Instructor for this course
more

The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal controls over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.[32] This course provides an overview of SOX Section 404 and discusses how one can effectively implement a solid program to address the needs of Section 404. 

The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.[33] This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance [34] on June 27, 2007. These two standards together require management to:

  • Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
  • Understand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise;
  • Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
  • Perform a fraud risk assessment;
  • Evaluate controls designed to prevent or detect fraud, including management override of controls;
  • Evaluate controls over the period-end financial reporting process;
  • Scale the assessment based on the size and complexity of the company;
  • Rely on management's work based on factors such as competency, objectivity, and risk;
  • Conclude on the adequacy of internal control over financial reporting.

Sarbanes-Oxley was passed in 2002 and year one of attestation for publically traded companies was 2004.  SOX section 404 is the most prominent of the many requirements covered under the legislation. 

Taking this course will prepare you to successfully address the challenges of Section 404 at your company - a high profile and critical process!

Learning Objectives

  • Discover the requirements of Sarbanes-Oxley (SOX) Section 404
  • Recognize COSO and the Internal Control Framework
  • Identify SEC and PCAOB ongoing SOX 404 requirements
  • Identify documentation Requirements
  • Identify testing Requirements
  • Define significant Deficiency and Material Weakness
  • Recognize PCAOB 2012 Report on Public Companies ICFR
Last updated/reviewed: February 05, 2018

Included In Certifications

This course is included in the following Expert Certifications:

16 CoursesSarbanes-Oxley (SOX) Certification

  1. Sarbanes Oxley (SOX) Overview
  2. SOX: Authoritative Bodies
  3. The Evolution of Sarbanes-Oxley (SOX) Auditing Standards
  4. Information Technology in Today’s Digital World: General Controls Primer
  5. COSO 2013 Framework Requirements and Implementation Overview
  6. Sarbanes-Oxley (SOX) Section 404
  7. Sarbanes-Oxley (SOX) Section 302: Internal Controls over Financial Reporting
  8. Sarbanes-Oxley (SOX) Section 806, 902, 906
  9. Sarbanes-Oxley (SOX): Preparing for a Top Down Risk Assessment Part 1
  10. Sarbanes-Oxley (SOX): Executing a Top Down Risk Assessment Part 2
  11. Sarbanes Oxley (SOX): Entity Level and Soft Controls
  12. Sarbanes-Oxley (SOX) Identifying and Documenting Controls
  13. Sarbanes-Oxley (SOX) Testing
  14. Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
  15. Sarbanes-Oxley (SOX) Difficulty of Assessing Material Impact
  16. XBRL - Connection to SOX 302/404 and Critical Roles

