book

Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework

Name: Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework
Author: Lynford Graham
ISBN: 9781118996218

by Lynford Graham

February 2015

Intermediate to advanced

416 pages

12h 56m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Contents
PREFACE
Acknowledgments
CHAPTER ONE: What We All Share
NEED FOR CONTROL CRITERIAOVERVIEW OF THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORKHOLISTIC, INTEGRATED VIEWREVISED COSO INTERNAL CONTROLS FRAMEWORKWHAT WE MUST DOBASIC SCOPING AND STRATEGIES FOR MAINTENANCEWHERE WE DEPARTTRIANGLE OF EFFICIENCYCONTROLS VERSUS PROCESSESTHE DEBATE CONTINUESORGANIZATION OF THIS BOOK
CHAPTER TWO: Setting the Scope of Your Documentation Project
START WITH BUSINESS OBJECTIVESAFTER THE INITIAL YEARMAPPING THE ENTITY TO THE FINANCIAL STATEMENTS: INS AND OUTSCONSIDER RISKS, NOT JUST QUANTITATIVE MEASURESINHERENT AND CONTROL RISKOVERSTATEMENT AND UNDERSTATEMENTDOES “IN SCOPE” IMPLY EXTENSIVE TESTING?A CONSOLATIONBE CAREFUL OUT THERE!
CHAPTER THREE: The Risk Assessment Component
RISK ASSESSMENT PRINCIPLES IN COSOCOST CONTROLBASICSLIKELIHOOD, MAGNITUDE, VELOCITY, AND PERSISTENCESEPARATE ASSESSMENTS OF INHERENT AND CONTROL RISKSROLE OF ASSERTIONSASSERTIONSPRINCIPLES 6 AND 7: SPECIFY SUITABLE OBJECTIVES; IDENTIFY AND ANALYZE RISKIDENTIFYING RISKSEXTERNAL SOURCES OF RISK INFORMATIONINTERNAL AND EXTERNAL REPORTING RISKSCOMPLIANCE RISKSDISCLOSED MATERIAL WEAKNESSES IN RISK ASSESSMENTPRINCIPLE 8: ASSESS FRAUD RISKAUDITOR RESPONSIBILITY TO DETECT FRAUDANTIFRAUD CONTROLS FOR MANAGEMENT TO CONSIDERTIES TO OTHER PRINCIPLES AND COMPONENTSPRINCIPLE 9: IDENTIFY AND ASSESS SIGNIFICANT CHANGEGATHERING INFORMATION TO SUPPORT THE RISK ASSESSMENT AND CONSIDER CHANGEATTACHMENT 1: AICPA “CPA's HANDBOOK OF FRAUD AND COMMERCIAL CRIME PREVENTION” CODE OF CONDUCTATTACHMENT 2: FINANCIAL EXECUTIVES INTERNATIONAL CODE OF ETHICS STATEMENT
CHAPTER FOUR: Control Environment
PRINCIPLE 1. COMMITMENT TO INTEGRITY AND ETHICAL VALUESPRINCIPLE 2. BOARD OF DIRECTORS (GOVERNANCE) DEMONSTRATES INDEPENDENCE FROM MANAGEMENT AND EXERCISES OVERSIGHT OF THE DEVELOPMENT AND PERFORMANCE OF INTERNAL CONTROLPRINCIPLE 3. MANAGEMENT ESTABLISHES, WITH BOARD OVERSIGHT, STRUCTURES, REPORTING LINES, AND APPROPRIATE AUTHORITIES AND RESPONSIBILITIES IN THE PURSUIT OF OBJECTIVESPRINCIPLE 4. COMMITMENT TO ATTRACT, DEVELOP, AND RETAIN COMPETENT INDIVIDUALS IN ALIGNMENT WITH OBJECTIVESPRINCIPLE 5. THE ORGANIZATION HOLDS INDIVIDUALS ACCOUNTABLE FOR THEIR INTERNAL CONTROL RESPONSIBILITIES IN THE PURSUIT OF OBJECTIVES

CHAPTER FIVE: Control Activities
PRINCIPLE 10. SELECTS AND DEVELOPS CONTROL ACTIVITIES TO MITIGATE RISK AND ACHIEVE OBJECTIVESPRINCIPLE 11. SELECTS AND DEVELOPS GENERAL CONTROLS OVER TECHNOLOGYPRINCIPLE 12. DEPLOYS THROUGH POLICIES AND PROCEDURESSUMMING UP
CHAPTER SIX: Information and Communication
PRINCIPLE 13. GENERATES RELEVANT INFORMATIONPRINCIPLE 14. COMMUNICATES INTERNALLYPRINCIPLE 15. COMMUNICATES EXTERNALLY
CHAPTER SEVEN: Monitoring
PRINCIPLE 16. SELECT, DEVELOP, AND PERFORM ONGOING AND/OR SEPARATE EVALUATIONSPRINCIPLE 17. EVALUATE AND COMMUNICATE DEFICIENCIES AS APPROPRIATE
CHAPTER EIGHT: Evidence and Testing
SUFFICIENT EVIDENCEGATHERING INFORMATIONTESTING AND SAMPLINGNONSAMPLING SITUATIONSCONFUSION OF SAMPLE SIZE GUIDANCE IN PRACTICE TODAYINFORMATION TECHNOLOGY GENERAL CONTROLSTESTING SECURITY AND ACCESS
CHAPTER NINE: Developing Questionnaires and Conducting Interviews
SURVEYS OF EMPLOYEESCONDUCTING INTERVIEWSMANAGEMENT INQUIRIES: SAMPLE QUESTIONS
CHAPTER TEN: Assessing the Severity of Identified Controls Deficiencies
IT'S INEVITABLEALIGNMENT OF PUBLIC AND PRIVATE COMPANY STANDARDS FOR ASSESSING DEFICIENCY SEVERITYCONTROL DEFICIENCIES AND DEFINITIONSKEY FACTORS WHEN ASSESSING THE SEVERITY OF A DEFICIENCYCONDITIONS INDICATING CONTROL DEFICIENCIESEXAMPLES OF EVALUATING THE SEVERITY OF DEFICIENCIESOVERALL ASSESSMENT
CHAPTER ELEVEN: Reporting Requirements
NONPUBLIC ENTITY REPORTINGPUBLIC COMPANY ANNUAL AND QUARTERLY REPORTING REQUIREMENTSREPORTING ON MANAGEMENT'S RESPONSIBILITIES FOR INTERNAL CONTROLREQUIRED COMPANY AND AUDITOR COMMUNICATIONSREPORTING THE REMEDIATION OF WEAKNESSESCOORDINATING WITH THE INDEPENDENT AUDITORS AND LEGAL COUNSEL
CHAPTER TWELVE: Project Management and Tools Assessment Design
PROJECT MANAGEMENTSTRUCTURING THE PROJECT TEAMTOOLS ASSESSMENT DESIGNFEATURES OF A GOOD TOOLS SOLUTIONVALUE OF A PILOT PROJECTCOORDINATING WITH THE INDEPENDENT AUDITORS
CHAPTER THIRTEEN: Illustrative Forms and Templates
HISTORICAL PERSPECTIVE2013 FRAMEWORK EXAMPLES
CHAPTER FOURTEEN: Summing Up
About the Author
Index

Content preview from Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework

CHAPTER FOUR

Control Environment

THE CONTROL ENVIRONMENT sets the overall tone of the entity. It influences the control consciousness of the people within the organization and is the foundation for all other components of internal control. Various writings have stated the critical importance of this component in the overall Framework. Indeed, it holds a trump card role in the overall assessment, as it is difficult to imagine an effective system of internal control with a defective control environment. Management override of controls, a common element in many frauds, shows how controls over transactions and policies and procedures can be defeated by the willful action of executives and senior management. Additional tools have been encouraged to mitigate allowing such actions to go unnoticed or unchallenged; these include the antifraud controls of hotline reporting and the implementation of whistleblowing laws meant to protect employees who report issues.

While a superior control environment may go a long way toward an assessment of effective controls, it cannot carry the weight of the whole assessment, as all the various components need to be working in an integrated fashion to be able to conclude the controls over financial reporting are effective. In addition, the principles in this component ask for subjective judgments, reducing the precision with which these assessments are made.

Following is a discussion of the principles highlighted in the revised Framework that contribute ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Auditing IT Infrastructures for Compliance, 2nd Edition

Publisher Resources

ISBN: 9781118996218Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework

by Lynford Graham

CHAPTER FOUR

Control Environment

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.