You may not believe that there’s a fun and easy way to comply with Sarbanes –Oxley, but once you have Sarbanes-Oxley For Dummies, Second Edition in front of you, you’re sure to change your mind. This friendly guide gets you quickly up to speed with the latest SOX legislation and shows you safe and effective ways to reduce compliance costs. In plain English, this completely reliable handbook walks you through the new and revised SOX laws, introduces compliance strategies for changed and unchanged guidelines, and gives you an effective framework for implementation You’ll find out how to create an efficient audit committee, purchase and use SOX software solutions, and make practical, cost-effective decisions in your initial compliance year and beyond. You’ll also find proven strategies for staying public or going private and learn how to deal with all those SOX forms. Discover how to: Establish SOX standards for IT professionals Minimize compliance costs in every area of your company Survive a section 404 audit Avoid litigation under SOX Anticipate future rules and trends Create a post-SOX paper trail Bolster your company’s standing and reputation Work with SOX in a small business Meet new SOX standards Build a board that can’t be bought Comply with all SOX management mandates Complete with invaluable tips on how to form an effective audit committee, Sarbanes-Oxley For Dummies is the resource you need to keep your SOX clean.
Introduction 1 Part I: The Scene Before and After SOX 7 Chapter 1: The SOX Saga 9 Chapter 2: SOX in Sixty Seconds 27 Chapter 3: SOX and Securities Regulations 43 Chapter 4: SOX and Factual Financial Statements 67 Chapter 5: What’s New for Non-Accelerated Filers 83 Part II: SOX in the City: Meeting New Standards 89 Chapter 6: A New Audit Ambience 91 Chapter 7: A Board to Audit the Auditors 105 Chapter 8: The Almighty Audit Committee 119 Chapter 9: Building Boards That Can’t Be Bought 131 Chapter 10: SOX: Under New Management 143 Chapter 11: More Management Mandates 159 Part III: Scaling Down Section 404 169 Chapter 12: Clearing Up Confusion about Control 171 Chapter 13: Surviving a Section 404 Audit 183 Chapter 14: Taking the Terror Out of Testing 191 Part IV: SOX for Techies 207 Chapter 15: Getting Technical with SOX 209 Chapter 16: Surveying SOX Software 219 Chapter 17: Working with Some Actual SOX Software 233 Part V: To SOX-finity and Beyond 249 Chapter 18: Lawsuits under SOX 251 Chapter 19: The Surprising Scope of SOX 267 Part VI: The Part of Tens 273 Chapter 20: Ten Ways to Avoid Getting Sued or Criminally Prosecuted Under SOX 275 Chapter 21: Ten Tips for an Effective Audit Committee 281 Chapter 22: Ten Smart Management Moves 289 Chapter 23: Ten Things You Can’t Ask an Auditor to Do After SOX 295 Chapter 24: Top Ten Places to Get Smart about SOX 301 Part VII: Appendixes 307 Appendix A: Selected Sections, Auditing Standard No 5 309 Appendix B: Sample Certifications 313 Appendix C: Sample Audit Committee Charter 319 Appendix D: Sample Code of Ethics 329 Appendix E: Sample SAS 70 Report 337 Index 339 Table of Contents Introduction 1 About This Book 1 Conventions Used in This Book 2 What You’re Not to Read 2 Foolish Assumptions 3 How This Book Is Organized 3 Part I: The Scene Before and After SOX 4 Part II: SOX in the City: Meeting New Standards 4 Part III: Scaling Down Section 404 4 Part IV: SOX for Techies 4 Part V: To SOX-finity and Beyond 4 Part VI: The Part of Tens 5 Part VII: Appendixes 5 Icons Used in This Book 5 Where to Go from Here 6 Feedback, Please 6 Part I: The Scene Before and After SOX 7 Chapter 1: The SOX Saga 9 Plowing Through the Politics of SOX 10 Taking advantage of a loophole 10 Not everyone’s a SOX fan 11 New ammunition for aggrieved investors 13 Corporate America after SOX 13 Combating Corruption under SOX: Everyone Has a Role 14 Assisting with internal control: The independent audit board 14 Testing the accounting data: Auditors 15 Using the new noisy liability: Lawyers 16 Certifying financial reports: CEOs and CFOs 17 Staying clean voluntarily: Small businesses and nonprofits 17 Adhering to procedures: The rank-and-file employees 18 Overseeing corporate policy: New high–paid governance gurus 18 A Summary of SOX: Taking It One Title at a Time 18 Title I: Aiming at the audit profession 18 Title II: Ensuring auditor independence 20 Title III: Requiring corporate accountability20 Title IV: Establishing financial disclosures, loans, and ethics codes 21 Title V: Protecting analyst integrity 22 Title VI: Doling out more money and authority 22 Title VII: Supporting studies and reports 22 Title VIII: Addressing criminal fraud and whistleblower provisions 23 Title IX: Setting penalties for white-collar crime 23 Title X: Signing corporate tax returns 24 Title XI: Enforcing payment freezes, blacklists, and prison terms 24 Some Things SOX Doesn’t Say: SOX Myths 24 Myth #1: SOX put Jeff Skilling (and other Enron execs) in jail 24 Myth#2: Auditors can’t provide tax services 25 Myth #3: Internal control means data security 25 Myth #4: The company isn’t responsible for functions it outsources 26 Myth #5: My company met the deadline for Section 404 first-year compliance We’re home free! 26 Chapter 2: SOX in Sixty Seconds 27 Reestablishing Control after the Scandals 28 Enron events everyone initially overlooked 28 More tales from the corporate tabloids 32 Four Squeaky Clean SOX Objectives 33 How SOX Protects the Investing Public 35 Creating a Public Company Accounting Oversight Board 35 Clamping down on auditors 36 Rotating auditors 37 Creating committees inside companies 37 Holding management accountable 38 Taking back bogus bonuses 38 Banning blackouts 38 Ratcheting up reporting 39 Purging company conflicts of interest 39 Exercising internal control 40 Looking at lawyers 40 Waiting seven years to shred 41 Putting bad management behind bars 41 Freezing bonuses 41 Blackballing officers and directors 41 Providing whistle-blower protection 42 Rapid Rulemaking Regrets 42 Chapter 3: SOX and Securities Regulations 43 Pre-SOX Securities Laws 44 The Securities Act of 1933: Arming investors with information 45 The Securities Exchange Act of 1934: Establishing the SEC 46 Other securities laws 49 Sarbanes-Oxley For Dummies, 2nd Edition xiv The Scope of SOX: Securities and Issuers 49 What is a “security”? 50 Who is an “issuer”? 51 The SOX surprise 52 The Post-SOX Paper Trail 54 Form 10-K 55 Form 10-Q 55 Form 8-K 56 Behind the 8-K Ball after SOX 56 Adding new events to the list 56 Shuffling events from the 10-K and 10-Q 57 Creating four-day reporting events 58 Providing protection in the safe SOX harbor 58 Annual SEC Scrutiny after SOX 59 Mandatory review rule 59 Remedies for inaccurate registration materials 60 Why Privately Held Companies Care about SOX 60 Bolstering the bottom line 60 Defending company practices in court 62 Going public after SOX 62 Chapter 4: SOX and Factual Financial Statements 67 Auditing the Auditors: 2007 Guidance from the SEC 68 SOX’s Recipe for Seeking Out Cooked Books 69 Reviewing what the income statement reveals 70 Examining balance sheet (and off–balance sheet) transactions 72 Looking for funky footnotes 73 Complying with GAAP and GAAS 73 Finding Financial Information 75 The free stuff 75 The fee-based stuff 76 Accessing Annual Reports 77 The glossy pictures and the real figures 77 Management’s Discussion and Analysis79 Surfing SEC Filings 79 10-K reports 79 Other useful forms on EDGAR 80 Chapter 5: What’s New for Non-Accelerated Filers 83 A SOX Update for Small Companies 83 No relief for non-accelerated filers 84 Looking at what the rules require 84 Getting the Auditor’s Opinion 85 A kinder, gentler audit 85 Touting a top-down approach 86 Tips for adopting a new “audit-tude”86 Table of Contents xv Sarbanes-Oxley For Dummies, 2nd Edition xvi Part II: SOX in the City: Meeting New Standards 89 Chapter 6: A New Audit Ambience 91 How SOX Rocks the Accounting Profession 91 An Example of Audit Failure: Arthur Andersen 92 Chronology of a collapse 92 A vindicating verdict years later 93 Bridging the GAAP 94 SOX as a Substitute for Self-Regulation 94 Shifting the role of the AICPA 95 Whose turn is it to watch the CPA? 97 Is There an Independent Auditor in the House? 97 The importance of audit independence 98 Every auditor’s dilemma 99 What SOX Says to CPAs 99 Give the whole team a cooling-off period 100 Prohibit services that cause conflicts 100 Get prior permission for potential conflicts 101 Everybody change partners! 102 Wait seven years to shred 102 Recognize when auditors are “impaired” 102 Section 404: The Sin Eater Provision 102 CEOs and CFOs signing off 103 CPAs certifying the certifications 103 Chapter 7: A Board to Audit the Auditors 105 Taking a New Approach to Audit Oversight 106 The old ad hoc system of accounting oversight 106 Alphabet soup of accounting regulation 107 Primary Purposes of the PCAOB 108 Goals of the PCAOB 108 The seven statutory duties of the PCAOB 109 Some Practical PCAOB Matters 109 Who’s on the board? 