ebook img

Sarbanes-Oxley: Building Working Strategies for Compliance PDF

432 Pages·2007·2.546 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Sarbanes-Oxley: Building Working Strategies for Compliance

SARBANES-OXLEY This page intentionally left blank Sarbanes-Oxley Building Working Strategies for Compliance TERENCE SHEPPEY AND ROSS M GILL C © Terence Sheppey and Ross McGill 2007 Softcover reprint of the hardcover 1st edition 2007 978-0-230-00678-2 All rights reserved.No reproduction,copy or transmission of this publication may be made without written permission. No paragraph of this publication may be reproduced,copied or transmitted save with written permission or in accordance with the provisions of the Copyright, Designs and Patents Act 1988,or under the terms of any licence permitting limited copying issued by the Copyright Licensing Agency,90 Tottenham Court Road, London W1T 4LP. Any person who does any unauthorised act in relation to this publication may be liable to criminal prosecution and civil claims for damages. The authors have asserted their rights to be identified as the authors of this work in accordance with the Copyright,Designs and Patents Act 1988. First published 2007 by PALGRAVE MACMILLAN Houndmills,Basingstoke,Hampshire RG21 6XS and 175 Fifth Avenue,New York,N.Y.10010 Companies and representatives throughout the world PALGRAVE MACMILLAN is the global academic imprint of the Palgrave Macmillan division of St.Martin’s Press,LLC and of Palgrave Macmillan Ltd.Macmillan®is a registered trademark in the United States,United Kingdom and other countries. Palgrave is a registered trademark in the European Union and other countries. ISBN 978-1-349-28256-2 ISBN 978-0-230-59802-7 (eBook) DOI 10.1057/9780230598027 This book is printed on paper suitable for recycling and made from fully managed and sustained forest sources. A catalogue record for this book is available from the British Library. A catalog record for this book is available from the Library of Congress. 10 9 8 7 6 5 4 3 2 1 16 15 14 13 12 11 10 09 08 07 Contents List of figures xii List of tables xiv Preface xvii About the authors xix List of abbreviations xxi PART I The Sarbanes-Oxley Act 1 1 What is Sarbanes-Oxley? 3 Introduction 3 SOX at a glance 4 Practical compliance summary 5 2 Background and Legislative Trends 7 Background 7 Trends in regulation 9 Trends in financial services 10 Regulatory pressure 11 The effect of the Act: is it working? 12 Current trends 14 Positive skepticism 16 Practical compliance summary: looking forward 16 3 Perspectives for the Financial Sector 19 The response to regulation 19 Practical compliance summary 25 4 An Overview of the Act 27 Introduction 27 Structure and sections of the Act 28 Titles: quick summary 28 Sections of the Act 28 v vi CONTENTS Title I: Public Company Accounting Oversight Board 28 Title II: Auditor independence 36 Title III: Corporate responsibility 40 Title IV: Enhanced financial disclosures 46 Title V: Analyst conflicts of interest 51 Title VI: Commission resources and authority 52 Title VII: Studies and reports 52 Title VIII: Corporate and criminal fraud accountability 53 Title IX: White-collar crime penalty enhancements 56 Title X: Corporate tax returns 57 Title XI: Corporate fraud accountability 58 Timetable to compliance 60 PART II The Requirement:SOX and the Financial Sector 63 5 Why are Financial Services Affected? 65 Overview of the financial sector 65 Reputation as a capital asset 69 Reputation and best practice 69 Compliance models for the finance sector 74 Practical compliance summary 77 6 The Public Face:Financial Reporting 78 Reporting and compliance 78 Financial reporting and compliance 79 Financial reporting assertions 80 Sources of information 81 “True” and “fair” 81 Publicized compliance 82 Auditing of financial statements 82 Reporting standards 83 Transaction standards: SWIFT 86 Technical standards: XBRL 88 Improving reporting 91 Practical compliance summary 91 7 The Impact of Cost 93 The cost of compliance 93 Cost–benefit analysis 94 Cost and complexity 95 Ongoing costs 96 The true cost of compliance 98 Diverted costs 100 CONTENTS vii Cost examples 101 Auditor costs 103 Practical compliance summary 103 8 Responsibility 105 Introduction 105 Summary of key issues for senior executives 105 Executive responsibility 106 Evaluation and assessment 107 Ethical behavior 108 The role of non-executive directors 108 The responsibility cascade 109 Audit committee 110 Practical compliance summary 113 9 Internal Auditing 114 Internal auditing 114 Executive action 115 IT audit planning 116 Auditing models: control self-assessment 121 Auditing tools 123 Practical compliance summary 125 10 External Auditing 127 Who is to do the audit 127 Types of audit: certification audit 128 Ensuring the organization meets the audit requirements 128 The role of the CPA in auditing for the Act 129 Preparing for an audit 129 Audit process 130 Steps in the auditing process 131 Ongoing auditing 132 Statement of applicability for the Act 132 External audit reporting 133 PCAOB summary 137 Practical compliance summary 141 Part III Practical Compliance 143 11 Building the Strategy 145 The strategic nature of compliance 145 Approaches to compliance 146 State of compliance 149 viii CONTENTS Compliance and risk 154 Preparing for compliance 157 Industry best practice 163 Practical compliance summary 165 12 The Compliance Process 166 The compliance process 166 The compliance process: strategic and tactical 167 The compliance process: systematic and pragmatic 172 Mapping the compliance cycle to business 176 Applying the compliance cycle to processes 177 The compliance process in context 177 Practical compliance summary 179 13 Compliance with Section 302 181 Documentation for demonstrating compliance 181 Practical compliance summary 186 14 Compliance with Section 404 188 The special challenges of Section 404 188 Section 404: Management assessment of internal controls 188 Content of management’s internal control report 189 Critical success factors (CSFs) for Section 404 189 Project management lifecycle 191 Implementing a Section 404 project 192 Practical compliance summary 194 15 Compliance with Other Relevant Sections 195 Sections 802 and 1102 195 Section 103: Auditing, quality control, and independence standards and rules 198 Section 201: Services outside the scope of practice of auditors; prohibited activities 199 Section 409: Real-time issuer disclosures 199 Practical compliance summary 201 16 Compliance in the Supply Chain 202 Compliance in the extended enterprise 203 The significance for intermediaries, underwriters, and others in the chain 204 SAS 70 in the supply chain 204 Outsourcing functions in the supply chain 206 Practical compliance summary 206 CONTENTS ix 17 Internal Controls 207 Introduction 207 Disclosure controls and procedures 208 Scoping internal controls 210 Internal controls 211 Measurement criteria 215 Practical compliance summary 221 18 Documentation,Testing,and Evaluation 223 Documentation for demonstrating compliance 223 Regulatory requirements for documentation 224 Documentation, email, and compliance 226 Risk management: documenting controls with a control matrix 228 Evaluation and testing 229 Testing controls 229 Management assessment 232 Practical compliance summary 235 19 Process and the Organization:Policies and Behavior 236 The idea of a process 236 What constitutes a process? 236 Process mapping and flowcharting 237 Compliance and process 238 Business processes in financial services 242 Corporate governance 245 Behavior 246 Internal policies 247 Practical compliance summary 248 Part IV Securing the Organization for Compliance 251 20 Risk Management 253 Risk assessment 253 Treating risk 254 Risk and the Act 254 Business risk 255 Implications of the Act 256 Risk factors 256 Risk management 260 Extending the scope of the Act 265 Changing behavior 267 The financial function and risk management 269 Practical compliance summary 270

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.