Under Sarbanes Oxley

two separate certification sections came into effect – one civil and the other criminal. See 15 U.S.C. § 7241 (Section 302) (civil provision); 18 U.S.C. § 1350 (Section 906) (criminal provision).

Section 302 of Sarbanes Oxley Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are “responsible for establishing and maintaining internal controls” and “have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.”

15 U.S.C. § 7241(a)(4). The officers must “have evaluated the effectiveness of the company’s internal controls as of a date within 90 days prior to the report” and “have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.”

 

SOX 404 Compliance

has had serious effects on those found to have material weaknesses in internal control. Under the Sarbane Oxley Act companies must, for the first time, provide attestation of internal control assessment. This presents new challenges to businesses, specifically, documentation of control procedures related to information technology.

Additionally, PCAOB has issued guidelines on how management should render their opinion. The main point of these guidelines is that management should use an internal control framework such as COSO (which describes how to assess the control environment, determine control objectives, perform risk assessments, and identify controls and monitor compliance). Companies have almost uniformly elected COSO as the standard when choosing an internal control framework.