110 Who pays for the PCAOB? 110 PCAOB Rules: Old Meets New 110 Sticking to the ol’ standby rules 111 Adjusting to some new rules 111 Evolving PCAOB Policies and Issues 113 Sanctioning sloppy auditors 113 Keeping an eye on small CPA firms 113 Extending authority internationally114 Communicating with the SEC 114 When the PCAOB Doesn’t Perform 114 Struggling for Standards 115 Adapting to Auditing Standard No 2 115 Implementing Auditing Standard No 5116 Chapter 8: The Almighty Audit Committee 119 Deliver or Delist: Rules of the Stock Exchanges 119 From the Audit Committee Annals 121 Mr Leavitt’s Blue Ribbon panel 121 Enron impetus 121 The quest for consistent committee rules 121 Starting with a Charter 122 The Audit Committee Interface 122 Some Stricter NYSE Rules 123 Membership Requirements 124 A few independent members 124 Figure in a financial expert 125 Day-to-Day Committee Responsibilities 125 Monitoring events and policing policies 126 Interfacing with the auditors 126 Preapproving nonaudit services 127 Handling complaints 128 Receiving CEO and CFO certifications 128 Monitoring conflicts and cooling-off periods 129 Ferreting out improper influence 129 Rotating the audit partners 129 Engaging advisors 130 Providing recognition in annual reports 130 Chapter 9: Building Boards That Can’t Be Bought 131 Some Background about Boards 132 What does a director do? 132 Looking at some bad, bad boards 133 In Search of Independent Directors 134 No relationships with related companies 135 Three-year look-back period 136 Prohibited payments 136 Family ties 136 Mandatory meetings 137 Forming Committees for Nominating Directors 137 NYSE nominating procedures 138 NASDAQ nominating rules 138 Regulating Director Compensation 138 Making governance guidelines public 139 Evaluating the board’s performance 139 Some Exempt Boards For the Moment 140 Nonpublic companies 140 Nonprofit corporations141 Other exempt companies 141 Table of Contents xvii Sarbanes-Oxley For Dummies, 2nd Edition xviii Chapter 10: SOX: Under New Management 143 Chiefly Responsible: CEOs and CFOs 143 CEO: The chief in charge 144 CFO: The financial fact finder 144 Three SOX sections for the chiefs 145 A Section 302 Certification Checklist 146 Paragraph 1: Review of periodic report 147 Paragraph 2: Material accuracy 147 Paragraph 3: Fair presentation of financial information 147 Paragraph 4: Disclosure controls and procedures 148 Paragraph 5: Disclosure to auditors 148 Paragraph 6: Changes in internal controls 149 Clearing Up Common Section 302 Questions 149 What companies are required to file certifications under Section 302? 150 Which reports get certified? 150 Viewing Control as a Criminal Matter: Section 906 151 More Reporting Responsibilities for Management and Auditors: Section 404 153 What management has to do under Section 404 153 What the auditors need from management 153 Taking Internal Control Seriously 154 Considering the auditor’s perspective 154 What the SEC says 154 Management standards criteria for controls 155 Seeking Out Subcertifications 155 Some Good Advice for CEOs and CFOs 156 Establish a disclosure committee 157 Take an inventory 157 Woo the whistle-blowers 157 Chapter 11: More Management Mandates 159 Codifying the Corporate Conscience 159 Explaining the code 160 Establishing worthwhile objectives 160 Realizing one code doesn’t fit all companies 160 Disclosing amendments and waivers 161 Expecting ethics on the exchanges 161 A checklist of code contents 161 New Rules for Stock Selling and Telling 162 Faster disclosure 163 More disclosure 163 Prohibiting Personal Loans 164 Banning Blackout Trading 164 Avoiding media images of stricken retirees 165 Making some necessary exceptions 165 Making Managers Pay Personally 165 The freeze factor 166 The danger of disgorgement 166 Stopping Audit Inference 167 Identifying audit interlopers 167 Suing audit interlopers 168 Part III: Scaling Down Section 404 169 Chapter 12: Clearing Up Confusion about Control 171 The Nuts and Bolts of Section 404 171 What Section 404 says 172 What Section 404 really does 172 SEC rules under Section 404 173 PCAOB participation in the Section 404 process 173 When Do Companies Have to Comply with Section 404? 