Sarbanes-Oxley For Dummies, 2nd EditionISBN: 978-0-470-22313-0
Paperback
384 pages
February 2008
This is a Print-on-Demand title. It will be printed specifically to fill your order. Please allow an additional 10-15 days delivery time. The book is not returnable.
|
Introduction 1
Part I: The Scene Before and After SOX 7
Chapter 1: The SOX Saga 9
Chapter 2: SOX in Sixty Seconds 27
Chapter 3: SOX and Securities Regulations 43
Chapter 4: SOX and Factual Financial Statements 67
Chapter 5: What’s New for Non-Accelerated Filers 83
Part II: SOX in the City: Meeting New Standards 89
Chapter 6: A New Audit Ambience 91
Chapter 7: A Board to Audit the Auditors 105
Chapter 8: The Almighty Audit Committee 119
Chapter 9: Building Boards That Can’t Be Bought 131
Chapter 10: SOX: Under New Management 143
Chapter 11: More Management Mandates 159
Part III: Scaling Down Section 404 169
Chapter 12: Clearing Up Confusion about Control 171
Chapter 13: Surviving a Section 404 Audit 183
Chapter 14: Taking the Terror Out of Testing 191
Part IV: SOX for Techies 207
Chapter 15: Getting Technical with SOX 209
Chapter 16: Surveying SOX Software 219
Chapter 17: Working with Some Actual SOX Software 233
Part V: To SOX-finity and Beyond 249
Chapter 18: Lawsuits under SOX 251
Chapter 19: The Surprising Scope of SOX 267
Part VI: The Part of Tens 273
Chapter 20: Ten Ways to Avoid Getting Sued or Criminally Prosecuted Under SOX 275
Chapter 21: Ten Tips for an Effective Audit Committee 281
Chapter 22: Ten Smart Management Moves 289
Chapter 23: Ten Things You Can’t Ask an Auditor to Do After SOX 295
Chapter 24: Top Ten Places to Get Smart about SOX 301
Part VII: Appendixes 307
Appendix A: Selected Sections, Auditing Standard No 5 309
Appendix B: Sample Certifications 313
Appendix C: Sample Audit Committee Charter 319
Appendix D: Sample Code of Ethics 329
Appendix E: Sample SAS 70 Report 337
Index 339
Table of Contents
Introduction 1
About This Book 1
Conventions Used in This Book 2
What You’re Not to Read 2
Foolish Assumptions 3
How This Book Is Organized 3
Part I: The Scene Before and After SOX 4
Part II: SOX in the City: Meeting New Standards 4
Part III: Scaling Down Section 404 4
Part IV: SOX for Techies 4
Part V: To SOX-finity and Beyond 4
Part VI: The Part of Tens 5
Part VII: Appendixes 5
Icons Used in This Book 5
Where to Go from Here 6
Feedback, Please 6
Part I: The Scene Before and After SOX 7
Chapter 1: The SOX Saga 9
Plowing Through the Politics of SOX 10
Taking advantage of a loophole 10
Not everyone’s a SOX fan 11
New ammunition for aggrieved investors 13
Corporate America after SOX 13
Combating Corruption under SOX: Everyone Has a Role 14
Assisting with internal control: The independent audit board 14
Testing the accounting data: Auditors 15
Using the new noisy liability: Lawyers 16
Certifying financial reports: CEOs and CFOs 17
Staying clean voluntarily: Small businesses and nonprofits 17
Adhering to procedures: The rank-and-file employees 18
Overseeing corporate policy: New high–paid governance gurus 18
A Summary of SOX: Taking It One Title at a Time 18
Title I: Aiming at the audit profession 18
Title II: Ensuring auditor independence 20
Title III: Requiring corporate accountability20
Title IV: Establishing financial disclosures, loans, and ethics codes 21
Title V: Protecting analyst integrity 22
Title VI: Doling out more money and authority 22
Title VII: Supporting studies and reports 22
Title VIII: Addressing criminal fraud and whistleblower provisions 23
Title IX: Setting penalties for white-collar crime 23
Title X: Signing corporate tax returns 24
Title XI: Enforcing payment freezes, blacklists, and prison terms 24
Some Things SOX Doesn’t Say: SOX Myths 24
Myth #1: SOX put Jeff Skilling (and other Enron execs) in jail 24
Myth#2: Auditors can’t provide tax services 25
Myth #3: Internal control means data security 25
Myth #4: The company isn’t responsible for functions it outsources 26
Myth #5: My company met the deadline for Section 404 first-year compliance We’re home free! 26
Chapter 2: SOX in Sixty Seconds 27
Reestablishing Control after the Scandals 28
Enron events everyone initially overlooked 28
More tales from the corporate tabloids 32
Four Squeaky Clean SOX Objectives 33
How SOX Protects the Investing Public 35
Creating a Public Company Accounting Oversight Board 35
Clamping down on auditors 36
Rotating auditors 37
Creating committees inside companies 37
Holding management accountable 38
Taking back bogus bonuses 38
Banning blackouts 38
Ratcheting up reporting 39
Purging company conflicts of interest 39
Exercising internal control 40
Looking at lawyers 40
Waiting seven years to shred 41
Putting bad management behind bars 41
Freezing bonuses 41
Blackballing officers and directors 41
Providing whistle-blower protection 42
Rapid Rulemaking Regrets 42
Chapter 3: SOX and Securities Regulations 43
Pre-SOX Securities Laws 44
The Securities Act of 1933: Arming investors with information 45
The Securities Exchange Act of 1934: Establishing the SEC 46
Other securities laws 49
Sarbanes-Oxley For Dummies, 2nd Edition xiv
The Scope of SOX: Securities and Issuers 49
What is a “security”? 50
Who is an “issuer”? 51
The SOX surprise 52
The Post-SOX Paper Trail 54
Form 10-K 55
Form 10-Q 55
Form 8-K 56
Behind the 8-K Ball after SOX 56
Adding new events to the list 56
Shuffling events from the 10-K and 10-Q 57
Creating four-day reporting events 58
Providing protection in the safe SOX harbor 58
Annual SEC Scrutiny after SOX 59
Mandatory review rule 59
Remedies for inaccurate registration materials 60
Why Privately Held Companies Care about SOX 60
Bolstering the bottom line 60
Defending company practices in court 62
Going public after SOX 62
Chapter 4: SOX and Factual Financial Statements 67
Auditing the Auditors: 2007 Guidance from the SEC 68
SOX’s Recipe for Seeking Out Cooked Books 69
Reviewing what the income statement reveals 70
Examining balance sheet (and off–balance sheet) transactions 72
Looking for funky footnotes 73
Complying with GAAP and GAAS 73
Finding Financial Information 75
The free stuff 75
The fee-based stuff 76
Accessing Annual Reports 77
The glossy pictures and the real figures 77
Management’s Discussion and Analysis79
Surfing SEC Filings 79
10-K reports 79
Other useful forms on EDGAR 80
Chapter 5: What’s New for Non-Accelerated Filers 83
A SOX Update for Small Companies 83
No relief for non-accelerated filers 84
Looking at what the rules require 84
Getting the Auditor’s Opinion 85
A kinder, gentler audit 85
Touting a top-down approach 86
Tips for adopting a new “audit-tude”86
Table of Contents xv
Sarbanes-Oxley For Dummies, 2nd Edition xvi
Part II: SOX in the City: Meeting New Standards 89
Chapter 6: A New Audit Ambience 91
How SOX Rocks the Accounting Profession 91
An Example of Audit Failure: Arthur Andersen 92
Chronology of a collapse 92
A vindicating verdict years later 93
Bridging the GAAP 94
SOX as a Substitute for Self-Regulation 94
Shifting the role of the AICPA 95
Whose turn is it to watch the CPA? 97
Is There an Independent Auditor in the House? 97
The importance of audit independence 98
Every auditor’s dilemma 99
What SOX Says to CPAs 99
Give the whole team a cooling-off period 100
Prohibit services that cause conflicts 100
Get prior permission for potential conflicts 101
Everybody change partners! 102
Wait seven years to shred 102
Recognize when auditors are “impaired” 102
Section 404: The Sin Eater Provision 102
CEOs and CFOs signing off 103
CPAs certifying the certifications 103
Chapter 7: A Board to Audit the Auditors 105
Taking a New Approach to Audit Oversight 106
The old ad hoc system of accounting oversight 106
Alphabet soup of accounting regulation 107
Primary Purposes of the PCAOB 108
Goals of the PCAOB 108
The seven statutory duties of the PCAOB 109
Some Practical PCAOB Matters 109
Who’s on the board? 110
Who pays for the PCAOB? 110
PCAOB Rules: Old Meets New 110
Sticking to the ol’ standby rules 111
Adjusting to some new rules 111
Evolving PCAOB Policies and Issues 113
Sanctioning sloppy auditors 113
Keeping an eye on small CPA firms 113
Extending authority internationally114
Communicating with the SEC 114
When the PCAOB Doesn’t Perform 114
Struggling for Standards 115
Adapting to Auditing Standard No 2 115
Implementing Auditing Standard No 5116
Chapter 8: The Almighty Audit Committee 119
Deliver or Delist: Rules of the Stock Exchanges 119
From the Audit Committee Annals 121
Mr Leavitt’s Blue Ribbon panel 121
Enron impetus 121
The quest for consistent committee rules 121
Starting with a Charter 122
The Audit Committee Interface 122
Some Stricter NYSE Rules 123
Membership Requirements 124
A few independent members 124
Figure in a financial expert 125
Day-to-Day Committee Responsibilities 125
Monitoring events and policing policies 126
Interfacing with the auditors 126
Preapproving nonaudit services 127
Handling complaints 128
Receiving CEO and CFO certifications 128
Monitoring conflicts and cooling-off periods 129
Ferreting out improper influence 129
Rotating the audit partners 129
Engaging advisors 130
Providing recognition in annual reports 130
Chapter 9: Building Boards That Can’t Be Bought 131
Some Background about Boards 132
What does a director do? 132
Looking at some bad, bad boards 133
In Search of Independent Directors 134
No relationships with related companies 135
Three-year look-back period 136
Prohibited payments 136
Family ties 136
Mandatory meetings 137
Forming Committees for Nominating Directors 137
NYSE nominating procedures 138
NASDAQ nominating rules 138
Regulating Director Compensation 138
Making governance guidelines public 139
Evaluating the board’s performance 139
Some Exempt Boards For the Moment 140
Nonpublic companies 140
Nonprofit corporations141
Other exempt companies 141
Table of Contents xvii
Sarbanes-Oxley For Dummies, 2nd Edition xviii
Chapter 10: SOX: Under New Management 143
Chiefly Responsible: CEOs and CFOs 143
CEO: The chief in charge 144
CFO: The financial fact finder 144
Three SOX sections for the chiefs 145
A Section 302 Certification Checklist 146
Paragraph 1: Review of periodic report 147
Paragraph 2: Material accuracy 147
Paragraph 3: Fair presentation of financial information 147
Paragraph 4: Disclosure controls and procedures 148
Paragraph 5: Disclosure to auditors 148
Paragraph 6: Changes in internal controls 149
Clearing Up Common Section 302 Questions 149
What companies are required to file certifications under Section 302? 150
Which reports get certified? 150
Viewing Control as a Criminal Matter: Section 906 151
More Reporting Responsibilities for Management and Auditors: Section 404 153
What management has to do under Section 404 153
What the auditors need from management 153
Taking Internal Control Seriously 154
Considering the auditor’s perspective 154
What the SEC says 154
Management standards criteria for controls 155
Seeking Out Subcertifications 155
Some Good Advice for CEOs and CFOs 156
Establish a disclosure committee 157
Take an inventory 157
Woo the whistle-blowers 157
Chapter 11: More Management Mandates 159
Codifying the Corporate Conscience 159
Explaining the code 160
Establishing worthwhile objectives 160
Realizing one code doesn’t fit all companies 160
Disclosing amendments and waivers 161
Expecting ethics on the exchanges 161
A checklist of code contents 161
New Rules for Stock Selling and Telling 162
Faster disclosure 163
More disclosure 163
Prohibiting Personal Loans 164
Banning Blackout Trading 164
Avoiding media images of stricken retirees 165
Making some necessary exceptions 165
Making Managers Pay Personally 165
The freeze factor 166
The danger of disgorgement 166
Stopping Audit Inference 167
Identifying audit interlopers 167
Suing audit interlopers 168
Part III: Scaling Down Section 404 169
Chapter 12: Clearing Up Confusion about Control 171
The Nuts and Bolts of Section 404 171
What Section 404 says 172
What Section 404 really does 172
SEC rules under Section 404 173
PCAOB participation in the Section 404 process 173
When Do Companies Have to Comply with Section 404? 174
Section 302 “Internal Control” versus Section 404 “Internal Control” 175
Defining “disclosure controls and procedures” under Section 302 175
Interpreting “internal control over financial reporting” under Section 404 177
Controlling the Cost of Compliance 179
Cost-cutting measures by the PCAOB 179
Section 404 sticker shock 181
Decreasing costs in year two 181
Chapter 13: Surviving a Section 404 Audit 183
Dividing Responsibilities in a Section 404 Audit 183
Management’s role 184
The independent auditor’s role 184
What Is (and Is Not) Related to the Audit 185
Complying with Auditing Standard No 5 186
Integrating the audits 186
Planning the audits 187
Scaling the audits 187
Assessing the risk 188
Cutting costs by relying on the work of others 188
Using a top-down approach 189
Flunking a Section 404 Audit 189
How to fail a Section 404 audit 189
What to do if your company flunks 190
Chapter 14: Taking the Terror Out of Testing 191
The Price of the Project 191
The six most common Section 404 project costs 192
Meeting massive manpower requirements 192
The social challenges of Section 404 194
Table of Contents xix
Sarbanes-Oxley For Dummies, 2nd Edition xx
Hail to the Documenters 194
The right documentation skills 194
Getting the documentation down 195
Time tracking 195
Scoping out savings 196
Taking an inventory of your company processes 197
Organizing the documentation: Why form is equal to substance 200
Caveats about Controls 201
Key controls 202
Some common key controls 202
Ogling the Outside Vendors: SAS 70 Reports 203
Evaluating Control with the COSO Framework 204
How COSO breaks down companies’ controls 204
COSO guidance for your company 205
A Bit about COBIT 205
Part IV: SOX for Techies 207
Chapter 15: Getting Technical with SOX 209
Some Specific SOX Sections That Talk to Techies 210
Ramping up document retention policies 210
Disclosing critical events in real time 211
IT and the dreaded SOX Section 404 213
Getting a SOX-ified System in Place When 213
Your company is starting from scratch 214
Your company is already halfway there 214
Your company has a larger budget 214
Evaluating Your Systems after SOX 215
Organizing company data 215
Getting into the GAAP 216
Preventing Control Problems before They Happen 216
Spelling out security 216
Logging it all in 217
Falling Back on COBIT 217
Chapter 16: Surveying SOX Software 219
Some SOX Software Trends 219
Identifying the Types of Software on the Market 221
Shopping for SOX Software 223
SOX Meets Cousin IT 224
Collecting scattered company data 225
Evaluating your company’s existing IT systems 225
The COSO Standards for Software 228
Complying with COBIT 231
Chapter 17: Working with Some Actual SOX Software 233
Doing Your Research before a Software Installation 233
Tracking the flow of information in your company 234
Following the trial balance trail 236
Getting to Know SarbOxPro 236
The SarbOxPro checklist 238
The SarbOxPro data tree 239
SarbOxPro stages 239
Opting for Other Types of Software Solutions 245
Part V: To SOX-finity and Beyond 249
Chapter 18: Lawsuits under SOX 251
The Smoking Gun: Knowledge 251
The First Big SOX Trial: Richard Scrushy 252
