You have no items in your shopping cart.

Internal Control Audit and Compliance

Internal Control Audit and Compliance Documentation and Testing Under the New COSO Framework

  • Author:
  • Publisher: John Wiley & Sons
  • ISBN: 9781118996218
  • Published In: February 2015
  • Format: Hardback , 416 pages
  • Jurisdiction: U.S. ? Disclaimer:
    Countri(es) stated herein are used as reference only
HKD 950.00
Delivery Time: around 4-5 weeks
Extra 2-10 working days if shipping address outside Hong Kong
Free delivery Hong Kong?
Hong Kong: free delivery (order over HKD 1000)
OR
  • Description 
  • Contents 
  • Author 
  • Details

    Ease the transition to the new COSO framework with practical strategy

    Internal Control Audit and Compliance provides complete guidance toward the latest framework established by the Committee of Sponsoring Organizations (COSO). With clear explanations and expert advice on implementation, this helpful guide shows auditors and accounting managers how to document and test internal controls over financial reporting with detailed sections covering each element of the framework. Each section highlights the latest changes and new points of emphasis, with explicit definitions of internal controls and how they should be assessed and tested. Coverage includes easing the transition from older guidelines, with step-by-step instructions for implementing the new changes. The new framework identifies seventeen new principles, each of which are explained in detail to help readers understand the new and emerging best practices for efficiency and effectiveness.

    The revised COSO framework includes financial and non-financial reporting, as well as both internal and external reporting objectives. It is essential for auditors and controllers to understand the new framework and how to document and test under the new guidance. This book clarifies complex codification and provides an effective strategy for a more rapid transition.

    • Understand the new COSO internal controls framework
    • Document and test internal controls to strengthen business processes
    • Learn how requirements differ for public and non-public companies
    • Incorporate improved risk management into the new framework

    The new framework is COSO's first complete revision since the release of the initial framework in 1992. Companies have become accustomed to the old guidelines, and the necessary procedures have become routine – making the transition to align with the new framework akin to steering an ocean liner. Internal Control Audit and Compliance helps ease that transition, with clear explanation and practical implementation guidance.

  • Preface xi

    Acknowledgments xv

    Chapter 1: What We All Share 1

    Need for Control Criteria 1

    Overview of the COSO Internal Control Integrated Framework 2

    Holistic, Integrated View 3

    Revised COSO Internal Controls Framework 6

    What We Must Do 8

    Basic Scoping and Strategies for Maintenance 11

    Where We Depart 12

    Triangle of Efficiency 13

    Controls versus Processes 14

    The Debate Continues 18

    Organization of This Book 18

    Appendix 1A: COSO 17 Principles 20

    Chapter 2: Setting the Scope of Your Documentation Project: Identifying the Core 21

    Start with Business Objectives 21

    After the Initial Year 24

    Mapping the Entity to the Financial Statements: Ins and Outs 25

    Consider Risks, Not Just Quantitative Measures 27

    Inherent and Control Risk 28

    Overstatement and Understatement 28

    Does “In Scope” Imply Extensive Testing? 37

    A Consolation 39

    Be Careful Out There! 40

    Appendix 2A: Summary of Scoping Inquiries 42

    Chapter 3: The Risk Assessment Component 45

    Risk Assessment Principles in COSO 46

    Cost Control 46

    Basics 47

    Likelihood, Magnitude, Velocity, and Persistence 48

    Separate Assessments of Inherent and Control Risks 50

    Role of Assertions 51

    Assertions 52

    Principles 6 and 7: Specify Suitable Objectives; Identify and Analyze Risk 56

    Identifying Risks 59

    External Sources of Risk Information 60

    Internal and External Reporting Risks 61

    Compliance Risks 61

    Disclosed Material Weaknesses in Risk Assessment 62

    Principle 8: Assess Fraud Risk 62

    Auditor Responsibility to Detect Fraud 65

    Antifraud Controls for Management to Consider 66

    Ties to Other Principles and Components 66

    Principle 9: Identify and Assess Significant Change 66

    Gathering Information to Support the Risk Assessment and Consider Change 68

    Appendix 3A: SAS No. 99 Exhibit: Management Antifraud Programs and Controls 72

    Attachment 1: AICPA “CPA’s Handbook of Fraud and Commercial Crime Prevention” Code of Conduct 87

    Attachment 2: Financial Executives International Code of Ethics Statement 91

    Appendix 3B: Understanding Fraud Risk Assessment 93

    Chapter 4: Control Environment 99

    Principle 1: Commitment to Integrity and Ethical Values 100

    Principle 2: Board of Directors (Governance) Demonstrates Independence from Management and Exercises Oversight of the Development and Performance of Internal Control 104

