Internal Audit Indonesia's

Juli 15, 2010

Protiviti’s Sarbanes-Oxley Section 404 Compliance Initiatives Methodology

Filed under: Artikel seputar Internal Audit — internalauditindonesia @ 12:00 am

To comply with Section 404 of the Sarbanes-Oxley Act, management needs a comprehensive internal controls evaluation approach. Section 404 is an annual assessment with an external auditor attestation required.

As part of this process companies have the opportunity to:

  • Understand, document and evaluate their internal control over financial reporting to comply with Section 404
  • Improve the efficiency and effectiveness of their business processes and internal controls
  • Build a sustainable, cost-effective assessment process

Protiviti has developed a phased approach to the execution of Sarbanes-Oxley Section 404 compliance. The approach is facilitated by project management, knowledge sharing, communication and continuous improvement. It applies the COSO Internal Control – Integrated Framework by taking both an entity-level and a process-level view of the business. This document provides a high level overview of Protiviti’s approach, which is illustrated below.

Set Foundation

In the Set Foundation stage, we establish the basis of the work. This includes project organization, developing a project plan, agreeing on the project approach and identifying existing internal controls documentation.

Organize Project

Develop Project Plan

Agree on Project Approach and Reporting Requirements

PHASE I – Assess Current State and Identify Relevant Processes

In Phase I, we conduct a risk assessment to provide the basis for selecting priority financial reporting elements and the processes feeding those elements for review. This stage also includes inventorying and reviewing existing process documentation to determine its adequacy for purposes of identifying risk and evaluating controls.

Complete Entity-Level Risk Assessment

Select Priority Financial Reporting Elements

Select Priority Processes

Inventory Existing Documentation

Develop Phase II Action Plan

PHASE II – Document Design and Evaluate Critical Processes and Controls

The focus of Phase II is on documenting the identified processes and the related risks and controls, and identifying potential control gaps. Process documentation is typically in narrative or flowchart form. Risk and control documentation will include identification of process risks and related controls, assessment of controls design effectiveness and assessment of controls operating effectiveness, which is accomplished through testing of controls.

Document Processes

Source Risks

(Note: Sourcing the risks (or “what can go wrong”) to the achievement of assertions is THE most important part of the management’s evaluation of internal control over financial reporting.)

Document Controls

Assess Design

Validate Controls Operation

Develop Phase III Action Plan

PHASE III– Design Solutions for Control Gaps

Phase III considers all of the control design and operating gaps identified in Phase II and determines the required remediation for each respective gap.

During Phase III:

Factors to consider when assessing deficiencies:

Phase IV – Implement Solutions for Control Gaps

Phase IV entails the execution of remediation plans created in Phase III and the establishment of policies and procedures to ensure timely and accurate updating of process documentation as changes occur. This phase includes training company personnel in control gap remediation.

During Phase IV:

Critical Supporting Activities

As each phase of the SOA methodology is executed, it is important to complete certain supporting activities. These supporting activities are important to revisit throughout the process as they assist in moving SOA compliance from project to process. These activities are organized in four categories.

Project Management

Knowledge Sharing


Continuous Improvement

Tinggalkan sebuah Komentar »

Belum ada komentar.

RSS feed for comments on this post. TrackBack URI

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:


You are commenting using your account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

Buat situs web atau blog gratis di

%d blogger menyukai ini: