BKBYNSOX.RVW 20070228 "Beyond Sarbanes-Oxley Compliance", Anne M. Marchetti, 2005, 0-471-72626-5, U$49.95/C$64.99/UK#27.95 %A Anne M. Marchetti %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2005 %G 0-471-72626-5 %I John Wiley & Sons, Inc. %O U$49.95/C$64.99/UK#27.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471726265/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0471726265/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0471726265/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 271 p. %T "Beyond Sarbanes-Oxley Compliance" Part one deals with the basic level of compliance, ensuring that a company is not in contravention of the Sarbanes-Oxley (SOX) act. Chapter one is on overview of the US law. More detail on sections 302, 404, and 409 of the act, and the implications thereof, is provided in chapter two. Factors affecting the initial, rudimentary level of compliance are discussed in chapter three, but the material is somewhat disorganized. Chapter four defines a number of terms relating to control deficiencies, and outlines a six-step "path" to compliance (which is based upon general project management stages). Part two moves from the fundamental compliance level to a process involving ongoing maintenance and monitoring. Chapter five examines the success (and failure) factors for change management, and this time promotes a five-step project cycle, which is extended and detailed in chapter six. The audit function is reviewed, in chapter seven, mostly regarding independence between auditors and the audited. Other matters relating to ensuring compliance on an ongoing basis are noted in chapter eight. Part three suggests that companies move beyond regarding mere requirements for compliance to process improvement, the topic of chapter nine. The remaining chapters, although seemingly included in this part of the book have little to do with process improvement as such: ten explores the International Financial Reporting Standard (IFRS), eleven notes SOX requirements for companies not under the jurisdiction of the United States, and twelve looks at initiatives from the financial services industry, such as Basel II. In the earlier "Beyond COSO" (cf. BKBECOSO.RVW) Steven Root recommended that companies should implement internal controls as suggested by the Committee of Sponsoring Organizations of the Treadway Commission, but must also go beyond them, in a manner similar to the layered defence or defence in depth models. Marchetti's similar title would imply a comparable intent. Unfortunately, "Beyond Sarbanes- Oxley Compliance" is incomplete in its explanation of SOX, and does not provide much assistance in achieving minimal compliance, let alone moving beyond that level. For those with a rudimentary understanding of internal controls, this book does provide some additional background and a set of factors to consider, but not much more. copyright Robert M. Slade, 2007 BKBYNSOX.RVW 20070228