The Sarbanes-Oxley Section 404 Implementation Toolkit

Preface.

Acknowledgments.

Part I: Tools for Management.

ADM-1 General Work Program.

ADM-2 Project Planning Summary.

ADM-2a Checklist for Summarizing Project Team Competence and Objectivity.

ADM-2b.1 Worksheet for Determining and Documenting Significant Accounts and Disclosures.

ADM-2b.2 Mapping of Business Processes to Significant Accounts and Disclosures.

ADM-2c Example Inquiries to Identify Changes to Internal Control.

ADM-3 Summary of Control Deficiencies.

ADM-4 Senior Management Review Checklist.

ADM-5 Checklist for Preparation of Management's Report on Internal Control Effectiveness.

Part II: Documentation of Internal Control Design.

DOC-1 Work Program for the Review of Documentation of Entity-Level Controls.

DOC-1a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Entity-Level Controls.

DOC-1b Assessment of Internal Control Effectiveness: Checklist for the Review of the Documentation of Entity-Level Controls.

DOC-2 Work Program for the Review of Documentation of Activity-Level Controls.

DOC-2a Assessment of Internal Control Effectiveness: Overall Approach to Review of the Documentation of Activity-Level Controls.

DOC-2b Checklist for the Review of the Documentation of a Significant Transaction or Business Unit/Location.

DOC-3 Documentation Techniques and Selected Examples for Routine Transactions.

DOC-4 Checklist for Evaluating SOX 404 Software.

Part III: Internal Control Testing Programs.

Entity-Level Controls Testing Tools.

TST-ENT-1 Summary of Observations and Conclusions about Entity-Level Control Effectiveness.

TST-ENT-2 Work Program for Testing Entity-Level Control Effectiveness.

TST-ENT-3 Index to Tests of Entity-Level Controls: Inquiries and Surveys.

TST-ENT-3a Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Management.

TST-ENT-3b Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Board Members.

TST-ENT-3c Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Audit Committee Members.

TST-ENT-3d Entity-Level Tests of Operating Effectiveness: Inquiry Note Sheets-Employees.

TST-ENT-3e Example Employee Survey.

TST-ENT-4 Index to Tests of Entity-Level Controls: Inspection of Documentation.

TST-ENT-4a Worksheet to Document Inspection of Documentation of Performance of Entity-Level Controls.

TST-ENT-5 Index to Tests of Entity-Level Controls: Observation of Operations.

TST-ENT-5a Worksheet to Document Observation of Operation of Entity-Level Controls.

TST-ENT-6 Index to Tests of Entity-Level Controls: Reperformance of Controls.

TST-ENT-6a Worksheet to Document Reperformance of Entity-Level Controls.

TST-ENT-7 Work Program for Reviewing a Report on IT General Control Effectiveness.

TST-ENT-7a Planning and Review of Scope of Tests of IT General Control Effectiveness.

Guidelines for Testing Level of Control Effectiveness.

TST-ACT-1 Guidelines and Example Inquiries for Performing Walkthroughs.

TST-ACT-2 Example Testing Program for Activity-Level Tests of Controls.

TST-ACT-2a Example Testing Program for Control Operating Effectiveness: Revenue.

TST-ACT-2b Example Testing Program for Control Operating Effectiveness: Purchases and Expenditures.

TST-ACT-2c Example Testing Program for Control Operating Effectiveness: Cash Receipts and Disbursements.

TST-ACT-2d Example Testing Program for Control Operating Effectiveness: Payroll.

TST-ACT-3 Work Program for the Review of a Type 2 SAS No. 70 Report.

TST-ACT-3a Type 2 SAS No. 70 Report Review Checklist.

TST-ACT-4 Process Owners' Monitoring of Control Effectiveness.

Part IV: Example Letters and Other Communications.

COM-1 Example Engagement Letter for Outside Consultants to Management.

COM-2 Example Management Representation Letter.

COM-3 Example Management Reports on Effectiveness of Internal Control over Financial Reporting.

COM-4 Example Subcertification.

Part V: Tools for External Auditors Performing an Audit of Internal Control.

ADM-AUD-1 General Audit Program.

About the CD-ROM.

Index.