174 Section 302 “Internal Control” versus Section 404 “Internal Control” 175 Defining “disclosure controls and procedures” under Section 302 175 Interpreting “internal control over financial reporting” under Section 404 177 Controlling the Cost of Compliance 179 Cost-cutting measures by the PCAOB 179 Section 404 sticker shock 181 Decreasing costs in year two 181 Chapter 13: Surviving a Section 404 Audit 183 Dividing Responsibilities in a Section 404 Audit 183 Management’s role 184 The independent auditor’s role 184 What Is (and Is Not) Related to the Audit 185 Complying with Auditing Standard No 5 186 Integrating the audits 186 Planning the audits 187 Scaling the audits 187 Assessing the risk 188 Cutting costs by relying on the work of others 188 Using a top-down approach 189 Flunking a Section 404 Audit 189 How to fail a Section 404 audit 189 What to do if your company flunks 190 Chapter 14: Taking the Terror Out of Testing 191 The Price of the Project 191 The six most common Section 404 project costs 192 Meeting massive manpower requirements 192 The social challenges of Section 404 194 Table of Contents xix Sarbanes-Oxley For Dummies, 2nd Edition xx Hail to the Documenters 194 The right documentation skills 194 Getting the documentation down 195 Time tracking 195 Scoping out savings 196 Taking an inventory of your company processes 197 Organizing the documentation: Why form is equal to substance 200 Caveats about Controls 201 Key controls 202 Some common key controls 202 Ogling the Outside Vendors: SAS 70 Reports 203 Evaluating Control with the COSO Framework 204 How COSO breaks down companies’ controls 204 COSO guidance for your company 205 A Bit about COBIT 205 Part IV: SOX for Techies 207 Chapter 15: Getting Technical with SOX 209 Some Specific SOX Sections That Talk to Techies 210 Ramping up document retention policies 210 Disclosing critical events in real time 211 IT and the dreaded SOX Section 404 213 Getting a SOX-ified System in Place When 213 Your company is starting from scratch 214 Your company is already halfway there 214 Your company has a larger budget 214 Evaluating Your Systems after SOX 215 Organizing company data 215 Getting into the GAAP 216 Preventing Control Problems before They Happen 216 Spelling out security 216 Logging it all in 217 Falling Back on COBIT 217 Chapter 16: Surveying SOX Software 219 Some SOX Software Trends 219 Identifying the Types of Software on the Market 221 Shopping for SOX Software 223 SOX Meets Cousin IT 224 Collecting scattered company data 225 Evaluating your company’s existing IT systems 225 The COSO Standards for Software 228 Complying with COBIT 231 Chapter 17: Working with Some Actual SOX Software 233 Doing Your Research before a Software Installation 233 Tracking the flow of information in your company 234 Following the trial balance trail 236 Getting to Know SarbOxPro 236 The SarbOxPro checklist 238 The SarbOxPro data tree 239 SarbOxPro stages 239 Opting for Other Types of Software Solutions 245 Part V: To SOX-finity and Beyond 249 Chapter 18: Lawsuits under SOX 251 The Smoking Gun: Knowledge 251 The First Big SOX Trial: Richard Scrushy 252 The squishy Scrushy facts 253 The prosecutors’ post-game recap 254 The Scrushy epilogue: Civil suits, a tax refund, and a new trial 255 Another Test of the “Ignorance” Defense: Kenneth Lay 255 Timing Is Everything: Andersen, Ernst, and KPMG Litigation Outcomes 257 Arthur Andersen’s victory: Three years too late 258 An Ernst error 259 Kid gloves for KPMG? 260 The Gemstar Case: Interpreting Section 1103 261 Suing under SOX Section 304 261 Suing under Section 806: The Whistle-Blower Provision 262 Blowing the whistle before and after SOX 262 What happens when the whistle blows? 263 Tips for defending against whistle-blower suits 265 Chapter 19: The Surprising Scope of SOX 267 Outsourcing under SOX 267 Summarizing SAS 70 268 Sidestepping SAS 70 269 Extending SOX Principles to Not-for-Profits 269 SOX and Foreign Companies 271 Part VI: The Part of Tens 273 Chapter 20: Ten Ways to Avoid Getting Sued or Criminally Prosecuted Under SOX 275 Maintain an Active and Visible Audit Committee 275 Communicate about How to Communicate 276 Table of Contents xxi Combat Policy Paranoia and Section 404 Audit-Chondria 276 Keep Bonuses within Bounds 277 Separate the Whistle-Blowers from the Whiners 277 Invest in IT Tools and Tricks 277 Do Something with All