    Principle 3: Management Establishes, with Board Oversight, Structures, Reporting Lines, and Appropriate Authorities and Responsibilities in the Pursuit of Objectives 109

    Principle 4: Commitment to Attract, Develop, and Retain Competent Individuals in Alignment with Objectives 110

    Principle 5: The Organization Holds Individuals Accountable for Their Internal Control Responsibilities in the Pursuit of Objectives 113

    Appendix 4A: Understanding and Awareness of Control Responsibilities 117

    Chapter 5: Control Activities 120

    Principle 10: Selects and Develops Control Activities to Mitigate Risk and Achieve Objectives 120

    Principle 11: Selects and Develops General Controls over Technology 132

    Principle 12: Deploys through Policies and Procedures 141

    Summing Up 143

    Appendix 5A: Linking Common Control Activities and Assertions 146

    Appendix 5B: Linkage of Principles to Controls, Policies, and Procedures 158

    Chapter 6: Information and Communication 165

    Principle 13: Generates Relevant Information 166

    Principle 14: Communicates Internally 168

    Principle 15: Communicates Externally 170

    Chapter 7: Monitoring 173

    Principle 16: Select, Develop, and Perform Ongoing and/or Separate Evaluations 174

    Principle 17: Evaluate and Communicate Deficiencies as Appropriate 176

    Chapter 8: Evidence and Testing 179

    Sufficient Evidence 179

    Gathering Information 187

    Testing and Sampling 194

    Nonsampling Situations 202

    Confusion of Sample Size Guidance in Practice Today 203

    Information Technology General Controls 204

    Testing Security and Access 205

    Appendix 8A: Sample Size Tutorial 211

    Chapter 9: Developing Questionnaires and Conducting Interviews 217

    Surveys of Employees 219

    Conducting Interviews 224

    Management Inquiries: Sample Questions 234

    Appendix 9A: Sample Practice Aids 239

    Chapter 10: Assessing the Severity of Identified Controls Deficiencies 248

    It’s Inevitable 248

    Alignment of Public and Private Company Standards for Assessing Deficiency Severity 251

    Control Deficiencies and Definitions 252

    Key Factors When Assessing the Severity of a Deficiency 263

    Conditions Indicating Control Deficiencies 270

    Examples of Evaluating the Severity of Deficiencies 277

    Overall Assessment 281

    Appendix 10A: A Framework for Evaluating Control Exceptions and Deficiencies 283

    Appendix 10B: Assessing the Potential Magnitude of a Control Deficiency 299

    Chapter 11: Reporting Requirements 302

    Nonpublic Entity Reporting 302

    Public Company Annual and Quarterly Reporting Requirements 304

    Reporting on Management’s Responsibilities for Internal Control 309

    Required Company and Auditor Communications 312

    Reporting the Remediation of Weaknesses 314

    Coordinating with the Independent Auditors and Legal Counsel 315

    Appendix 11A: Illustrative AICPA Report on Internal Controls 316

    Chapter 12: Project Management and Tools Assessment Design 318

    Project Management 318

    Structuring the Project Team 319

    Tools Assessment Design 325

    Features of a Good Tools Solution 326

    Value of a Pilot Project 331

    Coordinating with the Independent Auditors 334

    Chapter 13: Illustrative Forms and Templates 337

    Historical Perspective 338

    2013 Framework Examples 340

    Appendix 13A: Information-Gathering Form—Principle Focused 348

    Appendix 13B: Information Gathering Form—Revenue 350

    Appendix 13C: Walk-through Documentation Form 353

    Appendix 13D: Information Technology General Controls Assessment Form 355

    Appendix 13E: Documentation of Financial Reporting Software and Spreadsheets 364

    Appendix 13F: Sampling Form for Tests of Controls 368

    Appendix 13G: Summary of Internal Control Deficiencies 371

    Appendix 13H: Control Environment Component Evaluation Summary 372

    Chapter 14: Summing Up 373

    About the Author 375

    Index 377

  • LYNFORD GRAHAM, CPA, has more than 30 years of public accounting experience in audit practice and in various national firm policy development groups. He is a visiting professor of accountancy and executive-in-residence at Bentley University, Waltham, MA. He currently maintains an active consultancy practice in statistical audit sampling, litigation support, and audit methodologies, and develops numerous training seminars for conferences and firms.

You may also be interested in these books: