| |
| |
| Preface | |
| |
| |
| Acknowledgments | |
| |
| |
| The Engagement Approach | |
| |
| |
| Management's Required Assessment of the Entity's Internal Control | |
| |
| |
| The Independent Auditor's Reporting Responsibilities | |
| |
| |
| A Structured, Comprehensive Approach for Evaluating Internal Control | |
| |
| |
| Considerations for Outside Consultants | |
| |
| |
| Action Plan: Structuring the Engagement | |
| |
| |
| Requirements for Management's Assessment Process: Cross Reference to Guidance | |
| |
| |
| Pre-Engagement Questioning Strategy and Example Questions | |
| |
| |
| Internal Control Criteria | |
| |
| |
| The Need for Control Criteria | |
| |
| |
| The COSO Internal Control Integrated Framework | |
| |
| |
| Information and Communication | |
| |
| |
| Monitoring | |
| |
| |
| Business Process Activities | |
| |
| |
| Controls Over Information Technology Systems | |
| |
| |
| Disclosure Controls and Procedures | |
| |
| |
| Example Value Chains | |
| |
| |
| Project Planning | |
| |
| |
| The Objective of Planning | |
| |
| |
| Information Gathering for Decision Making | |
| |
| |
| Information Sources | |
| |
| |
| Structuring the Project Team | |
| |
| |
| Coordinating with the Independent Auditors | |
| |
| |
| Documenting Your Planning Decisions | |
| |
| |
| Action Plan: Project Planning | |
| |
| |
| Summary of Planning Questions | |
| |
| |
| Identifying Significant Control Objectives | |
| |
| |
| Introduction | |
| |
| |
| Entity-Level Control Objectives Presumed to Be Significant | |
| |
| |
| System-Wide Monitoring | |
| |
| |
| Identifying Significant Activity-Level Control Objectives | |
| |
| |
| Coordinating with the Independent Auditors | |
| |
| |
| Action Plan: Identifying Significant Control Objectives | |
| |
| |
| Example Significant Control Objectives | |
| |
| |
| Map to the COSO Framework | |
| |
| |
| Map to the Auditing Literature | |
| |
| |
| Documentation of Significant Controls | |
| |
| |
| Documentation: What It Is ... And Is Not | |
| |
| |
| Assessing the Adequacy of Existing Documentation | |
| |
| |
| Documentation of Entity-Level Control Policies and Procedures | |
| |
| |
| Documenting Activity-Level Controls | |
| |
| |
| Coordinating with the Independent Auditors | |
| |
| |
| Action Plan: Documentation | |
| |
| |
| Evaluating the Design and Implementation of Sarbanes-Oxley Automated Compliance Tools | |
| |
| |
| Linkage of Significant Control Objectives to Example Control Policies and Procedures | |
| |
| |
| Documentation Example | |
| |
| |
| Testing and Evaluating Entity-Level Controls | |
| |
| |
| Introduction | |
| |
| |
| Internal Control Reliability Model | |
| |
| |
| Overall Objective of Testing Entity-Level Controls | |
| |
| |
| Testing Techniques | |
| |
| |
| Evaluating the Effectiveness of Entity-Level Controls | |
| |
| |
| Documenting Test Results | |
| |
| |
| Coordinating with the Independent Auditors | |
| |
| |
| Action Plan: Testing and Evaluating Entity-Level Controls | |
| |
| |
| Survey Tools | |
| |
| |
| Example Inquiries of Management Regarding Entity-Level Controls | |
| |
| |
| Guidance for Designing a Computer General Controls Review | |
| |
| |
| Testing and Evaluating Activity-Level Controls | |
| |
| |
| Introduction | |
| |
| |
| Assessing the Effectiveness of Design | |
| |
| |
| Operating Effectiveness | |
| |
| |
| Evaluating Test Results | |
| |
| |
| Documentation of Test Procedures and Results | |
| |
| |
| Coordinating with the Independent Auditors | |
| |
| |
| Action Plan: Documentation | |
| |
| |
| Example Inquiries | |
| |
| |
| Example Control Activities | |
| |
| |
| Reporting | |
| |
| |
| Annual and Quarterly Reporting Requirements | |
| |
| |
| Expanded Reporting on Management's Responsibilities for Internal Control | |
| |
| |
| Coordinating with the Independent Auditors and Legal Counsel | |
| |
| |
| Action Plan: Reporting | |
| |
| |
| Example Disclosures of a Material Weakness | |
| |
| |
| Example Reports on Management's Responsibilities for Reporting and Internal Control | |
| |
| |
| Index | |