That Data 278 Disclose Triggering Events on Time 278 Document What’s Delegated 278 Focus on Product and Service Delivery 279 Chapter 21: Ten Tips for an Effective Audit Committee 281 Pick the Right Number of Members 281 Set Up Subcommittees 282 Find a Financial Expert 283 Create Questionnaires 284 Adopt a Smart Charter 284 Keep Track of Complaints 285 Communicate Liberally 285 Report Annually 286 Identify Conflicts…and Nonconflicts 286 Give Notice When Needed 286 Chapter 22: Ten Smart Management Moves 289 Form a Disclosure Committee 289 Set Reporting Schedules 290 Have More Meetings and Send Less E-mail 290 Challenge Outdated and Overly Detailed Policies 291 Review Reports with Their Preparers 291 Keep Up with Current Certification Requirements 292 Avoid Animosity with the Audit Committee 292 Don’t Confuse Certification with Control 293 Consider Getting Subcertifications 293 Track All the Timelines 293 Chapter 23: Ten Things You Can’t Ask an Auditor to Do After SOX 295 Keep Your Books 296 Fix Your Financial Information Systems 296 Appraise Company Property 297 Act as an Actuary 297 Perform Internal Audit Services for Your Company 297 Fill In for Your Management Team 298 Be a Headhunter 298 Advise You on Investments 299 Dispense Legal Advice 299 Give You an Expert Opinion 299 Chapter 24: Top Ten Places to Get Smart about SOX 301 Sample SOX-online 301 Peruse the PCAOB Web Site 302 Sarbanes-Oxley For Dummies, 2nd Edition xxii Visit the SEC Web Site 302 Get Inside Sarbanes-Oxley Trenches 302 Link to the AICPA Web Site 304 Frequent the Forum 304 Click On the COSO Web Site 304 Find the FEI Web Site 304 Spring for a Subscription to Compliance Week 305 Don’t Forget Wikipedia! 305 Part VII: Appendixes 307 Appendix A: Selected Sections, Auditing Standard No 5 309 Introduction 309 Integrating the Audits 310 Role of Risk Assessment 310 Scaling the Audit 311 Addressing the Risk of Fraud 311 Using the Work of Others 311 Using a Top-Down Approach 312 Appendix B: Sample Certifications 313 Sample General Section 302 Certification 313 Sample Section 906 Certification 315 Sample Subcertification of Employee 315 Appendix C: Sample Audit Committee Charter 319 Audit Committee Charter 319 Purpose 319 Authority 320 Composition 322 Meetings 322 Responsibilities 322 Appendix D: Sample Code of Ethics 329 Business Conduct and Ethics Policy 329 Policy 329 Scope 329 Responsibility 329 Provisions 330 Appendix E: Sample SAS 70 Report 337 Index 339 Table of Contents xxiii Sarbanes-Oxley For Dummies, 2nd Edition xxiv
Jill Gilbert Welytok, JD, CPA, LLM, practices in the areas of corporate, nonprofit law, and intellectual property. She is the founder of Absolute Technology Law Group, LLC (www.abtechlaw.com). She went to law school at DePaul University in Chicago, where she was on the Law Review, and she picked up a Masters Degree in Computer Science from Marquette University in Wisconsin, where she now lives. Ms. Welytok also has an LLM in Taxation from DePaul. She was formerly a tax consultant with the predecessor firm to Ernst & Young. She frequently speaks on nonprofit, corporate governance, and taxation issues and will probably come speak to your company or organization if you invite her. You may e-mail her with questions you have about Sarbanes-Oxley or anything else in this book at email@example.com. You can find updates to this book and ongoing information about SOX developments at the author’s Web site, located at www.abtechlaw.com.
Includes SOX forms and privatization guidelines The fun and easy way to comply with the law and maintain your credibility Need to be Sarbanes-Oxley savvy? This plain-English guide walks you through the new and revised laws — as well as compliance strategies for changed and unchanged guidelines — and gives you an effective framework for implementation. You'll create an efficient audit committee, purchase and use SOX software solutions, and make practical, cost-effective decisions in your initial compliance year and beyond. Discover how to: Establish SOX standards for IT professionals Minimize compliance costs in every area of your company Survive a Section 404 audit Avoid litigation under SOX Anticipate future rules and trends
NeuheitenFrauen verstehen für Dummies 10,99 €
Design of Piezo Inkjet Print Heads 142,99 €
Design of Piezo Inkjet Print Heads 142,99 €
Aptamers for Analytical Applications 124,99 €
The New Authoritarianism 9,99 €