Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Sarbanes Oxley Section 302 404 Certification Best Practices
04/14/06
Sarbanes Oxley Section 302 404 Certification Best Practices
Section 302 requires the principal executive officer CEO and principal financial officer CFO to certify and sign annual and quarterly reports submitted to the SEC securities and Exchange Commission. Similarly, Section 404 of the Act calls for annual reports filed with the SEC to include a statement from the company’s management of its responsibility for creating and maintaining adequate internal controls over financial reporting. My experience with Sarbanes Oxley over the past 4 years has shown that big companies have evolved certain best practices and makes the entire certification process a little less complicated. I have listed some of the best practices from my experience below.
1. For Section 302 certification, many companies have adopted sub certification of annual and quarterly reports wherein business unit heads and finance heads prepare a certificate required under Section 302 for their area of control. This helps the CEO / CFO to gain comfort from the certifications of the business unit and finance heads.
2. Real time disclosure of control issues is another area where many big organizations have excelled. Any potential control issues are escalated by the unit management to the corporate management whether or not such issues represent control deficiencies.
3. Any reporting or disclosure issue which the management should be aware of should be reported to the disclosure committee. The disclosure committee should be aware of any issue which can have an effect on the internal control system.
4. Leading companies have integrated the 302 and 404 certification process. By integration, it would mean that business units would be responsible for their business processes and related internals. For Section 302 each business unit would provide a sub-certification as mentioned in point number one.
Management of smaller companies can have a relook at their SOX compliance efforts and align them based on best practices mentioned above.
Related Posts
Automated Vs. Manual Controls
Continous Auditing of Controls
Internal Auditing Control Frameworks
Evaluating Disclosure Controls
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
