You are previewing Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework.
O'Reilly logo
Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework

Book Description

Ease the transition to the new COSO framework with practical strategy

Internal Control Audit and Compliance provides complete guidance toward the latest framework established by the Committee of Sponsoring Organizations (COSO). With clear explanations and expert advice on implementation, this helpful guide shows auditors and accounting managers how to document and test internal controls over financial reporting with detailed sections covering each element of the framework. Each section highlights the latest changes and new points of emphasis, with explicit definitions of internal controls and how they should be assessed and tested. Coverage includes easing the transition from older guidelines, with step-by-step instructions for implementing the new changes. The new framework identifies seventeen new principles, each of which are explained in detail to help readers understand the new and emerging best practices for efficiency and effectiveness.

The revised COSO framework includes financial and non-financial reporting, as well as both internal and external reporting objectives. It is essential for auditors and controllers to understand the new framework and how to document and test under the new guidance. This book clarifies complex codification and provides an effective strategy for a more rapid transition.

  • Understand the new COSO internal controls framework

  • Document and test internal controls to strengthen business processes

  • Learn how requirements differ for public and non-public companies

  • Incorporate improved risk management into the new framework

  • The new framework is COSO's first complete revision since the release of the initial framework in 1992. Companies have become accustomed to the old guidelines, and the necessary procedures have become routine - making the transition to align with the new framework akin to steering an ocean liner. Internal Control Audit and Compliance helps ease that transition, with clear explanation and practical implementation guidance.

    Table of Contents

    1. Cover Page
    2. Title Page
    3. Copyright
    4. Contents
    5. PREFACE
    6. Acknowledgments
    7. CHAPTER ONE: What We All Share
      1. NEED FOR CONTROL CRITERIA
      2. OVERVIEW OF THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK
      3. HOLISTIC, INTEGRATED VIEW
      4. REVISED COSO INTERNAL CONTROLS FRAMEWORK
      5. WHAT WE MUST DO
      6. BASIC SCOPING AND STRATEGIES FOR MAINTENANCE
      7. WHERE WE DEPART
      8. TRIANGLE OF EFFICIENCY
      9. CONTROLS VERSUS PROCESSES
      10. THE DEBATE CONTINUES
      11. ORGANIZATION OF THIS BOOK
    8. CHAPTER TWO: Setting the Scope of Your Documentation Project
      1. START WITH BUSINESS OBJECTIVES
      2. AFTER THE INITIAL YEAR
      3. MAPPING THE ENTITY TO THE FINANCIAL STATEMENTS: INS AND OUTS
      4. CONSIDER RISKS, NOT JUST QUANTITATIVE MEASURES
      5. INHERENT AND CONTROL RISK
      6. OVERSTATEMENT AND UNDERSTATEMENT
      7. DOES “IN SCOPE” IMPLY EXTENSIVE TESTING?
      8. A CONSOLATION
      9. BE CAREFUL OUT THERE!
    9. CHAPTER THREE: The Risk Assessment Component
      1. RISK ASSESSMENT PRINCIPLES IN COSO
      2. COST CONTROL
      3. BASICS
      4. LIKELIHOOD, MAGNITUDE, VELOCITY, AND PERSISTENCE
      5. SEPARATE ASSESSMENTS OF INHERENT AND CONTROL RISKS
      6. ROLE OF ASSERTIONS
      7. ASSERTIONS
      8. PRINCIPLES 6 AND 7: SPECIFY SUITABLE OBJECTIVES; IDENTIFY AND ANALYZE RISK
      9. IDENTIFYING RISKS
      10. EXTERNAL SOURCES OF RISK INFORMATION
      11. INTERNAL AND EXTERNAL REPORTING RISKS
      12. COMPLIANCE RISKS
      13. DISCLOSED MATERIAL WEAKNESSES IN RISK ASSESSMENT
      14. PRINCIPLE 8: ASSESS FRAUD RISK
      15. AUDITOR RESPONSIBILITY TO DETECT FRAUD
      16. ANTIFRAUD CONTROLS FOR MANAGEMENT TO CONSIDER
      17. TIES TO OTHER PRINCIPLES AND COMPONENTS
      18. PRINCIPLE 9: IDENTIFY AND ASSESS SIGNIFICANT CHANGE
      19. GATHERING INFORMATION TO SUPPORT THE RISK ASSESSMENT AND CONSIDER CHANGE
      20. ATTACHMENT 1: AICPA “CPA's HANDBOOK OF FRAUD AND COMMERCIAL CRIME PREVENTION” CODE OF CONDUCT
      21. ATTACHMENT 2: FINANCIAL EXECUTIVES INTERNATIONAL CODE OF ETHICS STATEMENT
    10. CHAPTER FOUR: Control Environment
      1. PRINCIPLE 1. COMMITMENT TO INTEGRITY AND ETHICAL VALUES
      2. PRINCIPLE 2. BOARD OF DIRECTORS (GOVERNANCE) DEMONSTRATES INDEPENDENCE FROM MANAGEMENT AND EXERCISES OVERSIGHT OF THE DEVELOPMENT AND PERFORMANCE OF INTERNAL CONTROL
      3. PRINCIPLE 3. MANAGEMENT ESTABLISHES, WITH BOARD OVERSIGHT, STRUCTURES, REPORTING LINES, AND APPROPRIATE AUTHORITIES AND RESPONSIBILITIES IN THE PURSUIT OF OBJECTIVES
      4. PRINCIPLE 4. COMMITMENT TO ATTRACT, DEVELOP, AND RETAIN COMPETENT INDIVIDUALS IN ALIGNMENT WITH OBJECTIVES
      5. PRINCIPLE 5. THE ORGANIZATION HOLDS INDIVIDUALS ACCOUNTABLE FOR THEIR INTERNAL CONTROL RESPONSIBILITIES IN THE PURSUIT OF OBJECTIVES
    11. CHAPTER FIVE: Control Activities
      1. PRINCIPLE 10. SELECTS AND DEVELOPS CONTROL ACTIVITIES TO MITIGATE RISK AND ACHIEVE OBJECTIVES
      2. PRINCIPLE 11. SELECTS AND DEVELOPS GENERAL CONTROLS OVER TECHNOLOGY
      3. PRINCIPLE 12. DEPLOYS THROUGH POLICIES AND PROCEDURES
      4. SUMMING UP
    12. CHAPTER SIX: Information and Communication
      1. PRINCIPLE 13. GENERATES RELEVANT INFORMATION
      2. PRINCIPLE 14. COMMUNICATES INTERNALLY
      3. PRINCIPLE 15. COMMUNICATES EXTERNALLY
    13. CHAPTER SEVEN: Monitoring
      1. PRINCIPLE 16. SELECT, DEVELOP, AND PERFORM ONGOING AND/OR SEPARATE EVALUATIONS
      2. PRINCIPLE 17. EVALUATE AND COMMUNICATE DEFICIENCIES AS APPROPRIATE
    14. CHAPTER EIGHT: Evidence and Testing
      1. SUFFICIENT EVIDENCE
      2. GATHERING INFORMATION
      3. TESTING AND SAMPLING
      4. NONSAMPLING SITUATIONS
      5. CONFUSION OF SAMPLE SIZE GUIDANCE IN PRACTICE TODAY
      6. INFORMATION TECHNOLOGY GENERAL CONTROLS
      7. TESTING SECURITY AND ACCESS
    15. CHAPTER NINE: Developing Questionnaires and Conducting Interviews
      1. SURVEYS OF EMPLOYEES
      2. CONDUCTING INTERVIEWS
      3. MANAGEMENT INQUIRIES: SAMPLE QUESTIONS
    16. CHAPTER TEN: Assessing the Severity of Identified Controls Deficiencies
      1. IT'S INEVITABLE
      2. ALIGNMENT OF PUBLIC AND PRIVATE COMPANY STANDARDS FOR ASSESSING DEFICIENCY SEVERITY
      3. CONTROL DEFICIENCIES AND DEFINITIONS
      4. KEY FACTORS WHEN ASSESSING THE SEVERITY OF A DEFICIENCY
      5. CONDITIONS INDICATING CONTROL DEFICIENCIES
      6. EXAMPLES OF EVALUATING THE SEVERITY OF DEFICIENCIES
      7. OVERALL ASSESSMENT
    17. CHAPTER ELEVEN: Reporting Requirements
      1. NONPUBLIC ENTITY REPORTING
      2. PUBLIC COMPANY ANNUAL AND QUARTERLY REPORTING REQUIREMENTS
      3. REPORTING ON MANAGEMENT'S RESPONSIBILITIES FOR INTERNAL CONTROL
      4. REQUIRED COMPANY AND AUDITOR COMMUNICATIONS
      5. REPORTING THE REMEDIATION OF WEAKNESSES
      6. COORDINATING WITH THE INDEPENDENT AUDITORS AND LEGAL COUNSEL
    18. CHAPTER TWELVE: Project Management and Tools Assessment Design
      1. PROJECT MANAGEMENT
      2. STRUCTURING THE PROJECT TEAM
      3. TOOLS ASSESSMENT DESIGN
      4. FEATURES OF A GOOD TOOLS SOLUTION
      5. VALUE OF A PILOT PROJECT
      6. COORDINATING WITH THE INDEPENDENT AUDITORS
    19. CHAPTER THIRTEEN: Illustrative Forms and Templates
      1. HISTORICAL PERSPECTIVE
      2. 2013 FRAMEWORK EXAMPLES
    20. CHAPTER FOURTEEN: Summing Up
    21. About the Author
    22. Index