| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
About the Author | |
| |
| |
| |
The Evaluation Approach | |
| |
| |
Management's Evaluation of Internal Control | |
| |
| |
Risk-Based Judgments | |
| |
| |
Risk-Based, Top-Down Evaluation Approach | |
| |
| |
Working with the Independent Auditors | |
| |
| |
| |
Internal Control Criteria | |
| |
| |
Need for Control Criteria | |
| |
| |
COSO Internal Control Integrated Framework | |
| |
| |
Information and Communication | |
| |
| |
Internal Control for Small Businesses | |
| |
| |
Controls over Information Technology Systems | |
| |
| |
| |
Project Scoping | |
| |
| |
Introduction | |
| |
| |
Entity-Level Controls | |
| |
| |
Identifying Significant Activity-Level Control Objectives | |
| |
| |
| |
Action Plan: Identifying Significant Control Objectives | |
| |
| |
| |
Example Control Objectives | |
| |
| |
| |
Project Planning | |
| |
| |
Objective of Planning | |
| |
| |
Information Gathering for Decision Making | |
| |
| |
Information Sources | |
| |
| |
Structuring the Project Team | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Documenting Your Planning Decisions | |
| |
| |
| |
Action Plan: Project Planning | |
| |
| |
| |
Summary of Planning Questions | |
| |
| |
| |
Documentation of Internal Controls | |
| |
| |
Importance of Documentation | |
| |
| |
Assessing the Adequacy of Existing Documentation | |
| |
| |
Documentation of Entity-Level Control Policies and Procedures | |
| |
| |
Documenting Activity-Level Controls | |
| |
| |
Sarbanes-Oxley Automated Compliance Tools | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
| |
Action Plan: Documentation | |
| |
| |
| |
Linkage of Significant Control Objectives to Example Control Policies and Procedures | |
| |
| |
| |
Testing and Evaluating Entity-Level Controls | |
| |
| |
Overall Objective of Testing Entity-Level Controls | |
| |
| |
Testing Techniques | |
| |
| |
Evaluating the Effectiveness of Entity-Level Controls | |
| |
| |
Documenting Test Results | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
| |
Action Plan: Testing and Evaluating Entity-Level Controls | |
| |
| |
| |
Survey Tools | |
| |
| |
| |
Example Inquiries of Management Regarding Entity-Level Controls | |
| |
| |
| |
Testing and Evaluating Activity-Level Controls | |
| |
| |
Introduction | |
| |
| |
Confirm Your Understanding of the Design of Controls | |
| |
| |
Assessing the Effectiveness of Design | |
| |
| |
Operating Effectiveness | |
| |
| |
Evaluating Test Results | |
| |
| |
Documentation of Test Procedures and Results | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
| |
Action Plan: Documentation | |
| |
| |
| |
Example Inquiries | |
| |
| |
| |
Evaluating Control Deficiencies and Reporting on Internal Control Effectivenes | |
| |
| |
Control Deficiencies | |
| |
| |
Evaluating Control Deficiencies | |
| |
| |
Annual and Quarterly Reporting Requirements | |
| |
| |
Expanded Reporting on Management's Responsibilities for Internal Control | |
| |
| |
Coordinating with the Independent Auditors and Legal Counsel | |
| |
| |
| |
Action Plan: Reporting | |
| |
| |
Index | |