The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal controls over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.[32] This course provides an overview of SOX Section 404 and discusses how one can effectively implement a solid program to address the needs of SOX 404. 

The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.[33] This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance [34] on June 27, 2007. These two standards together require management to:

  • Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
  • Understand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise;
  • Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
  • Perform a fraud risk assessment;
  • Evaluate controls designed to prevent or detect fraud, including management override of controls;
  • Evaluate controls over the period-end financial reporting process;
  • Scale the assessment based on the size and complexity of the company;
  • Rely on management's work based on factors such as competency, objectivity, and risk;
  • Conclude on the adequacy of internal control over financial reporting.

Sarbanes-Oxley Act was passed in 2002 and year one of attestation for publically traded companies was 2004.  SOX 404 is the most prominent of the many requirements covered under the legislation. Examining and putting into practice a suitable methodology for SOX compliance with SOX 404 is crucial. 

Taking this course will prepare you to successfully address the challenges of Section 404 at your company - a high profile and critical process!

Information within this course comes from readily available public domain documents and is utilized by the trainer as a supplement for relaying the course content.

Note: The concepts outlined in this course are up to date and relevant in regards to the Sarbanes-Oxley legislation. Although there have not been any changes in the legislative concepts of the law since it’s release in 2002, some aspects of executing the work have evolved. This speaker is preparing a series of courses titled “Sarbanes-Oxley 20 years later”. Those courses can be found individually on the platform and would be beneficial for anyone involved with compliance.

NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks

Learning Objectives
  • Discover the requirements of Sarbanes-Oxley Act SOX 404
  • Recognize COSO and the Internal Control Framework
  • Identify SEC and PCAOB ongoing SOX 404 requirements
  • Identify and apply the steps of the SOX 404 process
  • Identify documentation Requirements
  • Identify testing Requirements
  • Define significant Deficiency and Material Weakness
  • Recognize PCAOB 2012 Report on Public Companies ICFR
Last updated/reviewed: March 19, 2024

Included In Certifications

This course is included in the following Certification Programs:

16 CoursesSarbanes-Oxley (SOX) Certification

  1. Sarbanes Oxley Overview
  2. SOX: Authoritative Bodies
  3. Sarbanes-Oxley (SOX) Standards - Evolution
  4. Information Technology General Controls Primer
  5. COSO 2013 Overview
  6. Sarbanes-Oxley (SOX) Section 404
  7. Sarbanes-Oxley Section 302: ICFR
  8. Sarbanes-Oxley (SOX) And Fraud Sections
  9. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
  10. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
  11. Sarbanes-Oxley (SOX) - Entity Level Controls
  12. Sarbanes-Oxley (SOX) Identifying and Documenting Controls
  13. Sarbanes-Oxley (SOX) Testing
  14. Sarbanes-Oxley (SOX) - Assessing Data Impact
  15. XBRL - Connection to SOX 302/404 and Critical Roles
  16. Tools For Sarbanes-Oxley Compliance
200 Reviews (714 ratings)

Reviews

5
Anonymous Author
course was well written and the presenter had some good examples

5
Anonymous Author
I am in financial planning and analysis area, and seldom have chance to learn about internal control/SOX/COSO from real-work environment. I find this seminar informative, the presenter knowledgeable and confident. Recommend to any financial people interested in understand the overall SOX/COSO/internal control concepts.

4
Member's Profile
Great overview of SOX 404. Great ideas for how to go about determining controls and weighing them for importance. As others mentioned, the transitions between modules could be improved. Some sentences were cut off. If this was better, I would have given it a 5 star rating.

5
Member's Profile
I have been working in the SOX/404 area of my internal audit department for a number of years and knew a lot of this at a certain (and varying) level/s - this course showed me where I need to focus more and filled in more gaps than I knew I had!

5
Member's Profile
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.

4
Member's Profile
Great overview of the main components of SOX 404. I enjoyed the insights about application of auditing standards and the vagueness of some of the literature, because it's nice to know that others find it vague as well.

