O'Reilly logo

Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework by Lynford Graham

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER TWO

Setting the Scope of Your Documentation Project

Identifying the Core

images START WITH BUSINESS OBJECTIVES

The essential starting point for determining the extent of documentation you should include in your project is a clear statement of your objectives. Regardless of whether you are formally reporting on your controls or not, you should initially cast a broad net across your entity and reduce the focus on the exclude accounts or transactions streams only as evidence concludes that risks are low. The new COSO guidance emphasizes this as a precursor to risk assessment since the identified risks relate to the objectives.

To meet the minimum documentation standards expected for any project, you probably can cut out the very minor (trivial) revenue streams and locations that individually are clearly insignificant in terms of assets, revenues, and income. Unfortunately, there is no consensus on where a bright-line minimum might be. Early on, auditors working with large public clients were bludgeoned into including just about everything with a dollar sign in the reporting on internal controls project because of the early interpretations of the guidance in Public Company Accounting Oversight Board (PCAOB) Auditing Standard (AS) No. 2. Now that that standard has been replaced (AS No. 5) with a more risk-based standard than the original. Nonpublic companies follow similar guidance ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required