All this makes me glad I am in the uk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Susan Joslyn Sent: 06 August 2004 14:39 To: [EMAIL PROTECTED] Subject: RE: [U2] [OT] Sarbanes-Oxley
Three more things about Sarbanes-Oxley ... most important, acronyms. I immediately latched onto SOX but the accounting world and the official sites started calling it SOA. So I used that for the article but I still like SOX mainly because its unique and because you can say it. :) Tony, SOX doesn't have a whole lot of specifics in it. Most of the specifics are coming from COSO which was "endorsed" as an accounting frame work by SOX. Section 404 is the one that is driving a lot of the specific requirements and as you can see here it is open to much interpretation (see below). Bill, I think you misunderstood me. I didn't say auditors should drive it. I said the problem is that we are allowing that to happen. Everyone I know in IT is responding to requests from auditors rather than saying "Okay, lets study up a bit and see what we can bring to the table to meet the requirement. Cut 'em off at the pass, I say. And Bill, I *love* this remark -- for this is exactly what has now occurred! > My point is there are more powerful arguments for structural ineffectiveness rather than some surreptitious human behavior. Besides, one controls human behavior by instituting institutional structural controls. :-) TITLE IV Section 404 Management Assessment Of Internal Controls (a) RULES REQUIRED- The Commission shall prescribe rules requiring each annual report required by section 13 of the Securities Exchange Act of 1934 (15 U.S.C. 78m) to contain an internal control report, which shall-- (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. (b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
