Skip to content
BOL Conferences
Thread Options
#41541 - 11/07/02 09:30 PM Sarbanes-Oxley
Anonymous
Unregistered

I have been assigned the task of identifying any deficiencies in the design or operation of internal controls which could adversly affect our bank's ability to record, process, summarize and report financial data. This relates to the SEC's proposed rules relating to Section 404 of the Sarbanes-Oxley Act. This section details management's assessment of internal controls. The SEC is requiring that management attest to this information for all quarterly and annual reports. I have no idea how to even begin with this arduous task. Can anyone provide guidance??

Return to Top
Audit
#41542 - 11/07/02 09:45 PM Re: Sarbanes-Oxley
Lestie G Offline

Power Poster
Joined: May 2002
Posts: 3,608
Near the Land of Enchantment
I can tell you how we're approaching it! We are required to certify internal controls under FDICIA - so we took the risk assessment documents we prepared for that, expanded and modified them to catch all the requirements of S-O, and prepared a certification, similar to the one the CEO and CFO have to sign, for each line manager to sign.

We're still in the implementation phase - so I can't tell you how it's working.

If you're a public company, this all applies to you. If you're not - be sure to verify that you're not working on something that you don't have to do (unless management wants you to do it anyway).
_________________________
Opinions my own.

Return to Top
#41543 - 11/07/02 09:50 PM Re: Sarbanes-Oxley
Anonymous
Unregistered

We are public, but with assets under $500 million. Therefore, we've never had to prepare a mangement internal control report. Our regulator is the OTS. Because I am brand new to internal auditing, I was hoping someone could guide me on what to look for, or any published material.

Return to Top
#41544 - 11/07/02 09:56 PM Re: Sarbanes-Oxley
Lestie G Offline

Power Poster
Joined: May 2002
Posts: 3,608
Near the Land of Enchantment
I understand from our external auditors that there is some published material relating to internal control standards. I can't remember the name they called it right now, maybe somebody can help us out with that. Our external audit firm also provided us with some pretty good materials as they prepared for a FDICIA review. It might be a good idea to ask your auditor - even though you don't have to comply with FDICIA, they might could still provide you with some materials.
_________________________
Opinions my own.

Return to Top
#41545 - 11/13/02 08:05 PM Re: Sarbanes-Oxley
Michelle D Offline
Gold Star
Michelle D
Joined: Oct 2001
Posts: 313
Terminator Country
You're looking for information on COSO - don't remember what it stands for but it is the gold standard for organizational internal control processes. That being said, as lglover said, call your external they should be excited to help you understand what needs to be done and give you some good initial direction.

While we are not public, our ultimate parent is, so we used the same approach that lglover took, and modified our FDICIA stuff. Our issues are slightly different but our FDICIA work was the basis.
_________________________
The opinions are mine and do not necessarily reflect those of my employer.

Return to Top
#41546 - 11/19/02 04:12 PM Re: Sarbanes-Oxley
LiL Bit Moore Offline
Platinum Poster
LiL Bit Moore
Joined: Nov 2002
Posts: 624
Texas
COSO is a recommended format to facilitate the attestation process. It is the Treadyway Commissions Committee of Sponsoring Organizations. It recommends evaluating risk based on specific factors..external, internal and risk relating to change. I was employed by a bank that went from 5 separate charters, each under $500M in assets, which then collapsed all charters into one..immediately catipulting assets in excess of $500M. I was the I/A, which was a new dept, and responsible for implementation of the new audit dept and adherence with FDICIA requirements. Finding a format for the reporting was difficult. Although our primary regulator was aware of the requirement, they were unable to provide guidance regarding documentation and attestation format. I found contacting other institutions under the same requirements to be most beneficial. Our external audit firm also provided assistance as they have additional duties regarding FDICIA if their client's assets are in excess of $500M. Good Luck!
_________________________
An error is not a mistake until you refuse to correct it

Return to Top
#41547 - 11/21/02 09:14 AM Re: Sarbanes-Oxley
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
Does anyone have a form or system that is an improvement over the (Arthur Andersen) CRAD's? (Control Risk Assessment Documents.)
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top

Moderator:  Andy_Z