
Issues & Perspectives Services & Solutions Industries About us Media Alumni Careers

Global Home > Belgium Home > Issues & Perspectives > Preparing for internal control reporting

US SURVEYS

FPI SURVEYS

INSIGHTS

METHODOLOGY

Preparing for internal control reporting
Evaluating internal controls at the entity level
Evaluating internal controls at the process
Evaluating effectiveness of internal controls

Sarbanes-Oxley

Preparing for internal control reporting - A guide for Management's Assessment under section 404 of the Sarbanes-Oxley Act

The Sarbanes-Oxley Act of 2002 (the Act) requires reporting on internal control for SEC registrants and their independent auditors.

Specifically, Section 404 of the Act:

directs the SEC to adopt rules requiring annual reports to contain an assessment of the effectiveness of internal control over financial reporting; and
requires the new Public Company Accounting Oversight Board to adopt standards for independent auditors to attest to management's report on internal control.

The most commonly used and understood framework for evaluating internal controls over financial reporting is that contained in the report of The Committee of Sponsoring Organizations of the Treadway Commission (COSO). The COSO report, Internal Control-Integrated Framework, established a broad definition of internal control extending to all objectives of an organization. The COSO report established three categories of controls:

effectiveness and efficiency of operations;
reliability of financial reporting; and
compliance with laws and regulations.

It also identified five interrelated components that must be present and functioning to have an effective internal control system, and it described the criteria for effective internal control. Although the rules for reporting under Section 404 of the Act have not yet been finalized, the recent SEC rule proposal indicates that management's assessment of internal controls and procedures for financial reporting would be based on current auditing standards relating to internal control, which are consistent with the definition contained in the COSO report.

If adopted, the SEC's rules under Section 404 would apply to companies whose fiscal years end on or after September 15, 2003. However, management should not wait for the final rules to begin the process of developing appropriate documentation and establishing procedures for evaluating internal controls. This guide, Preparing for Internal Control Reporting, is designed to assist management, by providing a methodology for applying the COSO conceptual framework, when conducting their evaluation of internal controls over financial reporting.

Preparing for internal control reporting - A guide for Management's Assessment under section 404 of the Sarbanes-Oxley Act) Sarbanes-Oxley | Download PDF

More info

If you have questions regarding Sarbanes-Oxley, please contact:

Inge Boets
Partner
Business Risk Services
Sarbanes-Oxley Contact + 32 3 270 14 65