New internal control requirements. Section 404 requires companies to issue a report accompanying the financial statements stating that management is responsible fores- tablishing and maintaining an adequate internal control system. The report must contain management’s assessment of the company’s internal controls, attest to their accuracy, and report significant weaknesses or material noncompliance. After SOX was passed, the SEC mandated that management must Base its evaluation on a recognized control framework. The most likely frameworks, formulated by the Committee of Sponsoring Organizations (COSO), are discussed in this chapter Disclose all material internal control weaknesses Conclude that a company does not have effective financial reporting internal controls if there are material weaknesses. Control Frameworks This section discusses three frameworks used to develop internal control systems. COBIT FRAMEWORK The Information Systems Audit and Control Association (ISACA) developed the Control