The squishy Scrushy facts 253
The prosecutors’ post-game recap 254
The Scrushy epilogue: Civil suits, a tax refund, and a new trial 255
Another Test of the “Ignorance” Defense: Kenneth Lay 255
Timing Is Everything: Andersen, Ernst, and KPMG Litigation Outcomes 257
Arthur Andersen’s victory: Three years too late 258
An Ernst error 259
Kid gloves for KPMG? 260
The Gemstar Case: Interpreting Section 1103 261
Suing under SOX Section 304 261
Suing under Section 806: The Whistle-Blower Provision 262
Blowing the whistle before and after SOX 262
What happens when the whistle blows? 263
Tips for defending against whistle-blower suits 265
Chapter 19: The Surprising Scope of SOX 267
Outsourcing under SOX 267
Summarizing SAS 70 268
Sidestepping SAS 70 269
Extending SOX Principles to Not-for-Profits 269
SOX and Foreign Companies 271
Part VI: The Part of Tens 273
Chapter 20: Ten Ways to Avoid Getting Sued or Criminally Prosecuted Under SOX 275
Maintain an Active and Visible Audit Committee 275
Communicate about How to Communicate 276
Table of Contents xxi
Combat Policy Paranoia and Section 404 Audit-Chondria 276
Keep Bonuses within Bounds 277
Separate the Whistle-Blowers from the Whiners 277
Invest in IT Tools and Tricks 277
Do Something with All That Data 278
Disclose Triggering Events on Time 278
Document What’s Delegated 278
Focus on Product and Service Delivery 279
Chapter 21: Ten Tips for an Effective Audit Committee 281
Pick the Right Number of Members 281
Set Up Subcommittees 282
Find a Financial Expert 283
Create Questionnaires 284
Adopt a Smart Charter 284
Keep Track of Complaints 285
Communicate Liberally 285
Report Annually 286
Identify Conflicts…and Nonconflicts 286
Give Notice When Needed 286
Chapter 22: Ten Smart Management Moves 289
Form a Disclosure Committee 289
Set Reporting Schedules 290
Have More Meetings and Send Less E-mail 290
Challenge Outdated and Overly Detailed Policies 291
Review Reports with Their Preparers 291
Keep Up with Current Certification Requirements 292
Avoid Animosity with the Audit Committee 292
Don’t Confuse Certification with Control 293
Consider Getting Subcertifications 293
Track All the Timelines 293
Chapter 23: Ten Things You Can’t Ask an Auditor to Do After SOX 295
Keep Your Books 296
Fix Your Financial Information Systems 296
Appraise Company Property 297
Act as an Actuary 297
Perform Internal Audit Services for Your Company 297
Fill In for Your Management Team 298
Be a Headhunter 298
Advise You on Investments 299
Dispense Legal Advice 299
Give You an Expert Opinion 299
Chapter 24: Top Ten Places to Get Smart about SOX 301
Sample SOX-online 301
Peruse the PCAOB Web Site 302
Sarbanes-Oxley For Dummies, 2nd Edition xxii
Visit the SEC Web Site 302
Get Inside Sarbanes-Oxley Trenches 302
Link to the AICPA Web Site 304
Frequent the Forum 304
Click On the COSO Web Site 304
Find the FEI Web Site 304
Spring for a Subscription to Compliance Week 305
Don’t Forget Wikipedia! 305
Part VII: Appendixes 307
Appendix A: Selected Sections, Auditing Standard No 5 309
Introduction 309
Integrating the Audits 310
Role of Risk Assessment 310
Scaling the Audit 311
Addressing the Risk of Fraud 311
Using the Work of Others 311
Using a Top-Down Approach 312
Appendix B: Sample Certifications 313
Sample General Section 302 Certification 313
Sample Section 906 Certification 315
Sample Subcertification of Employee 315
Appendix C: Sample Audit Committee Charter 319
Audit Committee Charter 319
Purpose 319
Authority 320
Composition 322
Meetings 322
Responsibilities 322
Appendix D: Sample Code of Ethics 329
Business Conduct and Ethics Policy 329
Policy 329
Scope 329
Responsibility 329
Provisions 330
Appendix E: Sample SAS 70 Report 337
Index 339
Table of Contents xxiii
Sarbanes-Oxley For Dummies, 2nd Edition xxiv