Sarbanes-Oxley Audit Resource Center(SARC)





In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on a whole new meaning. The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management. This section of AuditNet® provides tools and resources for internal auditors to acquaint themselves with the new rules and share guidance and best practices for partnering with audit committees. Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.  If you have resources or links you would added to this page please contact us.

 

Click here for Sarbanes-Oxley Books!
Click here for Sarbanes-Oxley Software Solutions
Click here for Sarbanes-Oxley Question Forum

SOX Television is an Internet Television Network that covers every aspect of the Sarbanes-Oxley Act. It reaches more than 300,000 governance, risk and compliance professionals worldwide every week with research and video-on-demand content in the areas of Compliance Management, Risk Management, Internal Audit, Technology and Governance.

 

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners from the IIA

Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting

Sarbanes-Oxley 404 Implementation Costs - Report from A.R.C. Morgan

Audit and Assurance Software Expo Materials Available - March 11, 2004 Making Sense of Audit and Assurance Software in the SarbOx Environment from the North Jersey Chapter of the IIA 

SARBANES-OXLEY IN THE NEWS

 

ComputerWorld Sarbanes-Oxley Coverage

SARBANES-OXLEY AROUND THE WORLD

 

Sarbanes-Oxley Newsletter (in Spanish) includes links to download prior newsletters and a SOx forum. This forum, provided by BDO Becher & Asociados S.R.L., is an excellent example of the globalization of governance resources. 

 

 

UPDATED LAWS & REGULATIONS

For current US audit committee rules and the SEC (US Securities and Exchange Commission)

SEC Grants One-Year Extension for SOX Compliance - Affects Non-Accelerated Filers 

Certification of Disclosure in Companies' Quarterly and Annual Reports

Sarbanes-Oxley Act of 2002

Sarbanes-Oxley FAQ from the SEC

INTERNAL CONTROL EVALUATIONS PRESENTATIONS & GUIDES

 

Note: Presentations without a hyperlink are available on a one for one exchange.

ARTICLES

Assessing Company-Level Controls from the Journal of Accountancy June 2005

Assessing the Key Implications of Sarbanes-Oxley from the Business Forum

Auditing into an ISO9001:2000 Quality Management System by Dexter Hansen

Choose the Right Tools for Internal Control Reporting article from the Journal of Accountancy

Planning an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

Executing an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

How Sarbanes-Oxley Will Change the Audit Process - article from the Journal of Accountancy (September 2003)

Internal controls and the Sarbanes-Oxley Act by Matthew Leitch

Integrating Sarbanes-Oxley Act Internal Controls

Making Sense of Sarbanes-Oxley Tools by Richard Lanza from Internal Auditor (February 2004)

The New Importance of Materiality Journal of Accountancy May 2005

Sarbanes Oxley Assessment Tool

Sarbanes-Oxley Internal Audit's New Role article from the Journal of Accountancy

Sarbanes-Oxley Act/PCAOB Implementation Central - from the AICPA

Sarbanes-Oxley: What it Means to the Marketplace article from the Journal of Accountancy

Section 404 Compliance in the Annual Report article from the Journal of Accountancy

Section 404 Opens a Door article from the Journal of Accountancy

The Sarbanes-Oxley Act May Impact State and Local Governments

Selling to Audit Committees Journal of Accountancy February 2005

Tips for the Sarbanes-Oxley Learning Curve article from the Journal of Accountancy

Trust Services: A Better Way to Evaluate I.T. Controls Journal of Accountancy March 2005
 The Value Proposition Journal of Accountancy September 2005

 

Sarbanes-Oxley Resources (from Deloitte)

 

On Optimizing SOX Compliance: Leading Retailer Shows the Way

SOX Optimization: Improving Compliance Efficiency and Effectiveness

Lean and Balanced: How to Cut Costs Without Compromising Compliance

IQ Matters: Senior Finance and IT Seek to Boost Information Quality

Optimizing the Role of Internal Audit in the Sarbanes-Oxley Era

Under Control

Ten Threats to Compliance

Taking Control

Compliance Challenges for Foreign Private Issuers

Antifraud Programs and Controls

Fraud and the Role of the Audit Committee

Questions that Boards Should be Asking Regarding Ethics and Compliance Programs

 

AUDIT PROGRAMS & QUESTIONNAIRES

CFO & Controller Checklist

Integrating Sarbanes-Oxley Act Internal Controls Auditing into an ISO9001:2000 Quality Management System

IT Control Objectives for Sarbanes-Oxley from the IT Governance Institute

Management Discussion & Analysis Checklist (GAAP) from BDO

Sarbanes-Oxley 404 Network Security (Sep 04)

Sarbanes-Oxley Implementation Checklist (Mar 05)

SekChek for SOX and PCAOB compliance testing of General IS Security Controls. A tool for automated host-computer security reviews of non-mainframe platforms, including Unix, Windows, Novell & AS/400.

