Sarbanes-Oxley (SOX) Testing

Instructor: Lynn Fountain

Glossary/Index
Term Page Description
SOX Entire Abbreviation for Sarbanes-Oxley legislation
presentation
SOX 404 2 Legislation mandates that all publicly-traded companies
must establish internal controls and procedures for financial
reporting and must document, test and maintain those
controls and procedures to ensure their effectiveness. The
purpose of SOX is to reduce the possibilities of corporate
fraud by increasing the stringency of procedures and
requirements for financial reporting.
COSO 2 Abbreviation for Committee of Sponsoring Organizations
SOX 302 2 Periodic statutory financial reports are to include
certifications that:
• The signing officers have reviewed the report
• The report does not contain any material untrue
statements or material omission or be considered
misleading
• The financial statements and related information
fairly present the financial condition and the results
in all material respects
• The signing officers are responsible for internal
controls and have evaluated these internal controls
within the previous ninety days and have reported
on their findings
• A list of all deficiencies in the internal controls and
information on any fraud that involves employees
who are involved with internal activities
• Any significant changes in internal controls or
related factors that could have a negative impact on
the internal controls
Organizations may not attempt to avoid these requirements
by reincorporating their activities or transferring their
activities outside of the United States

SOX 806, Section 806 of Sarbanes-Oxley creates a federal civil right of
902, 906 action on behalf of any employee of a publicly traded
company, or any employee of a contractor of a publicly
traded company, who is subject to discrimination in
retaliation for reporting corporate fraud or accounting
abuses

Sec. 902 addresses attempts and conspiracies to commit
criminal fraud offenses.
Section 906 addresses criminal penalties for certifying a
misleading or fraudulent financial report. Under SOX 906,
penalties can be upwards of $5 million in fines and 20 years
in prison.
ELC 2, 10, 23, 35 Abbreviation for entity level control
XBRL 2 Abbreviation for eXtensible business reporting
language
FS 4, 71 Abbreviation for financial statement
Accts. 4 Abbreviation for accounts
AS5 8, 13, 71 Auditing Standard 5 passed by the Public Companies
and Accounting Oversight Board that guides the work
external auditors must do to comply with Sarbanes-
Oxley.
Assertion 8 References accounting financial statement assertions
MW 15, 20, 37 Material weakness
CE 15, 24 Control Environment
ICFR 21, 61, 71 Internal control over financial reporting
ITGC 24 Information technology general controls
MM 25, 36 Material Misstatement
Key Control 34 Required to provide reasonable assurance that
material errors will be prevented/detected timely. Key
control is the only control that covers a risk of MM (it is
indispensable to cover its control objective). If it fails, it
is highly improbable the other control could detect the
control absence

CSA 37 Control Self-Assessment

T&E 42 Travel and Entertainment Expense
BCP 43, 48, 54 Business Continuity Plan
GL 68 General ledger
AP 68 Accounts payable
ID 68 Identification
ICs 4 Abbreviation for internal controls
FR 4 Abbreviation for financial reporting
Directive 6 Actions taken to cause or encourage a desirable event to occur.
Controls They are broad in nature and apply to all situations
Preventative 6 Designed to keep errors or irregularities from occurring in the
Controls first place
Detective 7 Designed to detect errors or irregularities that may have
Controls occurred
Corrective 8 Designed to correct errors or irregularities that have been
Controls detected
Recovery 8 Designed to recover information in the event of loss
Controls
Automated 9 The application of control theory for regulation of processes
Controls without direct human intervention.
Manual 9 Controls performed by human interaction
Controls
Initiation 14 The action of beginning something
Authorization 19 The fact or act of giving permission or authority
Processing 22 The step by step sequence of executing a specific action
PCAOB 31 Public Companies Accounting and Oversight Board
ICFR 31 Internal Controls Over Financial Reporting
Flowchart 40 A visual representation of something
P.O. 46, 47 Purchase Order
SOD 46 Segregation of duties
AP 47 Accounts payable
Ops 47 Abbreviation for operations
Narrative 49 A story or a guide to define what your process does and how
they do it
FR 51 Financial reporting
MM 51, 54 Material misstatement
FS 53 Financial statement
Policies 56 Clear, simple statements of how organizations intend to conduct
its business
Template 60 A form that has specific factors outlined to include
Checklist 61 A listing of items required, things to be done, or points to be
considered

Questionnaires 63 A set of printed or written questions with a choice of answers,
devised for the purposes of a survey or statistical study.