77 Reviews (230 ratings)Reviews

5
Member's Profile
interesting i scored a 90% can you tell me which question i answered incorrectly pls?
5
Anonymous Author
I am in financial planning and analysis area, and seldom have chance to learn about internal control/SOX/COSO from real-work environment. I find this seminar informative, the presenter knowledgeable and confident. Recommend to any financial people interested in understand the overall SOX/COSO/internal control concepts.
4
Member's Profile
Great overview of SOX 404. Great ideas for how to go about determining controls and weighing them for importance. As others mentioned, the transitions between modules could be improved. Some sentences were cut off. If this was better, I would have given it a 5 star rating.
4
Anonymous Author
Sarbanes-Oxley was a heavy topic and Lynn did her best to make it interesting to follow and digest. Quite a few times, I rewound the videos to get a better perspective - this is a lesson I will need to go over again.
5
Anonymous Author
Good amount of information on control testing. Very relevant to the life of a big 4 auditor. I believe there may be an issue with one of the test questions not aligning with the material presented.
4
Anonymous Author
I liked that the course included practical examples and the presenter was well versed in this area. This is very relevant to the work that I am doing today and was a great overview.
4
Member's Profile
This course contained a lot of detail, but it was very well presented and relevant examples were given to help in understanding the concept. I would recommend this course to others.
5
Member's Profile
I really liked the step by step slide that puts the entire 404 process into a clear perspective. I liked Lynn's careful explanations of the areas that have changed over the years.
4
Member's Profile
Excellent course and overview of SOX. Frustrating how some sections end abruptly before they're finished. Also, too many short sections to not have a continuous play option.
5
Member's Profile
The course was great for someone like me who had limited knowledge of all the elements. Put everything together so I could follow as I develop plans and controls in future
5
Member's Profile
Great course, stuffed with rich contents. This course goes beyond an overview of SOX and section 404 requirements, but has in-depth coverage on the operational aspects.
5
Anonymous Author
I liked the manner in which the course was delivered. The presented didn't just restate slide materials, but included practical examples to help drive the point home.
5
Anonymous Author
Very thorough and informative course on the topic. I appreciated the detailed steps and instructions provided for implementing the various aspects of SOX 404.
5
Anonymous Author
Very good detail of the process for evaluating controls. As stated, this could be a 3 day course or more if you continued to dig into the details.
4
Member's Profile
As always, the content was thorough and well-present. However, I found it frustrating that many of the modules ended abruptly in mid-sentence.
5
Anonymous Author
Excellently thorough and truly educational course! I couldn't help but print MANY of the slides for future reference. Way to go Lynn!!
5
Member's Profile
I liked the course very much. I learned, and got a few ideas to implement and/or improve the existing support documentation.
5
Anonymous Author
The instructor is very knowledgeable. With a video showing her facial expression, make the boring topic more interesting.
5
Member's Profile
This course provides good, concise, and important information and concepts to prepare to be involved with SOX testing.
5
Anonymous Author
Instructor was very knowledgeable, gave good examples and this was a good overview to the process and needs of SOX 404
5
Member's Profile
Absolutely worth the time and money! Great course; learned a lot and re-solidified basis of understanding. 5-stars!
5
Anonymous Author
Although this was more of a summary of SOX 404, the Instructor provided some essential details related to SOX 404.
3
Member's Profile
Very indepth course. Wish the exam questions were worded in a way that followed the supporting material provided.
4
Member's Profile
This course provides a comprehensive discussion on SOX 404, its requirements, as well as on how to comply with it
5
Member's Profile
The instructor does a great job on explaining the foundation and the evolving requirements. Great instructor.
5
Member's Profile
Given the amount of information presented, I would have expected the exam to be a little bit more difficult.
5
Anonymous Author
Great course. No surprises. All individuals who are involved in some aspect of internal control compliance.
5
Member's Profile
A lot of valuable information in this session and by far the best one yet. Really provides good examples.
5
Member's Profile
Stated learning objectives were explained fully and the depth of knowledge transfer was good.
5
Member's Profile
Very informative class. One of the best on-line classes I have taken. What a bargain.
4
Member's Profile
Lots of good information ~ some of the sections were cut short at end - mid sentence
5
Anonymous Author
Solid coverage of a complex topic. I learned a ton by making the time investment.
4
Anonymous Author
Insightful overview of 404 that included some helpful presentation slides.
5
Member's Profile
Dense course, but the material was covered in an easy to follow manner.
4
Member's Profile
Nice slides. Well done. Implementation Templates would also be nice.
4
Anonymous Author
Good overview of SOX 404. I found the information to be very useful.
4
Anonymous Author
I like the self study ability of this course and the exam practice.
5
Anonymous Author
An excellent succinct overview of S404 and the PCAOB requirements.
5
Anonymous Author
Excellent insight into SOX 404. Very concise and straightforward.
4
Member's Profile
Liked the cube illustrations. Liked the review of rating scales.
4
Member's Profile
Walks through Section 404 in a way that is easy to understand.
5
Anonymous Author
Fast paced yet informative. Great overview for all levels.
5
Member's Profile
Excellent Course,, I have gained a lot of new information
5
Member's Profile
Excellent presenter....made it easy to understand
4
Anonymous Author
Good review, lots are material but good overview.
5
Member's Profile
Once again the best place to get educated on SOX
5
Member's Profile
very well developed indicates objective clearly
5
Member's Profile
Great clarity provided on a detailed topic
5
Member's Profile
Excellent summary overview and refresher.
5
Member's Profile
Great presentation. Easy to understand.
5
Anonymous Author
Very informative and easy to understand
4
Anonymous Author
Solid high level requirements of 404
4
Anonymous Author
Good information and well laid out.
5
Anonymous Author
Comprehensive overview of SOX 404
5
Anonymous Author
Great summary for SOX section 404
5
Member's Profile
Liked the segmented presentation.
5
Member's Profile
Very through and infromative.
4
Member's Profile
A LOT of material to cover
4
Member's Profile
Great course. Good points.
4
Anonymous Author
A lot of good information
5
Anonymous Author
Good SOX overview...
5
Member's Profile
Effective approach.
5
Member's Profile
Good SOX refresher
5
Anonymous Author
Very informative.
Member's Profile
Very good summary
4
Anonymous Author
Overview of 404
5
Anonymous Author
Good coverage.
5
Anonymous Author
Very thorough.
Member's Profile
Good overview
5
Member's Profile
Good overview
5
Anonymous Author
Very thorough
5
Anonymous Author
Good summary
4
Anonymous Author
Good course.
4
Member's Profile
Good review
4
Member's Profile
no comments
5
Member's Profile
Educative.
5
Member's Profile
fabulous!

