Expressing an Opinion on Internal Control Resources

IIA Resources:
Sarbanes-Oxley Section 404: A Guide for Management by Internal Control Practitioners This Guide incorporates and reflects up-to-date guidance from the SEC, the PCAOB, and the real-world experience and insight of practicing internal auditors. As management, regulators, and internal and external auditors increase their understanding of the practical aspects of Section 404 and as related rules, regulations, and guidance changes, this Guide will be updated to reflect that learning, guidance, and best practices.

Guidance for Smaller Businesses
COSO's latest project, Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting, will guide smaller public companies through the process of applying the Internal Control - Integrated Framework when assessing and reporting on the effectiveness of internal control over financial reporting. To access and comment on the exposure draft, visit COSO's Web site.

Practical Considerations Regarding Internal Auditing Expressing an Opinion on Internal Control

Internal Auditing's Role in Sections 302 and 404The IIA's research report regarding "lessons learned" from the year 1 implementation of Sarbanes - Oxley Act of 2002

The IIA research report "A Framework for Internal Auditing's Entity-Wide Opinion on Internal Control" 

The IIA's response to the Ontario Security Commission 

The IIA's response to the Security Exchange Commission

Key Controls: The Solution for Sarbanes-Oxley Internal Control ComplianceRisk and Control Seminars - Training - The Institute of Internal Auditors (IIA)

IIA Sarbanes and Governance Resources:

• Tools and Resources for Corporate Governance Initiatives and Current Legislation
• Audit Committees
• Sarbanes-Oxley Related Resources

COSO Enterprise Risk Management - Integrated Framework

COSO Control Framework (PPT)

The IIA bookstore products regarding risk and control 

Internal Audit's Role in Corporate Governance: Sarbanes-Oxley Compliance

• Implementation Guide - Section 302 - CEO/CFO Certification of Disclosure Controls
• Implementation Guide - Section 404 - Organization's Assessment of Internal Control Over Financial Reporting 
• ALLTEL Control and Risk Self-Assessment Process
• El Paso Internal Control Assessment Survey

• Sample Disclosure Committee Charter

IT Global Technology Audit Guide^® (GTAG)^®

IIA Articles

• Shortcut to Good Controls (PDF 270 KB)
• Good News about Compliance (PDF 2 MB)
• Bringing ERM into Focus (PDF 105 KB)

Resources from other organizations

ACCA
Consultation Response Review of the Turnbull Guidance on Internal Control - Evidence Gathering Phase by the Turnbull Review Group (PDF117 KB)

Consultation Response Review of the Turnbull Guidance - Proposals for Updating the Guidance (PDF 63 KB)

Discussion Paper on the Financial Reporting & Auditing Aspects (PDF 439 KB)

Review of the Implementation of the 2003 Combined Code (PDF 53 KB)

OFR, strategy and reputation (PDF 2029 KB)

Risk Management and Internal Control in EU Discussion Paper (PDF 581 KB)

Ernst & Young: 
Emerging Trends in Internal Controls - U.S. Listed Foreign Private Issuers Second Survey and Section 404 Reference. (PDF 1759 KB)

Press Release Emerging Trends in Internal Controls - U.S.-Listed Foreign Private Issuers. (Word 32 KB)

Emerging Trends in Internal Controls--Fourth Survey and Industry Insights. (PDF 1334 KB)

Financial Reporting Council: Revised Guidance for Directors on the Combined Code (PDF 112 KB)

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements

Frequently Asked Questions Regarding Section 404. Updated to reflect PCAOB Auditing Standard No. 2 by Protiviti 

INTOSAI Resources: 
Guidelines for Internal Control Standards for the Public Sector (PDF 631 KB)

Internal  Control: Providing a Foundation for Accountability in Government (PDF 42 KB)

Research Institute of America (RIA) Practical Guide to Internal Control Publication

Sarbanes-Oxley Compromising Internal Audit by Eric Krell

Internal auditors at many companies have been so consumed by the legislation that traditional priorities are falling by the wayside. But some organizations are finding ways to balance the function's ongoing compliance responsibilities with a renewed focus on strategic and operational risks.

How Markets Punish Material Weaknesses by Marie Leone

An article about The IIA opinions paper by Glenn Cheney

Disclosure controls (PwC) - Are you ready?

Aligning COBIT, ITIL & ISO 17799 for Business Benefit - A new management briefing resulting from a joint study by the IT Governance Institute (ITGI) and the Office of Government Commerce

IT Control Objectives for Sarbanes-Oxley Final