4
Anonymous Author
Sarbanes-Oxley was a heavy topic and Lynn did her best to make it interesting to follow and digest. Quite a few times, I rewound the videos to get a better perspective - this is a lesson I will need to go over again.

5
Member's Profile
This is beneficial for individuals in a second line of defense role that helps perform the risk assessment, determine & evaluate the process risks and assist management on standing up controls to mitigate those risks.

5
Member's Profile
The material provided are very brief. Kindly provide more explanatory material, most of the content that are provided here are from CIA and Gleim is more straight forward. It should be good to have the same standard.

5
Anonymous Author
Good amount of information on control testing. Very relevant to the life of a big 4 auditor. I believe there may be an issue with one of the test questions not aligning with the material presented.

5
Anonymous Author
A nice summary with the right amount of detail. I found the overall risk and account risk assessment areas to be helpful. Also, a good section on what constitutes evidence of control performance.

5
Member's Profile
An excellent course on SOX Section 404! Perhaps a little discussion about what is meant by “acceptable level" of risk and who determines it will surely be appreciated by those taking this course

5
Anonymous Author
I liked how the course dwelt into not just the theoretical aspect of the Sarbanes-Oxley Section 404 but also gave examples of each scenario and how the instructor interpreted those in real life.

4
Anonymous Author
This course is very good and the presentation is well organized. The instructor is very knowledgeable of the subject matter. The topics included are all valuable and very well summarized.

4
Anonymous Author
I liked that the course included practical examples and the presenter was well versed in this area. This is very relevant to the work that I am doing today and was a great overview.

4
Member's Profile
This course contained a lot of detail, but it was very well presented and relevant examples were given to help in understanding the concept. I would recommend this course to others.

5
Anonymous Author
This course is a very good material for beginners, but also experienced professionals. It is clearly and accessibly structured with key points brought to attention of the students.

5
Member's Profile
I really liked the step by step slide that puts the entire 404 process into a clear perspective. I liked Lynn's careful explanations of the areas that have changed over the years.

5
Anonymous Author
The course was very helpful in obtaining a better understanding of what is required for compliance with section 404 and provided a good understanding of how COSO should be applied.

5
Anonymous Author
This course definitely brought back memories. Professor Lynn did a great job laying out the different steps of SOX 404 and illustrated their importance/ justifications flawlessly.

3
Anonymous Author
good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good good

4
Member's Profile
Excellent course and overview of SOX. Frustrating how some sections end abruptly before they're finished. Also, too many short sections to not have a continuous play option.

5
Member's Profile
The course was great for someone like me who had limited knowledge of all the elements. Put everything together so I could follow as I develop plans and controls in future

5
Anonymous Author
Another great course by Lynn, this course gives a fairly in depth review of SOX Section 404, its history and how to establish and test controls to meet its requirements.

5
Member's Profile
Great course, stuffed with rich contents. This course goes beyond an overview of SOX and section 404 requirements, but has in-depth coverage on the operational aspects.

5
Anonymous Author
The instructor clearly is very well versed in SOX 404 and breaks it down in excellent buckets to explain how SOX is used and where auditors (& management) should focus.

5
Member's Profile
Content was clear and well presented. Slides meaningfully support the information. Instructor is knowledgeable and productively aids in understanding of the material.

5
Anonymous Author
I liked the manner in which the course was delivered. The presented didn't just restate slide materials, but included practical examples to help drive the point home.

5
Member's Profile
It is a very lengthy topic. I like it but it would be better if can have more detail of each subsection. Feel like it is not enough and wish to have more examples.

4
Anonymous Author
Great reference material concerning SOX Section 404. I can now see the big picture of how our particular control program has evolved into what it is currently.

5
Anonymous Author
Very thorough and informative course on the topic. I appreciated the detailed steps and instructions provided for implementing the various aspects of SOX 404.

4
Member's Profile
Another excellent course from Lynn Fountain on the topic of Internal Control! Fast-paced and well-presented as always, with relevant real-world insight.

5
Anonymous Author
Super helpful course on SOX 404, the changes to COSO from 1992 to 2013, considerations to note when performing end-to-end walkthroughs and so much more.

4
Member's Profile
The course provides a good overview of a very dry subject in a concise form. The instructor knows from her practical work what she is talking about.

5
Anonymous Author
This was a lot of information and I think the instructor does a great job at explaining the information in a way that makes it easier to understand.

5
Anonymous Author
Very good detail of the process for evaluating controls. As stated, this could be a 3 day course or more if you continued to dig into the details.

5
Anonymous Author
Awesome course, covers the process for ensuring that SOX controls are documented and tested as necessary. Materiality piece was great as well.

4
Anonymous Author
Sarbanes Oxley 404 was the meat and potatoes of this course so far. i'm planning on reviewing a 2nd time. like everything about the presentation.

4
Member's Profile
As always, the content was thorough and well-present. However, I found it frustrating that many of the modules ended abruptly in mid-sentence.

5
Anonymous Author
Some of the earlier slides were review from the SOX Overview and COSO 2013 Overview courses, but it did dive deeper into the SOX requirements

4
Anonymous Author
This was a great overview of SOX 404. It was informative and the presenter was knowledgeable and confident. I would recommend it to others.

5
Anonymous Author
Very informative with just the right detail. The slides and images in the slides were helpful and will be useful references going forward.

4
Anonymous Author
This is the type of training we all needed when SOX first came out. The matrix and organization of developing a plan is described nicely.

5
Anonymous Author
Excellently thorough and truly educational course! I couldn't help but print MANY of the slides for future reference. Way to go Lynn!!

5
Anonymous Author
Course was adequate and gave a good and detailed exposure to SOX 404 requirements. I have gained tremendous insight from this course.

5
Member's Profile
A very informative overview of the SOX 404. Helped me refresh my experience and understanding attained in 2005 while implementing SOX

5
Anonymous Author
Very complete course. I really like how everything was integrated, for instances, talking about PCAOB requirements regarding SOX404.

5
Anonymous Author
There is a lot of information in this section. I will be reviewing this section multiple times I suspect. This was a great course.

4
Member's Profile
Good course with adequate level of detail but not overly burdensome. Useful anecdotes added the the text contained in the deck.

5
Anonymous Author
Great material, concise and complete. Also, I believe the methodology allow the student to be focus and remember the key topics.

5
Member's Profile
This was an excellent course to go through the SOX requirements and the various elements of documenting and testing controls.

5
Member's Profile
I liked the course very much. I learned, and got a few ideas to implement and/or improve the existing support documentation.

5
Anonymous Author
Knowledgeable presenter with quality information. I like that I can go back and review the information at any point in time.

5
Anonymous Author
Very good coverage of SOX 404 principles, testing, and documentation. This alone will make a great reference to keep around!

5
Anonymous Author
I really liked this course because the trainer obviously knows the topic very well and was able to give practical examples!

5
Anonymous Author
The instructor is very knowledgeable. With a video showing her facial expression, make the boring topic more interesting.

5
Anonymous Author
This was a good overview of SOX section 404, its purposes and difficulties. Course content were clear and to the point.

5
Member's Profile
This course provides good, concise, and important information and concepts to prepare to be involved with SOX testing.

5
Member's Profile
I enjoyed the lecture very informative. This also provided a great review of SOX Section 404. I recommend this course.

4
Anonymous Author
This was a good training session, it may be beneficial to update it to address some of the more current pronouncements.

5
Anonymous Author
Instructor was very knowledgeable, gave good examples and this was a good overview to the process and needs of SOX 404

5
Member's Profile
Absolutely worth the time and money! Great course; learned a lot and re-solidified basis of understanding. 5-stars!

