Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL is essential reading for professionals facing the obstacle of improving internal controls in their businesses. This timely resource provides at-your-fingertips critical compliance and internal audit best practices for today's world of SOx internal controls. Detailed and practical, this introductory handbook will help you to revitalize your business and drive greater performance.
Robert R. Moeller, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He was the national director of computer auditing at Grant Thorton and the audit director of Sears Roebuck. A frequently published author and professional speaker, he provides insights into many of the new rules impacting internal auditors today, as well as the challenges audit committees face when dealing with Sarbanes-Oxley, internal controls, and their internal auditors.
Preface. Chapter 1: Introduction: Sarbanes-Oxley and Establishing Effective Internal Controls. Changes Since SOx Was First Introduced. Converging Trends: ITIL, CobiT, and Others. Chapter 2: Sarbanes-Oxley Act Today: Changing Perspectives. Sarbanes-Oxley Act: Key Elements. Impact of the Sarbanes-Oxley Act. Chapter 3: AS5 Standards for Auditing Internal Controls. AS5 Objectives. Reviewing Section 404 Internal Controls Under AS5: Introduction Planning the SOx AS5 Audit. AS5 s Top-Down Approach. Testing Internal Controls. Evaluating Identified Audit Deficiencies. Wrapping Up the AS5 Audit. Reporting on AS5 Audit Internal Controls. Improving Internal Controls Using AS5 Guidance. Going Forward: Potential Risks and Rewards. Chapter 4: Establishing Internal Controls Through COSO. Importance of Effective Internal Controls. Internal Control Standards: Background. Events Leading to the Treadway Commission. COSO Internal Control Framework. Other Dimensions of the COSO Internal Control Framework. Chapter 5: Using CobiT Framework to Improve SOx Controls and Governance. CobiT Framework. Using CobiT to Assess Internal Controls. CobiT and Sarbanes-Oxley. Chapter 6: Performing Section 404 Reviews Under AS5: An Ongoing Process. SOx Section 404 Assessments of Internal Controls Today. SOx Section 404 Requirements. Section 404 Filing Rules: Changing Deadlines for Eligibility. Gaps and Compliance Committees Under Today s SOx Rules. Documenting Internal Controls Going Forward. Control Objectives and Risks Under Section 404. Chapter 7: Other SOx Requirements: Sections 302, 409, and Others. Other Important SOx Compliance Rules. Section 302: Management s Financial Report Responsibilities. Section 401: Off Balance Sheet Disclosures. Section 409: Disclosures on Financial Conditions and Operations. Section 802: Penalties for Altering Documents. Section 806: Whistleblower Provisions. Keeping SOx Rules in Focus. Chapter 8: Using ITIL to Align IT with Business Processes. Importance of the Information Technology Infrastructure. ITIL Framework. ITIL Service Delivery Best Practices. ITIL Service Support Best Practices. Security Management. Linking ITIL with CobiT and SOx Internal Controls. Chapter 9: Importance of Enterprise Risk Management. Importance of Risk Management. COSO ERM Framework. Other Dimensions of the COSO ERM Framework. Putting It All Together. Auditing COSO ERM Processes. COSO ERM in Perspective. Chapter 10: International Standards: ISO, Quality Auditing, and SOx. Importance of ISO Standards in Today s Global World. ISO Standards Overview. Quality Audit Process. IFAC International Accounting Standards. Chapter 11: Internal Audit in a Sarbanes-Oxley Environment. Profession of Internal Auditing. Internal Audit Professional Standards. CBOK: Internal Audit s Common Body of Knowledge. Chapter 12: Importance of Effective Corporate Governance. Reporting Whistleblower Incidents: Establishing a Hotline Facility. Building an Enterprise-Wide Ethical Culture. Chief Compliance Officer Roles and Responsibilities. Board of Directors and the Audit Committee. Assessing SOx Internal Controls. Index.