User Access Controls Work Program (SOX) (May 04)

The following audit programs are available to subscribers by logging in and access is provided on the Subscriber Audit Programs page (not from this page). If you are a non-subscriber you may receive these programs by contributing material (one for one) that you have permission to share with other auditors or organizations. If you are unable to share consider subscribing to annual access to the AuditNet® audit programs. Annual audit program subscription provide subscribers with access to all audit programs (including those below) that require a contribution. After paying the subscription fee you will receive a confirmation email (to the address you use for your PayPal account) with instructions on how to access the audit programs.  If that email is not your business address you will need to contact us and indicate where you want your confirmation sent. Annual subscribers to the audit programs service will also receive a copy of The Auditor's Guide to Internet Resources, 2nd Edition ($50 value). If you are interested in a corporate subscription to the Audit Programs Database providing multiple users with access then click here!

Please note that links to the following programs are not available on this page but rather on the page that subscribers have access to!

  1. COSO Testing Template (Oct 05)

  2. SOX Entity Level Control Matrix (Dec 08)

  3. Sarbanes-Oxley 404 AP and Procurement (Oct 04)

  4. Sarbanes-Oxley Section 404 Application Baseline Audit Program (Jan 2005)

  5. Sarbanes-Oxley 404 Cash Audit Program

  6. Sarbanes-Oxley 404 - IT Audit - Log Security Activity - Checklist

  7. Sarbanes-Oxley 404 - IT Audit - Malicious Software - Checklist

  8. Sarbanes-Oxley 404 - IT Audit - Segregation of Duties - Checklist

  9. Sarbanes-Oxley 404 - IT Audit - User Access - Checklist

  10. Sarbanes-Oxley 404 Management Assessment of Internal Controls (Feb 04)

  11. Sarbanes-Oxley 404 Sales and Accounts Receivable (Sep 04)

  12. Sarbanes-Oxley 404 Sales & Accounts Receivable Transaction Walkthrough (Dec 05)

  13. Sarbanes-Oxley SAP Inventory Cycle ICQ (June 04)

  14. Sarbanes-Oxley Calculating Payroll Control Matrix

  15. Sarbanes-Oxley CFO & Controllers Checklist

  16. Sarbanes-Oxley Claims Testing-Workers Comp Insurance (June 06)

  17. Sarbanes-Oxley Cobit Selection (Apr 07)

  18. Sarbanes-Oxley Consumer Commercial Control Matrix-Banking (Apr 07)

  19. Sarbanes-Oxley Control Matrix Personnel & Payroll Cycle (Aug 04)

  20. Sarbanes-Oxley Control Matrix Purchases & Payments Cycle (Aug 04)

  21. Sarbanes-Oxley Control Matrix Revenue & Cash Collections Cycle (Aug 04)

  22. Sarbanes-Oxley Corporate Tax Control Matrix

  23. Sarbanes-Oxley Coverage Matrix (Aug 04)

  24. Sarbanes-Oxley Discussion Item Matrix (Aug 04)

  25. Sarbanes-Oxley End User and Entity Level Control Narrative (June 05)

  26. Sarbanes-Oxley End User Computing (June 05)

  27. Sarbanes-Oxley Financial Reporting Risks and Controls (Aug 04)

  28. Sarbanes-Oxley Financial Reporting

  29. Sarbanes-Oxley Fixed Assets Risks and Controls (Aug 04)

  30. Sarbanes-Oxley General Entity Wide Controls

  31. Sarbanes-Oxley Generic Stand Alone Application General Control Review (August 04)

  32. Sarbanes-Oxley Generic Testing Template (Oct 05)

  33. Sarbanes-Oxley Hiring Personnel Control Matrix

  34. Sarbanes-Oxley HR and Payroll Risks and Controls (Aug 04)

  35. Sarbanes-Oxley HR Risk Assessment