5
Member's Profile
This is a key course to fully understand the SOX Section 404 requirements and implement them within the organization.

4
Member's Profile
inter-active questions would improve the training. Charts could be better, and sending chart out before the training

5
Anonymous Author
Although this was more of a summary of SOX 404, the Instructor provided some essential details related to SOX 404.

3
Member's Profile
Very indepth course. Wish the exam questions were worded in a way that followed the supporting material provided.

3
Anonymous Author
It gives an overview of controls testing and compliance requirements under the Sarbanes-Oxley (SOX) Section 404.

4
Anonymous Author
This course provides a comprehensive discussion on SOX 404, its requirements, as well as on how to comply with it

5
Anonymous Author
I think this course could be a great resource for new hires who will be doing SOX testing, very useful material.

5
Anonymous Author
Excellent deep dive into the components of section 404. I found the material comprehensive and clearly outlined.

5
Anonymous Author
very good course ***********************************************************************************************

5
Member's Profile
The instructor does a great job on explaining the foundation and the evolving requirements. Great instructor.

4
Anonymous Author
50 letters required, this course was good. More letters more letters more letters more letters more letters.

5
Member's Profile
Given the amount of information presented, I would have expected the exam to be a little bit more difficult.

5
Anonymous Author
Great course. No surprises. All individuals who are involved in some aspect of internal control compliance.

4
Anonymous Author
Great course of sarbanes-oxley (SOX) section 404 which gives me the ability to identify process weaknesses.

5
Anonymous Author
GREAT AND USEFULL MATERIALS AND EXPLANATIONS. AN OVERALL EXPLANATION OF SOX404 REQUIREMENTS IN A EASY WAY.

5
Member's Profile
A lot of valuable information in this session and by far the best one yet. Really provides good examples.

5
Anonymous Author
Very detailed training. Session is distributed in manageable subsections that allow good understanding.

4
Member's Profile
The way that the information is exposed makes easier the learning process for who are new in SOX process.

5
Anonymous Author
Another great job by Lynn in covering this vast topic or to what majority of people know of SOX to be.

