business

This book does not much dwell on the details of Sarbanes-Oxley - the reader is assumed to have an understanding of the salient details - but, instead lays out a comprehensive action plan for complying with Section 404.

The author begins with three chapters covering the overall goals and objectives, roles and responsibilities, assessment issues, and an excellent chapter about internal control criteria. Each of these chapters ends in appendices that support the compliance initiative.

Milestones, covered in Chapters 3 through 7, are clearly defined with respect to what it will take, key issues, and appendices that provide examples, guidelines, checklists and other material that support compliance. I was impressed by the straightforward approach, the complete and clear identification of all issues - and especially so regarding IT, developing documentation, and testing the controls - and the fact that the control objectives were carefully mapped to the COSO Framework.

If you want a realistic view of the scope and complexity of Section 404 compliance this book will provide it. If you are an IT professional I strongly recommend visiting Information Systems Audit and Control Association (ASIN B00006BW74), which makes available a free 84-page document titled "IT Control Objectives for Sarbanes-Oxley". For more general information, there is a commercial site that provides news and updates on Sarbanes-Oxley issues (ASIN B0000AM23N), as well as the Public Company Accounting Oversight Board (ASIN B00013Y80Y), which provides rule making information and a means to comment on proposed rules. You can reach these sites by pasting the ASIN numbers in the search box at the top of this page, selecting all products and clicking GO.