  36. Sarbanes-Oxley IT Management Audit Program & ICQ (82 pages)

  37. Sarbanes-Oxley 404 Process Level Workbook (Aug 04)

  38. Sarbanes-Oxley Risk Matrix

  39. Sarbanes-Oxley Segregation of Duties Matrix Personnel & Payroll Cycle (Aug 04)

  40. Sarbanes-Oxley Segregation of Duties Matrix Revenue & Cash Collections Cycle (Aug 04)

  41. Sarbanes-Oxley Spreadsheet Inventory Survey (June 05)

  42. Sarbanes-Oxley -Spreadsheets §404 control evaluation considerations (June 05)

  43. Sarbanes-Oxley Guidebook for the Templates (Dec 08) (The following templates are licensed for use by AuditNet® subscribers)

  44. Sarbanes-Oxley Template Financial Reporting Control Matrix (Dec 08)

  45. Sarbanes-Oxley Template Fixed Asset Control Matrix (Dec 08)

  46. Sarbanes-Oxley Template Inventory Control Matrix (Dec 08)

  47. Sarbanes-Oxley Template IT Control Matrix (Dec 08)

  48. Sarbanes-Oxley Template Payroll and Human Resources Control Matrix (Dec 08)

  49. Sarbanes-Oxley Template Purchasing and Payables Control Matrix (Dec 08)

  50. Sarbanes-Oxley Template Revenue and Receivables Control Matrix (Dec 08

  51. Sarbanes-Oxley Template Treasury Control Matrix (Dec 08)

  52. Sarbanes-Oxley Timeline (Aug 04)

  53. Sarbanes Oxley Audit Review-Portuguese (Mar 07)

  54. Sarbanes Oxley Governance Risk-Portuguese (Mar 07)

  55. SOX Compliance Auditing Checklist (Oct 2008)

  56. S-Ox 404 Audit Committee Checklist (Aug 05)

  57. S-Ox 404 IT General Controls Matrix

  58. S-Ox 404 Expense Cycle Questionnaire (Oct 04)

  59. S-Ox 404 Revenue Cycle Questionnaire (Oct 04)

  60. S-Ox Based Risk Program - Hotel Industry (Mar 05)

  61. S-Ox Code of Ethics Example (Feb 05)

  62. S-Ox Control Exception and Deficiency Evaluation Worksheet (Apr 05)

  63. S-Ox Debt Cycle Test of Controls (SOx)

  64. S-Ox Expenditure Cycle Risks and Controls Matrix (Manufacturing concern/SAP environment/SOX) (April 04)

  65. S-Ox Framework for Evaluating Exceptions (Feb 05)

  66. S-Ox ICQ Accounts Payable (Sep 04)

  67. S-Ox ICQ Accounts Receivable

  68. S-Ox ICQ Cash Disbursements - Treasury (Sep 04)

  69. S-Ox ICQ Credit & Collection

  70. S-Ox Inventory Management and Risk Controls (Jan 2005)

  71. S-Ox IT Audit Program (Apr 05)

  72. S-Ox Mapping Financial Statements to Controls Template (Jan 2005)

  73. S-Ox Process Documentation Form (July 05)

  74. S-Ox Process Owners Representation Letter (Feb 06)

  75. S-Ox Revenue Process Audit Program (Jan 2005)

  76. S-Ox Revenue and Risk Controls (Jan 2005)

  77. S-Ox Spreading Testing (Mar 05)

  78. S-Ox Staff Internal Control Q&A

  79. S-Ox Treasury and Risk Controls (Jan 2005)

  80. S-Ox Financial Reporting Test of Controls

  81. S-Ox Testing Template

  82. S-Ox Treasury Test Plan (Oct 04)

  83. S-Ox Wire Transfers (Oct 04)

  84. S-Ox Internal Control Sales (Oct 04)

  85. SOXERM Documentation Software (requires Lotus Notes)

  86. Standards for Business Controls Vol. 1 General Business Processes

  87. Standards for Business Controls Vol. 2 IT Processes

  88. Whistleblower Vendor Program Review (Sep 06)

 
DISCUSSION FORUMS

Sox First Management & Compliance - blog devoted to Sarbanes-Oxley

AuditNet Discussion Forums which includes threads for Sarbanes-Oxley

SOX 404-l  - an email discussion list to discuss Sarbanes-Oxley 404 issues, share resources and experiences, ask questions and gain a better understanding of compliance issues related to the Act.