4
Anonymous Author
This is a good introduction and overview to give you an idea of what it means to comply with SOX 404.

4
Anonymous Author
This course is most helpful for SOX independent testers prior to beginning to test a business cycle.

5
Anonymous Author
Excellent in-depth description of SOX 404 control design and testing. Slide show is useful as well.

5
Anonymous Author
Very useful understanding of the 404 section which I consider the most important section of the law.

5
Anonymous Author
This course was very beneficial. The instructor was effective in presenting the course materials.

4
Member's Profile
Good information comparing the update in 2013 to the prior version of COSO. Also like the charts.

4
Anonymous Author
It was good to learn a basic of SOX section 404. I recommend to people who is a beginner of SOX.

5
Member's Profile
This lesson was kind of recap of all the introduction lectures + the accounting risks. Great one

5
Anonymous Author
Clear and comprehensive instructive information equals full understanding of benefits of SOX 404.

5
Member's Profile
The lesson was great but I do think I need to go over 404 over again. It was alot of information.

5
Anonymous Author
This course was excellent and provided very good information which I will utilize in the future.

5
Anonymous Author
An excellent primer on internal controls and the organizations responsible for regulating them.

4
Member's Profile
An update to the latest COSO model would be great. The comparison to this would be interesting.

5
Anonymous Author
Quite detailed. Cleared all the concepts of control testing and the documentation requirement.

5
Member's Profile
Stated learning objectives were explained fully and the depth of knowledge transfer was good.

5
Member's Profile
Great video, very detailed and informative. Would recommend to anyone interested in SOX 404.

5
Anonymous Author
Very good presentation and presenter. The content is adequate and constructive. I recommend.

5
Anonymous Author
The course was detailed, informative and there was a lot to digest; however, most valuable.

5
Member's Profile
Very informative class. One of the best on-line classes I have taken. What a bargain.

5
Member's Profile
I liked the risk testing process.I have also come to appreciate internal controls better.

5
Member's Profile
good explanation about section 404 with good examples in order to clarify our questions.

5
Member's Profile
The instructor provides a good explanation of the concept with examples that are helpful.

5
Member's Profile
Very clear and straightforward material. The content flow is well planned too. Congrats!

5
Member's Profile
interesting i scored a 90% can you tell me which question i answered incorrectly pls?

5
Anonymous Author
thank you for providing this training opportunity it was indeed interesting

4
Member's Profile
Lots of good information ~ some of the sections were cut short at end - mid sentence

5
Member's Profile
This course was a mind-stretcher. The instructor was clear and concise, as always.

5
Anonymous Author
very detailed and well organized slides. very detailed and well organized slides.

5
Member's Profile
Very well-designed course and provide learner a brief learning about these topics.

5
Anonymous Author
Solid coverage of a complex topic. I learned a ton by making the time investment.

5
Member's Profile
good, detailed course, with practical examples, easy to connect with real life.

5
Anonymous Author
Lots of facts but I think that the most important parts were well pointed out.

5
Anonymous Author
This was a good class, I learned a lot about SOX, but not the kind on my feet

4
Anonymous Author
SOX 404 primer covering controls and changes from original inception to now.

5
Anonymous Author
Example can be added value otherwise course materials was fine to understand.

5
Member's Profile
This is a great course to refresh on 404, very helpful and not too detailed.

5
Member's Profile
Tough Materials but well presented and explained to digest these materials.

4
Anonymous Author
Insightful overview of 404 that included some helpful presentation slides.

5
Member's Profile
Great course. Very informative with regards to the fundamentals of SOX 404

4
Anonymous Author
Lots of material. Good overview. Test questions are somewhat oddly worded.

5
Member's Profile
Excellent and thorough evaluation of the SOX 404 process and procedures.

5
Member's Profile
Highlight interesting stuff on controls documentation, control testing etc

4
Anonymous Author
Reasonably good level of detail and context to be applied to any company.

5
Anonymous Author
Great course for SOX 404 refresher. Material are very easy to understand.

5
Anonymous Author
This course was well organized and easy to follow. I would recommend it.

5
Member's Profile
Dense course, but the material was covered in an easy to follow manner.

4
Anonymous Author
Тема важная, нужная, но не приземленная

4
Member's Profile
Nice slides. Well done. Implementation Templates would also be nice.

5
Anonymous Author
provides a very good step by step approach to implement a SOX program

4
Anonymous Author
Good overview of SOX 404. I found the information to be very useful.

3
Member's Profile
Very good course and strict to the point. That is all I have to say.

5
Member's Profile
Very clear, easy to digest guidance. The content is easy to follow.

5
Anonymous Author
The explanation of SOX section 404 was very clear and well laid out.

4
Anonymous Author
I like the self study ability of this course and the exam practice.

5
Anonymous Author
