Opportunity Detected
Keywords
risk assessment, SOX 404 compliance, entity-level controls
Abstract
The crux of the SEC’s interpretive guidance for management is a top-down, risk-based approach that puts risk first and foremost. Four key areas of opportunity can be used to reduce an organization’s overall SOX 404 compliance effort— risk assessment, entity-level controls, control selection and testing approach .
AS5 complements the SEC interpretive guidance to management and includes the following key points:
Risk assessment underlies the entire audit process.
Evaluation of entity-level controls can result in increasing or decreasing the testing that otherwise would be performed on controls at the process, transaction or application levels.
Auditors are specifically permitted to consider the nature, timing and extent of procedures performed in the prior year and the results of those procedures in determining the risk associated with a particular control.
The standard makes it easier to use the work of others and allows auditors to use direct assistance from other parties in performing walk-throughs.
The external auditor will no longer be required to opine on management’s assessment.
Original Publication Citation
"Opportunity Detected." William G. Heninger, Samuel L. Fogleman, Bryce H. Peterson*, Marshall B. Romney, The Journal of Accountancy 204:6 (December 2007, pp. 62-65).
BYU ScholarsArchive Citation
Fogleman, Samuel L.; Peterson, Bryce H.; Heninger, William G.; and Romney, Marshall B., "Opportunity Detected" (2007). Faculty Publications. 8459.
https://scholarsarchive.byu.edu/facpub/8459
Document Type
Peer-Reviewed Article
Publication Date
2007
Publisher
The Journal of Accountancy
Language
English
College
Marriott School of Business
Department
Accountancy
Copyright Use Information
https://lib.byu.edu/about/copyright/