Internal Controls

Questions I sometimes ask students in risk and control assessment training workshops to illustrate the concept of residual risk tolerance include: How many of them have broken a car speed restriction law in the past three months? How many have broken a speed law more than five times over the past three months? More than […]

EXAMPLES OF WEAKNESSES Lacks adequate internal control to track, report “sensitive property.” Disgorgement tracking system not current; can’t be relied upon. Inadequate reconciliation, controls for disgorgement receivables. IT office not clearly authorized to enforce IS and security policies. IT office not promptly disabling accounts after users leave SEC. Financial system controls to monitor unauthorized activities […]

Senior executives at U.S. multinational companies are somewhat divided over the financial impact of complying with the Sarbanes-Oxley Act of 2002. According to a recent survey by PricewaterhouseCoopers, 56 percent of surveyed executives said initial compliance with Sarbanes-Oxley was not very costly for their company, while the remainder claimed compliance was at least “somewhat” costly. […]

As nearly everyone knows by now, one of the most significant provisions of Sarbanes-Oxley is “Management Assessment Of Internal Controls,” known to most firms as “SOX 404.” Section 404 requires that annual reports be accompanied by a statement clarifying that company management is responsible for creating and maintaining adequate internal controls, and that management has […]

An informal survey of Financial Executives International members showed that companies expect their annual audit fees to increase by an average of 35 percent in order to cover required 404 attestations. Though the numbers came from an unscientific sampling of under 100 executives, they were actually within the range of a Foley Lardner study covered […]

As most companies know by now, “disclosure controls and procedures” involve gathering, analyzing and ultimately communicating information that must be disclosed in Exchange Act reports. The SEC has provided flexibility for companies to develop processes that are consistent with their business and culture, but senior executives ultimately have to assess the effectiveness of their disclosure […]

THE QUESTION Can a registrant use compliance and/or risk-assessment tools provided by its audit firm to document and assess internal controls? And if so, under what circumstances (i.e., if part of audit or attestation agreement; if done with management, etc.)? THE RESPONSE Registrants are breathing sighs of relief that they will have more time than […]

Why was the effective date pushed to June 15, 2004? Did the SEC ostensibly cave to corporate pressure? The effective date for accelerated filers, other than foreign private issuers, was changed to years ending on or after June 15, 2004 and to years ending on or after April 15, 2005 for all other issuers, including […]

On May 27, 2003, the SEC voted to adopt rules concerning management’s report on “internal control over financial reporting” and certification of disclosures in Exchange Act periodic reports. Key components of the rule are listed below: Basic Concepts Section 404 of Sarbanes-Oxley mandated that the SEC adopt rules requiring companies to disclose in annual reports […]

ODon’t give me more reports on my control weaknesses — fix them!” That’s increasingly the attitude in some corporations, reacting to ever increasing pressure on internal controls, particularly from Section 302 and Section 404 of the Sarbanes-Oxley Act. When CEOs and CFOs certify their assessments of internal controls effectiveness, the last thing they want is […]