Tip of the Week
Downloads Contact Us Feedback Links Resources Sitemap FAQs
Sarbanes Oxley information available for download


SOX Expert software is please to present these resources -  downloadable documents - to assist in your Sarbanes Oxley implementation or other governance, risk and compliance efforts.

INSTRUCTIONS:   To download a document click on on the Title of the document. Once open, you can save the document to your computer or shared drive.


SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners
A comprehensive 78 page guide published by the Institute of Internal Auditors in January 2008 with updated references to Auditing Standard No. 5 (AS 5).

Sarbanes-Oxley Act: Section 404 - Practical Guidance for Management
PriceWaterhouseCooper’s comprehensive 154 page monograph designed to assist management in its efforts to satisfy its responsibilities established by the Public Company Accounting Reform and Investor Protection Act of 2002.

COBIT Mapping - Overview of International IT Guidance, 2nd Edition
This 76 page document published by the IT Governance Institute provides a framework for IT governance as part of the risk governance on an organization.

Audting Standard 5 
Auditing Standard 5 from the PCAOB, in combination with the SEC's new management guidance, will make Section 404 audits and management evaluations more risk-based and scalable to company size and complexity.

Audting Standard 6 
Auditing Standard 6 - Evaluating Consistency of Financial Statements. Although strictly not related to Sarbanes Oxley, this Auditing Standard from the PCAOB is an important consideration in Internal Controls Over Financial Reporting (ICOFR). The guidance contained in this document should be incorporated into an organization's financial statement reporting controls.

Tone at the Top - Does Your Control System Pass the COSO Test?
This 4 page article in the Tone at the Top series by the Institute of Internal Auditors addresses the question:   Does Your Control System Pass the COSO Test?

Taking Control: A Guide to Compliance with Section 404 of the Sarbanes Oxley Act
To assist companies with their Sarbanes-Oxley section 404 compliance projects, Deloitte has released Taking Control, a 43 page comprehensive, plain-English guide to implementing a strong system of internal control.

Taking Control can benefit a variety of readers:

  • Nonaccelerated filers and foreign private issuers who may just be getting their 404 work under way
  • Public companies at various stages in their section 404 projects
  • Nonprofit organizations, governmental agencies and other groups that are not mandated to comply but who wish to adopt some of the good governance practices outlined in Sarbanes-Oxley
  • Executives and board and committee members who can gain insights from the "Executive Overview" and "Lessons Learned" sections
  • Employees "on the ground" who can find practical advice distilled from real-world experience in the "Implementation Guide" section


SEC Guidance Concerning Sarbanes Oxley

The SEC has issued a number of final rules and guidance regarding Sarbanes Oxley implementation. Listed below are some of the pertinent rules and guidance:

SEC Sarbanes Oxley Section 404 - A Guide for Small Business
A short, 4 page, guide issued by the SEC in 2007 to assist small companies with their Sarbanes Oxley implementation.

Interpretive Release No. 33-8810 - Commission Guidance Regarding Management's Report on Internal Control Over Financial Reporting
The SEC's June 2007 Interpretive Guidance - This 77 page document provides guidance for management regarding its evaluation and assessment of internal controls over financial reporting. The guidance sets forth an approach by which management can conduct a top-down, risk-based evaluation of internal control over financial reporting. An evaluation that complies with this interpretive guidance is one way to satisfy the evaluation requirements of Rules 13a-15(c) and 15d-15(c) under the Securities Exchange Act of 1934.

Final Rule 33-8809 - The SEC's Rules Defining Material Weakness and Regarding Voluntary Use of the Interpretive Guidance
This 51 page document published by the SEC in 2007 describes amendments that are intended to facilitate more effective and efficient evaluations of internal control over financial reporting by management and auditors. It includes the SEC definition of the term "material weakness" and revises the requirements regarding the external auditor's attestation report on the effectiveness of internal control over financial reporting.

Final Rule 33-8829 - The SEC's Rules Definining Significant Deficiency
This 17 page document published in 2007 is the SEC's definition of the term "significant deficiency" for purposes of the Commission's rules implementing Section 302 and Section 404 of the Sarbanes-Oxley Act of 2002.


SEC - Other Sarbanes Oxley Information


Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements Deficiency
This report compiled by the SEC's Office of  Economic Analysis and issued in September 2009 presents an analysis of data from publicly traded companies collected from an SEC-sponsored Web survey of financial executives of companies with Section 404 experience conducted during December 2008 and January 2009. The analysis of the survey data is designed to inform the SEC and other interested parties as to whether changes occurring since 2007 (please see Auditing Standard 5) are having the intended effect of facilitating more cost-effective internal controls evaluations and audits, especially as they may apply to smaller reporting companies. The findings of the analysis relating to efficiency include evidence on the total and component compliance costs, the changes in costs over time, and the factors that help to explain why costs are lower or higher for some companies than for others. These findings include evidence of direct and indirect effects that management ascribes to Section 404 compliance, including evidence on intended benefits.

