TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Good question! I'll try to answer. Note that where I say "controls" I'm
talking about internal controls that the company exercises.
Controls are basically checks that companies put in place to ensure that
fraud is not likely to take place such that financial statements could be
"materially" affected.* The idea is to prevent the Enron, Tyco, Qwest types
of misstatements that went on. For example, if the sales department claims
$4 million in new contracts during a financial quarter, then part of the
process of preparing the financial statements might be that the internal
audit department compares actual signed sales documents to the claims. The
comparison is the "control" that ensures the financial statements are
accurate. Different areas of financial statements can present different
risks, and different controls are needed to mitigate those risks.
Companies can have "Operational" controls such as standard operating
procedures, checklists, and so on, but Sarbanes is concerned with
"Financial" controls. Financial controls can reside in IT systems (e.g., one
person can create Journal Entries in the General Ledger system, but a
different person must post the entries); they can be approvals to incur
expenses; they can be audits of revenue, etc. Words that signal control are
things like "review," "audit," "verify," "count," etc.
Controls can PREVENT fraud, or they can DETECT fraud at a later date. If
approved invoices are filed, the filing creates a DETECTIVE control because
I can go back into the physical documents later and detect something.
Controls can also be manual or automatic (system). The type of control
determines the extent of testing that must take place to determine if the
control is effective. Controls performed by humans must be tested more
thoroughly than controls that are enforced in a computer system.
Part of the initial SOX effort for most companies is determining whether
controls are effective. Controls that are not effective need to be
remediated. If the outside auditors come in and determine a control is not
effective, they may give an adverse opinion, which must be included in the
financial statements and will not be looked upon kindly by analysts and
investors. Companies that resist change may experience problems in this
There are several types of Financial assertions: Completeness (did I report
all sales), Accuracy (did I accurately report all sales), Valuation (did I
count and value my inventory correctly), Existence / Occurrence (I'm not
clear on how this is different from completeness), Rights & Obligations (did
I report all property ownership or all debt), Presentation & Disclosure (did
I accurately represent all information and risks). A control can address
any/all of these. Management is responsible for ensuring the effectiveness
of the controls.
Hope this helps. This is a complex topic that I am only starting to
understand, so I apologize if my information is incomplete.
* Financial statements can contain a significant deficiency, defined as a
single deficiency that adversely affects the company's financial data, and
results in a more than remote likelihood that a misstatement of the
annual/interim financial statement will not be prevented or detected. Such
deficiencies can be: a restatement; material misstatement, not detected;
ineffective audit committee; ineffective internal audit or risk management
function; ineffective regulatory compliance functions; fraud of any
magnitude; uncorrected significant deficiencies.
A material weakness is a significant deficiency alone or combined with other
significant deficiencies that results in more than a remote likelihood that
a misstatement of the annual/interim financial statement will not be
prevented or detected. This will require an adverse opinion of the internal
From: John Posada [mailto:JPosada -at- isogon -dot- com]
Sent: Wednesday, March 10, 2004 1:17 PM
To: Lisa Wright; TECHWR-L
Subject: RE: Sarbanes-Oxley 404 Project Information (LONG)
Lisa...I'm very interested in this, However, I need for you to define thing
"these are the controls that ensure these assertions are true"
ROBOHELP IS THE INDUSTRY STANDARD IN HELP AUTHORING
New RoboHelp X5 includes all new features such as,
content management, multi-author support, distributed
workforce support, XML and PDF support, and much more!
You are currently subscribed to techwr-l as:
archiver -at- techwr-l -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.