The cumulative results of the events of September 11, 2001 have been articulated in two white papers distributed by the Securities and Exchange Commission (SEC) on October 21, 2002, and October 7, 2003, respectively, as well as in rules from the National Association of Securities Dealers (NASD) that followed September 13, 2003 with the Sarbanes-Oxley Act of 2004, the Homeland Security Act of 2002, Secure Cyberspace February 2003, national infrastructure protection plan 2006, the Patriot Act 2002, the National Fire Protection Agency 1600 Standard on Disaster/Emergency Management and Continuity of Programs 2004 edition as a subset of the Patriot Act and Guidelines for Disaster Preparedness, the interim national preparedness goals, Homeland Security, Presidential Directive and, National Preparedness Developed by Homeland Security March 31, 2005, the Federal Financial Institutions Council Business Continuity Planning March 2003.

On March 9, 2004, the U.S. Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. This audit standard establishes the requirements for performing an audit of internal control over financial reporting and provides some important directions on the scope required for auditors.

Auditing Standard No. 2 includes specific requirements for auditors to understand the flow ...