END-USER COMPUTING KNOWLEDGE BASE

sarbanes imgEnacted and administered by the Securities and Exchange Commission, the Sarbanes-Oxley Act of 2002 (commonly referred to as SOX) establishes and sets deadlines for corporations' compliance of financial and IT records. This legislation is not a set of business practices and does not specify how a business should store its records; but rather, it defines which records are to be stored and for how long.

The Act states that all business records, including electronic records and electronic messages, must be saved for "not less than five years". The consequences for non-compliance are fines, imprisonment, or both.

SARBANES-OXLEY AND EUC MANAGEMENT

CIMCON Software solutions support Sarbanes-Oxley requirements by providing companies with end-user computing management tools including spreadsheet and database controls to ensure accurate financial reporting.

The EUC Insight Change Management tool creates audit trails of critical changes and provides productivity tools such as visual file comparisons for managerial review.

Automated email alerts on critical changes, on demand reporting, and built-in reports and dashboards, accelerate tasks for end-users, supervisors, risk/compliance personnel and senior management.

Extensive reporting capabilities support verification and documentation efforts.

                                      Download Our Guide to Sarbanes-Oxley and  EUCs

OVERVIEW OF AN INTERNAL CONTROL AUDIT

Section 404 of the Act requires company management to assess and report on the effectiveness of the company´s internal controls. It also requires a company´s independent auditor, registered with the Public Company Accounting Oversight Board ("PCAOB" or "Board"), to attest to management’s disclosures regarding the effectiveness of its internal controls. As directed by Sections 103 and 404 of the Act, the Board established a standard to govern the newly required audit by adopting "An Audit of Internal Control Over Financial Reporting performed in conjunction with an Audit of Financial Statements (Auditing Standard No. 2)".

Standard 2 identified the following important steps in an audit of internal controls:

Plan the audit.

Test and evaluate design and operating effectiveness.

Communicate findings to the audit committee and management.

Evaluate the sufficiency of testing.

Evaluate management's assessment process.

Obtain an understanding of internal controls.

Formulate an opinion on the effectiveness of internal controls over financial reporting and issue a report on internal controls.

TESTIMONIAL

"We selected CIMCON's software to not only support our audit and SOX-compliance activities, but to provide an additional resource for aiding our business partners. The software can be used by my team with minimal training and provides a significant amount of functionality to address many of the risks associated with complex spreadsheet files."

- VICE PRESIDENT (INTERNAL AUDIT), $16 BILLION TOP U.S. RETAILER.