Prerequisites

Course Complexity: Intermediate

Prerequisite: Exposure to SOX

 

Advanced Preparation: None

 

Education Provider Information

Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .

8 QuestionsCourse Questions and Answers

Member's Profile

Thank you again for teaching this course. It has helped tremendously to shorten the learning curve regarding SOX! I have one final question. Given that SOX compliance doesn't align well with IIA auditing standards, what is the typical layout for the work papers (i.e., test plan, templates etc.)?

Member's Profile

Good question and one that doesn't have a straight forward answer. My suggestion is to look into some of the vendors who have SOX software. In some cases they have templates. Another suggestion is to speak with your external auditors. Many companies use the external auditors templates and then customize them for their needs. Many organizations still use excel spreadsheets where they list all the controls (by COSO component) and then have the accounting assertions across the top of the spreadsheet to link the controls to the most relevant assertion. Then they have columns where the controls are described and assessments are made regarding the suffuciency of the design. A separate column then records the testing and the results. So as you can see, there are many methods. I would also suggest looking at some of the Big 4 accounting firm websites. They sometimes have example templates. Or look at Knowledgeleader.com which is a site hosted by Protiviti. They have many tools that are useful.

Member's Profile

Thank you so much!

Member's Profile

Hi Lynn,

I respectfully request your assistance regarding SOX. Research indicates that SOX compliance work is conducted virtually in order to reduce costs. This seems to be more prevalent with small to medium sized public companies. Please let me know your thoughts on where to find companies that conduct virtual SOX compliance. Thank you in advance for your valuable time.

Stephen

Member's Profile

Hi Stephen - I'm unsure what research you may be pointing to. SOX is a legislative requirement for any publicly traded company so the work is done to actually comply with standards. Many of the research studies done over the past 10+ years showed that in the initial years, SOX was very costly to companies. As the years have gone by, and the PCAOB has moved from AS2 to AS5, compliance costs have gone down a bit. However, now COSO 2013 has swung that pendulum back a little.

For companies that are not required by legislation to comply with SOX (non-publicly traded companies), they generally try to work through the exercise because they believe it will improve their internal controls and also hopefully reduce costs. However I have not specifically seen recent studies on that.

When you ask about virtual SOX compliance - what are you referring to specifically?

Member's Profile

Hi Lynn,

I found a virtual SOX compliance course on the Lord & Benoit website. It explains the process to conduct SOX compliance virtually in the course overview.

It piqued my curiousity regarding virtual SOX compliance. Reviewing numerous job ads suggests that internal audit/compliance personnel are not offered to work remotely/virtually.

Please let me know your thoughts. Thank you again for you input.

Stephen

Member's Profile

You are into a bit of unchartered waters here. From one perspective there are a lot of SOX groups that do work remotely because of outside locations or foreign entities. But they are probably executing the work from their corporate offices. You start to get into a lot of information privacy issues when you allow people to access information systems from home. I don't know of anything specifically that says it isn't allowed but I believe you would be hard-pressed to find an organization that would be fully open to the idea. There is a lot of SOX work like walkthroughs that couldnt be done virtually - or maybe would not be considered effective. So I believe the bottom line is it is all up to the organization and with probably some input from their external auditors

Member's Profile

Hi Lynn,

Thank you again for your input! I truly appreciate it.

Stephen

Course Syllabus
INTRODUCTION AND OVERVIEW
  6:07Introduction to Sarbanes-Oxley Section 404
Sarbanes-Oxley Section 404
  6:08SOX Section 404
  13:33Internal Control Framework
  11:24COSO 17 Principles, SEC Ongoing Requirements, and Relevant Assertions
  10:30Accounting Risk Assessment
  9:26Risk Characteristics, Scoring Models, and Summary
  10:23SOX Documentation Requirements
  9:14Process Flows, Documentation Requirements, and Identifying Control Types
  8:58Documention: Non-Routine & Estimates, Process Documentation, Overview, and Assessing Design Effectiveness
  14:24Testing Requirements
  7:42Materiality Discussion
CONCLUSION
  10:02PCAOB December 2012 Report on ICFR and Summary 404
CONTINUOUS PLAY
  1:57:51Sarbanes-Oxley Section 404
SUPPORTING MATERIALS
  PDFSlides: Sox 404
  PDFSox 404 Glossary/Index
REVIEW & TEST
  quizREVIEW QUESTIONS
 examFINAL EXAM