requires public companies with a market value of $75 million or more, following the conclusion of their first fiscal year ending on or after June 15, 2004, to begin certain actions--such as including in their annual reports an assessment of whether their systems and financial reporting procedures are capable of providing accurate and complete financial statements. Other businesses must start their compliance efforts after the close of their first fiscal year ending on or after April 15, 2005. Section 404 directs the SEC to issue rules mandating that companies' annual reports contain an internal control report that * States the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. * Contains an assessment, as of the end of the company's most recent fiscal year, of the effectiveness of its internal control structure and procedures for financial reporting. EXECUTIVE SUMMARY * CPAs CAN PROVIDE A VALUABLE SERVICE to their employers or clients by helping them plan their strategic approach to compliance with section 404 of the Sarbanes-Oxley Act of 2002. * NEW SOFTWARE PRODUCTS CAN IMPROVE corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and external communications about financial performance. They also can enhance the efficiency and effectiveness of compliance programs, thus reducing their cost and helping companies track progress toward establishing adequate internal controls and maintaining their effectiveness as business conditions change. * IT'S IMPORTANT THAT CPAs BECOME FAMILIAR with the four categories of software tools: "generic" applications that enhance controls; document management and workflow; data mining, file retrieval, pattern recognition and business intelligence; and business performance management and real-time compliance. * COMPANIES SHOULD DETERMINE which of the four categories of tools their current internal controls fit into, then identify company resources--such as staff and funding--that are available for an upgrade. Next they should select advanced tools that will enhance controls and improve company monitoring of them and compliance reporting to regulators. * CPAs SHOULD MAKE CERTAIN THAT BEFORE their employers or clients buy compliance software they not only understand its characteristics, limitations and the related vendor support plans but also know what additional tools are necessary to ensure the company has in place a system of mature internal controls. AICPA AICPA See American Institute of Certified Public Accountants (AICPA). RESOURCES Up-to-date compliance information for CPA is available at Sarbanes-Oxley Act/PCAOB Implementation Central, www.aicpa.org/sarbanes/index.asp. Publications * Consideration of Internal Control in a Financial Statement Audit, an AICPA Audit and Accounting Guide (# 0124541JA). * Financial Reporting Alert, Internal Control Reporting--Implementing Sarbarnes-Oxley Section 404 (# 029200JA). * Financial Reporting Fraud: A Practical Guide to Detection and Internal Control by Charles R. Lundelius Jr. (# 029879JA). * Internal Control--Integrated Framework, report of the Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ) (# 990012JA). CPE (Customer Premises Equipment) Communications equipment that resides on the customer's premises. CPE - Customer Premises Equipment * Internal Control Reporting for Public Companies, a webcast originally presented July 17, 2003, and now available on CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). (# 737132HSJA HSJA HoofBeats Show Jumping Association ). * Internal Control Reporting: Standards for Compliance, a video course. * Internal Controls: Design and Documentation, a self-study course. Available mid-February (# 731850JA). * SEC Reporting, a self- study course (# 736770JA). Conference National Advanced Accounting and Auditing technical Symposium symposium In ancient Greece, an aristocratic banquet at which men met to discuss philosophical and political issues and recite poetry. It began as a warrior feast. Rooms were designed specifically for the proceedings. : The Right Tools for Internal Control Reporting La Jolla La Jolla (lə hoi`yə), on the Pacific Ocean, S Calif., an uninc. district within the confines of San Diego; founded 1869. The beautiful ocean beaches, in particular La Jolla shores and Black's Beach, and sea-washed caves attract visitors and , California California (kăl'ĭfôr`nyə), most populous state in the United States, located in the Far West; bordered by Oregon (N), Nevada and, across the Colorado River, Arizona (E), Mexico (S), and the Pacific Ocean (W). , July 21-23, 2004 For more information about any of these resources or to place an order, go to www.cpa2biz biz n. Informal Business. biz Noun Informal business Noun 1. .com or call the AICPA at 888/777/7077. PRACTICAL TIPS TO REMEMBER * The CPA should help the company evaluate its environment to determine the maturity level of its internal controls. * He or she also should assist the entity in assessing its internal control philosophy and control environment. * The CPA should encourage management to develop an understanding--through discussion with vendors--of the compliance software tools and their characteristics. * When evaluating such software, companies should speak with multiple vendors in each category and observe a demonstration of every product to understand the value it can add to the organization. They Aim to Do It for Less Emphasis on cutting Sarbarnes- Percentage of Oxley compliance costs in 2004 responding CFO's Major 23% Moderate 50 Limited 13 None 7 Not sure 7 Source: Survey of CFOs of 70 U.S. companies with an average annual revenue greater than $6 billion, PricewaterhouseCoopers, 2003. BRUCE Bruce, Scottish royal family descended from an 11th-century Norman duke, Robert de Brus. He aided William I in his conquest of England (1066) and was given lands in England. I. WINTERS, CPA, is a certified See certification. information systems auditor focusing on Sarbanes-Oxley engagements in PricewaterhouseCoopers' systems and process assurance practice. He welcomes comments on this article and can be reached by e-mail at bruce.i.winters@us.pwc.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion