Exam 2 Study Guide-pages-7

Sarbanes-Oxley Act (SOX) Section 404

Requires publicly traded companies to issue a report on Internal Control over Financial Reporting (ICFR) at the end of the fiscal year.

Internal Control over Financial Reporting (ICFR)

A system ensuring the reliability of financial reporting and compliance with GAAP.

Assessment Timing

The evaluation of ICFR is conducted 'as of' the end of the fiscal year, not covering the entire year.

Material Weakness

The most serious level of deficiency in ICFR, indicating a reasonable possibility that a material misstatement will not be prevented or detected.

Control Deficiency

Occurs when a control fails to prevent or detect misstatements in financial statements.

Design Deficiency

A type of control deficiency where the control is missing or poorly designed.

Operating Deficiency

A type of control deficiency where the control exists but is not performed correctly due to a lack of authority or training.

Key Requirements of ICFR

1. Maintain accurate financial records. 2. Ensure transactions are properly recorded. 3. Prevent or detect unauthorized use of company assets.

Management’s Responsibilities for ICFR Audit

1. Accept responsibility for the effectiveness of the entity’s ICFR. 2. Evaluate ICFR using appropriate control criteria. 3. Provide evidence to support the evaluation. 4. Submit a written assessment of ICFR effectiveness.

Connection to COSO

ICFR aligns with COSO but focuses more on financial reporting accuracy and fraud prevention.

Impact of Deficiencies

If deficiencies are found before year-end, companies may correct them and still receive a clean audit opinion.