Analyzing Section 404

• Date: June 01, 2010
• Source: Admin

Of all the prevailing sections of the SOX act, the most debatable and significant is Section 404. As per this section, management and external auditors are required to submit report on the adequacy of the company's internal control over financial reporting (ICFR).

Section 404 requires management to generate an “internal control report” as part of each annual Exchange Act report, which must affirm “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting” and also “contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.”

The new and revised rules of SOX, which came into being in 2007, removed the need of external auditors for assessing the system of ICFR. Instead, the responsibility of assessing ICFR was given to the managers. Additionally, the managers are responsible for revising the definitions of significant deficiency and material weakness.

As per the SEC rules and PCAOB standard requirement, management was supposed to perform formal assessment of its controls over financial reporting, which includes tests that confirm the design and operating effectiveness of the controls. The external auditors also are required to provide two opinions as part of a single integrated audit of the company – an independent opinion about the efficiency and effectiveness of the OCFR system and also to provide a traditional opinion about the financial statement of the audited company.
 

They “require a company’s annual report to include an internal control report of management that contains:

• A statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company.

• A statement identifying the framework used by management to conduct the required evaluation of the effectiveness of the company’s internal control over financial reporting.

• Management’s assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the company’s most recent fiscal year, including a statement as to whether or not the company’s internal control over financial reporting is effective. The assessment must include disclosure of any “material weaknesses” in the company’s internal control over financial reporting identified by management. Management is not permitted to conclude that the company’s internal control over financial reporting is effective if there are one or more material weaknesses in the company’s internal control over financial reporting.

• A statement that the registered public accounting firm that audited the financial statements included in the annual report has issued an attestation report on management’s assessment of the registrant’s internal control over financial reporting.”

The “final rules also require a company to file, as part of the company’s annual report, the attestation report of the registered public accounting firm that audited the company’s financial statements.”

Source: www.sec.gov/rules/final/33-8238.htm