An excellent succinct overview of S404 and the PCAOB requirements.

4
Anonymous Author
Great overview of SOX section 404 and implementation of SOX program

5
Member's Profile
Matches SOX approach for my organization. Clear and easy to follow.

5
Anonymous Author
Excellent insight into SOX 404. Very concise and straightforward.

5
Anonymous Author
Good overview of COSO including differences between 1992 and 2013.

5
Member's Profile
I like the fact that all the materials were relevant to the topic.

4
Member's Profile
I don't have anything to comment on this course. Very informative.

4
Member's Profile
No Surprises. Very detailed and have many important information.

4
Member's Profile
Liked the cube illustrations. Liked the review of rating scales.

5
Anonymous Author
Good content but more examples from real world would be helpful.

5
Anonymous Author
this course provided a nice overview of SOX 404 and was helpful.

4
Member's Profile
Walks through Section 404 in a way that is easy to understand.

4
Anonymous Author
easy to understand and follow, a great overview of 404 section

5
Anonymous Author
interesting course and simple exam questions; like this course

5
Anonymous Author
Well presented - - good summary of issue sin 2 hour timeframe.

4
Member's Profile
very good course should recommend to all collogue within nokia

5
Anonymous Author
Very concise overview. Very helpful. I enjoyed it very much.

5
Anonymous Author
worth the material, easy, understandable, learnt the concepts

4
Anonymous Author
Please reveal the answers we got wrong after passing the exam

4
Anonymous Author
This was a good overview of SOX and COSO from Lynn Fountain.

5
Anonymous Author
Great course and excellent guidance for SOX implementation.

5
Anonymous Author
Fast paced yet informative. Great overview for all levels.

5
Member's Profile
Excellent Course,, I have gained a lot of new information

3
Member's Profile
I have completed the course and have no further comments.

5
Member's Profile
Very concise and thorough review of 404. I enjoyed it.

5
Anonymous Author
This SOX 404 section possess good controls information.

5
Anonymous Author
Good overview of SOX 404 and good delivery of material

2
Anonymous Author
An ok talk with most of the basics covered. Thank you

5
Member's Profile
Complete summary and introduction to the next courses

4
Member's Profile
Provides a good insight into section 404 requirements

4
Anonymous Author
Great comprehensive summary and overview of SOX 404.

5
Member's Profile
Excellent presenter....made it easy to understand

4
Anonymous Author
Good review, lots are material but good overview.

5
Member's Profile
Once again the best place to get educated on SOX

5
Member's Profile
very well developed indicates objective clearly

5
Member's Profile
Great clarity provided on a detailed topic

5
Member's Profile
Excellent summary overview and refresher.

5
Member's Profile
Great presentation. Easy to understand.

5
Anonymous Author
Very informative and easy to understand

4
Anonymous Author
Solid high level requirements of 404

4
Anonymous Author
Good information and well laid out.

5
Anonymous Author
Comprehensive overview of SOX 404

5
Anonymous Author
Great summary for SOX section 404

5
Member's Profile
Liked the segmented presentation.

5
Member's Profile
Very through and infromative.

4
Member's Profile
A LOT of material to cover

4
Member's Profile
Great course. Good points.

4
Anonymous Author
A lot of good information

5
Anonymous Author
Good SOX overview...

5
Member's Profile
Effective approach.

5
Member's Profile
Good SOX refresher

5
Anonymous Author
Very informative.

Member's Profile
Very good summary

4
Anonymous Author
Overview of 404

5
Anonymous Author
Good coverage.

5
Anonymous Author
Very thorough.

Member's Profile
Good overview

5
Member's Profile
Good overview

5
Anonymous Author
Very thorough

5
Anonymous Author
Good summary

4
Anonymous Author
Good course.

4
Member's Profile
Good review

4
Member's Profile
no comments

5
Member's Profile
Educative.

5
Member's Profile
fabulous!

Prerequisites
Course Complexity: Intermediate

Prerequisite: Exposure to SOX

 

Advanced Preparation: None

 

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Questions and Answers(10 Questions)
Member's Profile

Thank you again for teaching this course. It has helped tremendously to shorten the learning curve regarding SOX! I have one final question. Given that SOX compliance doesn't align well with IIA auditing standards, what is the typical layout for the work papers (i.e., test plan, templates etc.)?

Member's Profile

Good question and one that doesn't have a straight forward answer. My suggestion is to look into some of the vendors who have SOX software. In some cases they have templates. Another suggestion is to speak with your external auditors. Many companies use the external auditors templates and then customize them for their needs. Many organizations still use excel spreadsheets where they list all the controls (by COSO component) and then have the accounting assertions across the top of the spreadsheet to link the controls to the most relevant assertion. Then they have columns where the controls are described and assessments are made regarding the suffuciency of the design. A separate column then records the testing and the results. So as you can see, there are many methods. I would also suggest looking at some of the Big 4 accounting firm websites. They sometimes have example templates. Or look at Knowledgeleader.com which is a site hosted by Protiviti. They have many tools that are useful.

