3.4. APPENDIX 3A ACTION PLAN: IDENTIFYING SIGNIFICANT CONTROL OBJECTIVES

This action plan is intended to help you implement the suggestions contained in this chapter for identifying significant control objectives.

  1. Entity-Level Control Objectives Apply the principles of the risk-based, top-down approach to determine the entity-level controls that should be included in your evaluation of internal controls. For example:

    • Consider the entity-level control objectives described in this chapter as significant.

      • Corporate culture

      • Personnel policies

      • IT general controls

      • Risk identification

      • Monitoring

      • Anti-fraud programs and controls

      • "Period-end" financial reporting processes

    • Consider these issues to determine whether your list of significant entity-level control objectives is complete:

      • The business activities of the entity and the industry in which it operates

      • The most significant financial reporting risks facing the entity

      • The overall design of the entity's internal control

  2. Activity-Level Control Objectives Based on your understanding of the entity's financial statements and business activities, determine significant entity-level control objectives. For example:

    • Review the entity's financial statements and identify the most significant:

      • Account balances

      • Classes of transactions

      • Disclosures

      • Assertions

  3. To make this determination, consider:

    • Magnitude of the accounts

    • Qualitative factors that affect materiality

    • Inherent risk

    • The entity's critical accounting policies disclosure

Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial