Internal Control Audit and Compliance
Documentation and Testing Under the New COSO Framework
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Internal Control Audit and Compliance
Documentation and Testing Under the New COSO Framework
About This Book
Ease the transition to the new COSO framework with practical strategy
Internal Control Audit and Compliance provides complete guidance toward the latest framework established by the Committee of Sponsoring Organizations (COSO). With clear explanations and expert advice on implementation, this helpful guide shows auditors and accounting managers how to document and test internal controls over financial reporting with detailed sections covering each element of the framework. Each section highlights the latest changes and new points of emphasis, with explicit definitions of internal controls and how they should be assessed and tested. Coverage includes easing the transition from older guidelines, with step-by-step instructions for implementing the new changes. The new framework identifies seventeen new principles, each of which are explained in detail to help readers understand the new and emerging best practices for efficiency and effectiveness.
The revised COSO framework includes financial and non-financial reporting, as well as both internal and external reporting objectives. It is essential for auditors and controllers to understand the new framework and how to document and test under the new guidance. This book clarifies complex codification and provides an effective strategy for a more rapid transition.
- Understand the new COSO internal controls framework
- Document and test internal controls to strengthen business processes
- Learn how requirements differ for public and non-public companies
- Incorporate improved risk management into the new framework
The new framework is COSO's first complete revision since the release of the initial framework in 1992. Companies have become accustomed to the old guidelines, and the necessary procedures have become routine ā making the transition to align with the new framework akin to steering an ocean liner. Internal Control Audit and Compliance helps ease that transition, with clear explanation and practical implementation guidance.
Frequently asked questions
Chapter 1
What We All Share
Need for Control Criteria
Overview of the COSO Internal Control Integrated Framework
- Control environment
- Risk assessment
- Control procedures
- Information and communication
- Monitoring
Holistic, Integrated View
- Control environment. Senior management must set an appropriate tone at the top that positively influences the control consciousness of entity personnel. The control environment is the foundation for all other components of internal controls and provides discipline and structure.
- Risk assessment. The entity must be aware of and deal with the financial reporting risks it faces. It must set objectives, integrated throughout its activities, so that the organization is operating in concert. Once these objectives are set, the entity is in a better position to identify the risks to achieving those objectives and to analyze and develop ways to manage them.
- Control activities. Control policies and procedures must be established and executed to help ensure transactions being processed on a day-to-day basis, such as sales and expense transactions, or on a periodic basis, such as accruals and consolidations, are resulting in complete and accurate accounting recognition.
- Information and communication. Surrounding the control activities are information and communication systems, including the accounting system. Whether manual or most likely today implemented using automated (computer) systems, they enable the entity's people to capture and exchange the information needed to conduct, manage, and control its operations. The information and communication component is comprised of both internal (e.g., management, governance) and external communications (e.g., shareholders, prospective investors, or creditors).
- Monitoring. The COSO Framework identifies monitoring as the responsibility of management. The auditor is not a part of the entity's system of internal control. The entire company control process should be monitored on a regular basis by management, and issues that arise should be communicated appropriately within the organization. In this way, the system should be in a position to react dynamically, as changing as conditions warrant, and not require that special procedures or independent audit procedures detect these problems. The company is expected to be proactive in identifying and correcting control deficiencies.
Table of contents
- Cover
- Title Page
- Copyright
- Preface
- Acknowledgments
- Chapter 1: What We All Share
- Chapter 2: Setting the Scope of Your Documentation Project: Identifying the Core
- Chapter 3: The Risk Assessment Component
- Chapter 4: Control Environment
- Chapter 5: Control Activities
- Chapter 6: Information and Communication
- Chapter 7: Monitoring
- Chapter 8: Evidence and Testing
- Chapter 9: Developing Questionnaires and Conducting Interviews
- Chapter 10: Assessing the Severity of Identified Controls Deficiencies
- Chapter 11: Reporting Requirements
- Chapter 12: Project Management and Tools Assessment Design
- Chapter 13: Illustrative Forms and Templates
- Chapter 14: Summing Up
- About the Author
- Index
- End User License Agreement