Printer Friendly

Ask FERF about ... process improvements in Sarbanes-Oxley Section 404 for year-two compliance.

Financial Executives Research Foundation (FERF) has recently issued an Executive Report, Sarbanes-Oxley Section 404 Compliance: From Project to Sustainability, that summarizes the compliance practices of leading companies during 2004. It also describes how these companies are improving their processes for year two as they strive toward long-term sustainability.

For most companies, year-one compliance with Section 404 in 2004 was effective. However, most are now looking for ways to comply more efficiently through the use of process improvements. The following summarizes some suggestions described from the full report.

* Key Controls. In order for management to assert that it has effective internal control over financial reporting, it must first identify its significant sources of revenues and significant expenses, and then document its controls over these accounts. These are called "key controls."

Process improvements include:

Identify lower-risk areas where reliance on the testing of company level controls is sufficient;

Take some lower-risk accounts out of scope;

Reduce the number of testing locations using shared service centers;

Increase the number of and reliance on automated controls versus manual controls.

* Risk Assessment. In 2004, most companies thought that they needed to document every possible transaction, no matter how insignificant it might be, and most auditors thought that they needed to test the control for every possible transaction.

Process improvements include:

Drive audit activity to the highest possible level in the organization;

Take a top-down approach to risk and planning;

Use risk assessment to help prioritize businesses and locations to get appropriate coverage;

Use shared service centers.

* Segregation of Duties. Segregation of duties has always been a component of good internal control. In 2004, companies were reminded that access to information systems would have to be evaluated to assure such segregation.

Process improvements include:

Ensure that all areas that represent key controls have established and sustainable segregation of processes;

Use an automated software tool to test segregation of duties and system access.

* System Implementations. Successful implementation of new computer systems has always been a challenge. In 2004, most companies did not implement new systems during the fourth quarter of the fiscal year, because controls would have to be documented and tested before fiscal year-end.

Process improvements include:

Evaluate risks associated with each system implementation;

Require self-assessments from the process owners.

* Management Testing of Controls. For management to assert internal control over financial reporting, key controls have to be documented and tested by management, even before the external auditors test controls as part of the internal control audit.

Process improvements include:

Take a risk-based approach to testing;

More testing should be done by management;

Reduce the use of external resources.

* Evaluation of Results. Regardless of whether a deficiency was identified through self-assessment or internal audit testing, the work process owner was responsible for analyzing the results and defining an appropriate remediation plan.

Process improvements include:

Take a risk-based approach to assessment and testing;

Coordinate testing by management, internal and external audit to identify deficiencies early and reduce the numbers;

Use the whistleblower process to help identify potential deficiencies.

* Section 302 Certifications. As mandated by Section 302 of the Act, and formalized in a final rule issued by the Securities and Exchange Commission (SEC) in August 2002, companies have been providing CEO and CFO certifications of their annual and quarterly financial statements since 2002.

Process improvements include:

Use management self-assessment to support quarterly Section 302 representations;

Use software to streamline the certification process.

* Auditor Issues. Participating companies and their external auditors decided that every process, even at a transaction level, had to be documented and the related control had to be tested.

Process improvements include:

Take a top-down approach to auditing to maximize efficiency;

Work towards a greater reliance on internal audit's testing;

Negotiate the timing of external auditor testing to minimize the amount of roll-forward work.

William M. Sinnett ( is Director of Research at Financial Executives Research Foundation (FERF).

contributed by FERF
COPYRIGHT 2005 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:resources; Financial Executives Research Foundation
Author:Sinnett, William M.
Publication:Financial Executive
Geographic Code:1USA
Date:Dec 1, 2005
Previous Article:MindSolve Technologies.
Next Article:Likelihood of higher PBGC premium hikes looms.

Related Articles
Internal control matters...again: Motorola's senior vice president and controller tells Financial Executives Research Foundation (FERF) how "COSO"...
Ask FERF (Financial Executives Research Foundation) about...COSO resources. (Resources).
Defining moment for good governance: research from both Financial Executives Research Foundation and Robert Half international find that...
Ask FERF (financial executives research foundation) about ... private company compliance with section 404.
Regulatory compliance.
Ask FERF (financial executives research foundation) about ... Sarbanes-Oxley Implementation Guidance.
AS2: when the pedal hits the metal; Although the costs and opportunity cost of the PCAOB's new audit standard are substantial, Financial Executives...
FERF release two key reports.
Ask FERF about ... using enterprise content management for Section 404 compliance.
Letter from the chair.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |