SARBANES-OXLEY REQUIRES MANAGEMENT to include an assessment of internal controls over financial reporting, using a suitable framework, in the annual report. While a number of frameworks are available, some do not adequately assess technology controls.
SEC RULES SAY MANAGEMENT MUST BASE its evaluation of the effectiveness of internal controls over financial reporting on a recognized control framework issued by a group that followed due-process procedures. The framework must be free from bias, complete and relevant to the task at hand, and must permit consistent quantitative and qualitative measurements.
Journal of Accountancy Online, March 2005
URL:
