Sarbanes Oxley 101 -- Info Guide to the Sarbanes-Oxley Act of 2002

Sarbanes Oxley Sect. 404 Compliance

» Section 404: Management Assessment of Internal Controls

Section 404 is perhaps the most contested of the Sarbanes Oxley Act sections as companies scramble to meet compliance. All annual financial reports must include an Internal Control Report stating that management is responsible for an "adequate" internal control structure, and an assessment by management of the effectiveness of the control structure. Any shortcomings in these controls must also be reported. In addition, registered external auditors must attest to the accuracy of the company management’s assertion that internal accounting controls are in place, operational and effective.

A direct excerpt from the Sarbanes-Oxley Act of 2002 report for section 404:

(a) Rules Required. The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 to contain an internal control report, which shall--
   (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
   (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

(b) Internal Control Evaluation and Reporting. With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Bestselling SOX 404 Compliance Toolkit Software from Amazon.com.