Compliance with SOX |
Approaches |
Costs |
Implications of SOX |
Questions to Answer |
Section 404 Preparation Checklist
|
The Basics |
Governance |
Corporate Governance |
COSO/COBIT |
IT Governance |
SEC and PCAOB |
Security |
The Act Itself |
Humor |
Dear Ms. SarBox |
Shocking SOX Stuff |
In the Spotlight |
Companies & People in the
Spotlight |
Compensation |
Hall of Shame |
Sarbanes & Oxley |
News & Commentary |
Commentary |
Latest News |
Ms. Sarbox's Private Collection: News
Archive by Topics |
Press Releases |
Numbers & Words |
Quote Us |
Soundbites |
Statistics |
Surveys |
|
|
The SEC is very clear about internal controls:
We believe that each company should be afforded the flexibility
to design its system of internal control over
financial reporting to fit its particular circumstances.
Source: http://www.sec.gov/rules/final/33-8238.htm#iib3a.
In this same final rule, the SEC says:
The methods of conducting evaluations of internal control over financial reporting will,
and should, vary from company to company.
Therefore, the final rules do not specify the method or procedures to be performed in an evaluation.
They go on to discuss the COSO framework:
...we have modified the final requirements to specify that
management must base its evaluation of the effectiveness
of the company's internal control over financial reporting
on a suitable, recognized control framework that is established
by a body or group that has followed due-process procedures,
including the broad distribution of the framework for public comment.
The COSO Framework satisfies our criteria and may be used
as an evaluation framework for purposes of management's
annual internal control evaluation and disclosure requirements.
However, the final rules do not mandate use of a particular framework,
such as the COSO Framework, in recognition of the fact that
other evaluation standards exist outside of the United States,
and that frameworks other than COSO may be developed within
the United States in the future, that satisfy the intent
of the statute without diminishing the benefits to investors.
Why you need both
an Accounting and an IT framework.
Back to the main COSO & COBIT page.
|
| |
|