Sarbanes-Oxley Act Forum - an interactive community portal

Sarbanes-Oxley Discussion Forum - The purpose of this Listserv is to provide a vehicle in which individuals can provide information, ask questions, and hopefully provide some sharing of knowledge as it pertains to the issues and challenges of Sarbanes-Oxley compliance.

Send the following email message:

TO: join-SARBANES-OXLEY@share.isaca.org
SUBJECT:   (leave blank)
BODY OF MESSAGE: (leave blank) 

You will receive an acknowledgment email which requires an email confirmation before you become a list member. By joining the listserv you agree to abide by its terms and conditions. After your confirmation to join is received, a welcome message will be issued containing listserv guidelines, web site location of archived messages,  and additional important information.

 

WEB SITE RESOURCES

404 Institute KPMG established an open forum for the exchange of ideas and a venue for the development of research and leading practices related to; meeting the requirements of section 404 of the Sarbanes-Oxley Act of 2002, effectively leveraging current and future investments in internal controls, and enhancing the overall integrity of the financial reporting process.

 

Audit Committee Charters Web site of the Financial Executives Institute provides links to sample charters for audit committees.

 

CBIZ Internal Audit Services  Sarbanes-Oxley Services page offers articles, tools, surveys, internal control considerations and more.

 

Center for Corporate Governance from Deloitte (registration required)

 

Committee on Sponsoring Organizations (COSO) a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance.

 

Corporate Governance Links

 

Corporate governance links (From the Institute of Chartered Accountants in England and Wales (ICAEW)) ICAEW published the final guidance on the implementation of the internal control requirements of the Combined Code on Corporate Governance, and 'Implementing Turnbull: A Boardroom Briefing'.

 

Internal Controls Summaries Library from Ernst & Young

 

IT Governance UK site that provides links to IT governance, risk management,
compliance and information security information.

 

Public Company Accounting Oversight Board provides a central resource to access CPA registration filings and research standards and regulations mandated by Sarbanes-Oxley

 

Sarbanes-Oxley and Corporate Governance - Grant Thornton

 

Sarbanes-Oxley Compliance Manual from the PCAOB

 

Sarbanes-Oxley Information Center from CFO Direct

 

Sarbanes-Oxley Knowledge Center from PricewaterhouseCoopers

 

Sarbanes-Oxley Resources from Deloitte

 

Sarbanes-Oxley, corporate governance, and audit committee resources - from KnowledgeLeader

 

SOX Expert: Solving SOX, Creating Value SOX Expert is a cost effective, comprehensive Sarbanes Oxley compliance and Internal Audit software solution that will enable companies to streamline their GRC program while ensuring the highest degree of risk mitigation. Based on the Microsoft Excel platform, SOX Expert is easy to understand, implement and use. Free software demo available on the website.
AUDIT COMMITTEE TOOLS & RESOURCES

Audit Committee Effectiveness: Partnering for Success - presentation by Mike Fabrizius at the IIA Northern Virginia Chapter meeting September 12, 2002

 

Audit Committees and Governance from the IIA

 

Audit Committee Charter

 

Audit Committee Effectiveness - Self Assessment Tool

 

Audit Committee Institute Web site from KPMG provides information for corporate audit committees including newsletters, publications, surveys and other resources.

 

Audit Committee Performance Self Assessment Survey

 

Audit Committee Evaluation of Internal Audit is a questionnaire for audit committee members.

 

Audit Committee Resource Guide from Deloitte & Touche includes a checklist for Sarbanes-Oxley compliance.

Corporate Governance Reform Initiatives and the Profession of Internal Auditing

 

Corporate Governance The New Frontier -- How Boards of Directors Can Best Meet Their Responsibilities from PricewaterhouseCoopers

 

Improving the Effectiveness of Corporate Audit Committees from NASDAQ

 

Internal Control A Tool for the Audit Committee

 

Evaluating the Internal Audit Team

 

The Audit Committee's Roadmap

 

Sarbanes-Oxley Act/PCAOB Implementation Central

New responsibilities and requirements for audit committees is an Andersen white paper.

AUDIT COMMITTEE CHARTERS AND CORPORATE POLICIES

Automatic Data Processing

Eastman Kodak

ING

Pfizer

Unisys


ABOUT TRUST ONLINE