The 2007 reforms that are the focus of this inquiry include the SEC's June 2007 Management Guidance and its order approving the Public Company Accounting Oversight Board's (PCAOB) Accounting Standard No. 5 (AS5) (collectively referred to as the "2007 reforms"). We are primarily interested in whether and how companies' experience with Section 404(b) compliance changed following the reforms, yet this report also presents evidence on the implementation of both Section 404(a) and Section 404(b). This reflects the interrelationship between the two requirements. The survey was open to all reporting companies with relevant experience in complying with Section 404, recognizing that only large accelerated filers and accelerated filers are currently required to comply with both Section 404(a) and Section 404(b)..


Fraud Control

Fraud control should be an integral part of an organization's Sarbanes Oxley (SOX) program. SOX Expert software will ensure that it is.

Managing the Business Risk of Fraud:   A Practical Guide
This 80 page publication sponsored by the Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), and the Association of Certified Fraud Examiners (ACFE) and published in 2008 is a must read for anyone with responsibility for fraud Control within their organization. This publication has also been endorsed by the Chartered Accountant of Canada (CA), Institute of Management Accountants (IMA), Association of Chartered Certified Accountants (ACCA), the Value Alliance, the Society of Corporate Compliance and Ethics (SCCE), Certified Compliance & Ethics Professionals, and the Open Compliance & Ethics Group (OCEG).

Management Antifraud Program and Controls:  Guidance to Help Prevent and Deter Fraud
This 22 page document was commissioned by the Fraud Task Force of the AICPA's Auditing Standards Board. It was excerpted from Statement on Auditing Standards No. 99, Considerations of Fraud in a Financial Statement Audit. This document was issued in 2002 jointly by the following organizations: American Institute of Certified Public Accountants (AICPA), Association of Certified Fraud Examiners (ACFE), Financial Executives International (FEI), Information Systems Audit and Control Association (ISACA), The Institute of Internal Auditors (IIA), Institute of Management Accountants (IMA), Society for Human Resource Management (SHRM).


Risk Management

Sarbanes Oxley (SOX) should be an integral part of an organization's Governance, Risk and Compliance program (GRC).

Seizing Opportunity - Linking Risk and Performance
This 32 page article published in July 2009 is part of the Thought Leadership Institute series from PriceWaterhouseCoopers. It addresses the question:   Global business volatility seems more extreme than ever - How will your company manage the risks and rewards of doing business in unprecedented times?

Effective Enterprise Risk Oversight: The Role of the Board of Director 
This 4 page thought paper issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 2009 is designed to help boards of directors strengthen their oversight of enterprise risks.

Strengthening Enterprise Risk Management for Strategic Advantage 
This 24 page thought paper issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 2009 discusses how senior management can work with its board of directors to strengthen risk oversight in the organization.


Financial Reform Impact on Sarbanes Oxley

Most small companies think that the financial reform act permanently exempts them from implementing Sarbanes Oxley. This is not a correct assumption. What the act does is to exempt small companies - those with under $75 million in capitalization from Section 404(b) of the Sarbanes Oxley act. The legislation does not affect section 404(a) of the Sarbanes Oxley Act. This section requires management to document and evaluate the effectiveness of internal controls over financial reporting.

The Financial Reform bill also affects many other areas which can have an impact on a company's internal control over financial reporting. For example one aspect of the law affects disclosure requirements on executive compensation. To more fully inform our customers of the affects of the Financial Reform Act on their organization, we are providing the following resources:


Senate Committee on Banking, Housing, and Urban Affairs Summary
This is the 11 page summary of the Act issued by the Senate Committee on Banking, Housing, and Urban Affairs.

Financial Reform Act Has Broad Impact on Investment Management Industry
This 18 page summary by the Investment Management Group of DrinkerBiddle deals with the effects of the act specifically on the Investment Management industry. One impact is Section 982 of the Act which amends the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) to provide the Public Company Accounting Oversight Board (PCAOB) with authority over audits of broker-dealers comparable to its current authority over audits of issuers of securities.

Financial Reform Act
For those that want to read it all themselves,here is the actual Act as signed by the President.

  • Provides a coherent framework for all business processes and locations.
  • Monitors all control activities, risk assessment and testing results.
  • Creates test plans, testing worksheets and continuously tracks testing results.
  • Generates all documents necessary to conduct testing of ICOFR for SOX compliance.
  • Encompasses all SEC and PCAOB guidelines.
  • Assures outside audit satisfaction of SOX mandates.
  • Can be used for all your Governance Risk and Complaince (GRC) needs.

Tip Of The Week