The Sarbanes-Oxley Act (SOX) placed new requirements on American companies to ensure the integrity, reliability, and accuracy of financial reporting and corporate disclosures. While you could do this on your own or manually, why reinvent the audit controls wheel? Automated tool sets and repositories to facilitate SOX compliance are available in ample numbers. But like any piece of software, you have to know what to look for to meet your organization's expectations and avoid disappointments. This research note examines critical attributes of SOX tool sets, discussing how you can utilize them effectively to maximize the return on your investment of time and money.
Part One examined the first three components of the COSO Integrated Framework relative to selecting a SOX tool set.
Part Two discusses the information and communication, and monitoring components from a similar perspective and provides some tips for kicking off the tool set selection process.
What is COSO?
COSO stands for Committee of Sponsoring Organizations of the Treadway Commission. It is a voluntary private-sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The Securities and Exchange Commission (SEC) ruled that management must base its evaluation on a suitable, recognized control framework established by a group that has followed due-process procedures, including the broad distribution of the framework for public comment. Furthermore, the SEC points out in its final rule that the COSO Internal Control—Integrated Framework, which is depicted in the three-dimensional diagram to the right, satisfies this requirement. Accordingly, the majority of organizations have adopted this framework as the basis for compliance with Section 404 of SOX, namely Management Assessment of Internal Controls.
When evaluating SOX tool sets, doesn't it make sense to determine how well the proposed software satisfies critical components of the COSO framework? Of course it does. The remainder of this note examines the five components of the COSO framework, outlining the key characteristics and attributes you should consider in selecting a SOX tool set. Specifically, these components include:
* Control environment
* Risk assessment
* Control activities
* Information and communication
* Monitoring
A brief description and introduction, as denoted in italics, is provided of how each component will assist in achieving internal control objectives as depicted in the second dimension (top level view) of the framework. These control objectives provide for the following:
Part One examined the first three components of the COSO Integrated Framework relative to selecting a SOX tool set.
Part Two discusses the information and communication, and monitoring components from a similar perspective and provides some tips for kicking off the tool set selection process.
What is COSO?
COSO stands for Committee of Sponsoring Organizations of the Treadway Commission. It is a voluntary private-sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The Securities and Exchange Commission (SEC) ruled that management must base its evaluation on a suitable, recognized control framework established by a group that has followed due-process procedures, including the broad distribution of the framework for public comment. Furthermore, the SEC points out in its final rule that the COSO Internal Control—Integrated Framework, which is depicted in the three-dimensional diagram to the right, satisfies this requirement. Accordingly, the majority of organizations have adopted this framework as the basis for compliance with Section 404 of SOX, namely Management Assessment of Internal Controls.
When evaluating SOX tool sets, doesn't it make sense to determine how well the proposed software satisfies critical components of the COSO framework? Of course it does. The remainder of this note examines the five components of the COSO framework, outlining the key characteristics and attributes you should consider in selecting a SOX tool set. Specifically, these components include:
* Control environment
* Risk assessment
* Control activities
* Information and communication
* Monitoring
A brief description and introduction, as denoted in italics, is provided of how each component will assist in achieving internal control objectives as depicted in the second dimension (top level view) of the framework. These control objectives provide for the following:
