| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
The Engagement Approach | |
| |
| |
Management's Required Assessment of the Entity's Internal Control | |
| |
| |
The Independent Auditor's Reporting Responsibilities | |
| |
| |
A Structured, Comprehensive Approach for Evaluating Internal Control | |
| |
| |
Considerations for Outside Consultants | |
| |
| |
Action Plan: Structuring the Engagement | |
| |
| |
Requirements for Management's Assessment Process: Cross Reference to Guidance | |
| |
| |
Pre-Engagement Questioning Strategy and Example Questions | |
| |
| |
Internal Control Criteria | |
| |
| |
The Need for Control Criteria | |
| |
| |
The COSO Internal Control Integrated Framework | |
| |
| |
Information and Communication | |
| |
| |
Monitoring | |
| |
| |
Business Process Activities | |
| |
| |
Controls Over Information Technology Systems | |
| |
| |
Disclosure Controls and Procedures | |
| |
| |
Example Value Chains | |
| |
| |
Project Planning | |
| |
| |
The Objective of Planning | |
| |
| |
Information Gathering for Decision Making | |
| |
| |
Information Sources | |
| |
| |
Structuring the Project Team | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Documenting Your Planning Decisions | |
| |
| |
Action Plan: Project Planning | |
| |
| |
Summary of Planning Questions | |
| |
| |
Identifying Significant Control Objectives | |
| |
| |
Introduction | |
| |
| |
Entity-Level Control Objectives Presumed to Be Significant | |
| |
| |
System-Wide Monitoring | |
| |
| |
Identifying Significant Activity-Level Control Objectives | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Action Plan: Identifying Significant Control Objectives | |
| |
| |
Example Significant Control Objectives | |
| |
| |
Map to the COSO Framework | |
| |
| |
Map to the Auditing Literature | |
| |
| |
Documentation of Significant Controls | |
| |
| |
Documentation: What It Is ... And Is Not | |
| |
| |
Assessing the Adequacy of Existing Documentation | |
| |
| |
Documentation of Entity-Level Control Policies and Procedures | |
| |
| |
Documenting Activity-Level Controls | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Action Plan: Documentation | |
| |
| |
Evaluating the Design and Implementation of Sarbanes-Oxley Automated Compliance Tools | |
| |
| |
Linkage of Significant Control Objectives to Example Control Policies and Procedures | |
| |
| |
Documentation Example | |
| |
| |
Testing and Evaluating Entity-Level Controls | |
| |
| |
Introduction | |
| |
| |
Internal Control Reliability Model | |
| |
| |
Overall Objective of Testing Entity-Level Controls | |
| |
| |
Testing Techniques | |
| |
| |
Evaluating the Effectiveness of Entity-Level Controls | |
| |
| |
Documenting Test Results | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Action Plan: Testing and Evaluating Entity-Level Controls | |
| |
| |
Survey Tools | |
| |
| |
Example Inquiries of Management Regarding Entity-Level Controls | |
| |
| |
Guidance for Designing a Computer General Controls Review | |
| |
| |
Testing and Evaluating Activity-Level Controls | |
| |
| |
Introduction | |
| |
| |
Assessing the Effectiveness of Design | |
| |
| |
Operating Effectiveness | |
| |
| |
Evaluating Test Results | |
| |
| |
Documentation of Test Procedures and Results | |
| |
| |
Coordinating with the Independent Auditors | |
| |
| |
Action Plan: Documentation | |
| |
| |
Example Inquiries | |
| |
| |
Example Control Activities | |
| |
| |
Reporting | |
| |
| |
Annual and Quarterly Reporting Requirements | |
| |
| |
Expanded Reporting on Management's Responsibilities for Internal Control | |
| |
| |
Coordinating with the Independent Auditors and Legal Counsel | |
| |
| |
Action Plan: Reporting | |
| |
| |
Example Disclosures of a Material Weakness | |
| |
| |
Example Reports on Management's Responsibilities for Reporting and Internal Control | |
| |
| |
Index | |