Member's Profile

Thank you so much!

Member's Profile

Hi Lynn,

I respectfully request your assistance regarding SOX. Research indicates that SOX compliance work is conducted virtually in order to reduce costs. This seems to be more prevalent with small to medium sized public companies. Please let me know your thoughts on where to find companies that conduct virtual SOX compliance. Thank you in advance for your valuable time.

Stephen

Member's Profile

Hi Stephen - I'm unsure what research you may be pointing to. SOX is a legislative requirement for any publicly traded company so the work is done to actually comply with standards. Many of the research studies done over the past 10+ years showed that in the initial years, SOX was very costly to companies. As the years have gone by, and the PCAOB has moved from AS2 to AS5, compliance costs have gone down a bit. However, now COSO 2013 has swung that pendulum back a little.

For companies that are not required by legislation to comply with SOX (non-publicly traded companies), they generally try to work through the exercise because they believe it will improve their internal controls and also hopefully reduce costs. However I have not specifically seen recent studies on that.

When you ask about virtual SOX compliance - what are you referring to specifically?

Member's Profile

Hi Lynn,

I found a virtual SOX compliance course on the Lord & Benoit website. It explains the process to conduct SOX compliance virtually in the course overview.

It piqued my curiousity regarding virtual SOX compliance. Reviewing numerous job ads suggests that internal audit/compliance personnel are not offered to work remotely/virtually.

Please let me know your thoughts. Thank you again for you input.

Stephen

Member's Profile

You are into a bit of unchartered waters here. From one perspective there are a lot of SOX groups that do work remotely because of outside locations or foreign entities. But they are probably executing the work from their corporate offices. You start to get into a lot of information privacy issues when you allow people to access information systems from home. I don't know of anything specifically that says it isn't allowed but I believe you would be hard-pressed to find an organization that would be fully open to the idea. There is a lot of SOX work like walkthroughs that couldnt be done virtually - or maybe would not be considered effective. So I believe the bottom line is it is all up to the organization and with probably some input from their external auditors

Member's Profile

Hi Lynn,

Thank you again for your input! I truly appreciate it.

Stephen

User picture

Can a non listed, non US company's external auditors provide an opinion on ICFR in their report if company's Management urges them to or is there any regulation stopping external auditor from doing so because they are truly not under SOX or PCAOB?

Member's Profile

Sorry for the delayed reply. The program was not providing me the reply button.

I think your question is more of a legal question than SOX legislation. Many on listed company's now follow SOX and in some cases their auditors will provide an opinion to managment on ICFR. It depends on your contract. I am not aware of any PCAOB rules that prohibit this but again, consult with legal

Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
  Introduction to Sarbanes-Oxley Section 4046:07
Sarbanes-Oxley Section 404
  SOX Section 4046:08
  Internal Control Framework13:33
  COSO 17 Principles, SEC Ongoing Requirements, and Relevant Assertions11:24
  Accounting Risk Assessment10:30
  Risk Characteristics, Scoring Models, and Summary9:26
  SOX Documentation Requirements10:23
  Process Flows, Documentation Requirements, and Identifying Control Types9:14
  Documention: Non-Routine & Estimates, Process Documentation, Overview, and Assessing Design Effectiveness8:58
  Testing Requirements14:24
  Materiality Discussion7:42
CONCLUSION
  PCAOB December 2012 Report on ICFR and Summary 40410:02
CONTINUOUS PLAY
  Sarbanes-Oxley Section 404 1:57:51
SUPPORTING MATERIALS
  Slides: Sox 404PDF
  Sox 404 Glossary/IndexPDF
REVIEW & TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam