Preface.
Chapter 1: Understand the SEC's Guidance for Management.
Purpose of Internal Control over Financial Reporting.
Evaluation Process.
Reporting Considerations.
Rule Amendments and other SEC Guidance Related to Internal Control over Financial Reporting.
Chapter 2: The PCAOB's Auditing Standard No. 5.
Eight Concepts to Focus the Audit on Matters Most Important to Internal Control.
New Emphasis on Entity-Level Controls
Importance of a Fraud Risk Assessment.
Tips to Eliminate Unneccessary Procedures.
Scaling Audits for Smaller Companies.
Chapter 3: SEC's Guidance on a Risk-Based Approach.
Highlights of the SEC Staff Statement.
Staff's Emphasis on Reasonable Assurance.
Comments on Evaluating Internal Control Deficiencies.
Disclosures about Material Weaknesses.
Information Technology Comments from the Staff.
Communications with Auditors: An Unintended Consequence.
Message for Small Business Issuers and Foreign Private Issuers.
Chapter 4: Highlights of the PCAOB's May 2005 Policy Statement.
Policy Statement Highlights.
Integrating the Financial and Internal Control Auidts.
Importance of Professional Judgment.
Top-Down Approach and Role of Risk Assessment.
When Auditors Can Use the Work of Others.
Auditors' Ability to Provide Advice to Audit Clients.
How the PCAOB Inspections Help Drive Improvements.
A Final Comment.
Chapter 5: Starting at the Top: Using Entity-Level Controls to Create Efficiencies.
What are Entity-Level Controls?
How Strong Entity-Level Controls Can Reduce the Scope of Your Program.
How to Apply COSO's Recent Internal Control Guidance.
How to Create a Winning Control Environment.
Steps for Creating a Useful Risk Assessment Process.
Control Activities.
Creating an Effective Information and Communication Program.
How to Implement Successful Monitoring Controls.
How to Assign Roles and Responsibilities to Enhance Internal Controls.
Small-Company Issues for Implementing Entity-Level Controls.
Summary of COSO's Guidance for Smaller Public Companies.
Chapter 6: Minimizing Excess through Proper Scoping and Planning Practices.
Scoping Analysis Event or Process?
How to Determine Materiality for Scoping Purposes.
How to Use a Top-Down, Risk-Based Approach to Reduce the Scope of Your Program.
Methods for Determining Significant Locations.
Specific Areas Included and Excluded by the PCAOB.
PCAOB and SEC Guidance on Other Common Scoping Issues.
Tips for Resource Planning and Developing Useful Timelines.
Chapter 7: Advantageous Project Management Techniques.
11 Areas of Focus for the Second Year and Beyond.
How to Increase Productivity with a Sound Management Approach.
Aim for the Target Instead of the Way to Get There.
More Project Management Tips.
Staffing Strategies.
Restructuring the Organizational Chart for Sustainability.
How to Communicate Effectively through Emails, Meetings, and Advisories.
Tactics for Dealing with Business Changes for Sections 302 and 404 Compliance.
Chapter 8: Streamlining Documentation.
Three Ideas to Improve Your Overall Documentaion Process.
Clearing the Clutter: How to Create and Maintain Meaningful Control Matrices.
Using Relevant Financial Assertions for Planning Purposes.
Financial Assertion Help for Nonauditors
Techniques for Scrutinizing the Number of Key Controls.
How to Reduce and Improve Controls with Standardization.
Practical Ideas for Documentation at International Locations.
How to Create an Effective Spreadsheet Control Program.
How to Create Strong Financial Reporting Controls.
Tools for Assessing Control Design.
An Alternative to Gap Remediation.
Three More Ideas for Improving Documentation.Â
Chapter 9: Economical Testing Techniques.
Testing Control Design and Operating Effectiveness.
Practical Steps to Applying Guidance on the Nature, Timing, and Extent of Testing.
Suggestions for Testing Significant Manual and Nonroutine Transactions.
Using Update Tests to Ease the Burden of Testing at Year-End.
Five Ideas for the Timing of Control Tests.
Types of Control Tests and When to Use Them.
Why Your Should Minimize the Use of Self-Assessment Tests.
Maximizing Your Auditors' Reliance on the Work of Others.
More Inspiration on Efficient Testing.
Chapter 10: Methods for Remediation Madness.
Do All Controls Have to Be Remediated?
For-Now Approach to Remediation.
Creating Meaningful Remediation Plans.
Nine Practice Tips for the Remediation Phase.
Sufficient Periods for Remediated Controls.
Steps to Prepare for Retesting.
Project Management Tools for Remediation.
Chapter 11: Taking the Mystery out of Evaluating Deficiencies.
Deficiencies Defined.
Analytical Steps for Evaluating Deficiencies.
Are All Exceptions Considered Deficiencies?
Techniques for Aggregating Deficiencies.
Typical Material Weaknesses.
Unique Nature of IT General Control Deficiencies.
Market's Reaction to Process Specific versus Pervasive Material Weaknesses.
How to Improve Material Weakness Disclosures.
AS No. 4 and Reporting Whether a Previously Reported Material Weakness Still Exists.
Successful Communication of Deficiencies to Management and the Audit Committee.
Suggestions for Management's Final Assessment Report.Â
Chapter 12: Common Areas of Concern and How to Address Them.
Control Options for the Use of Service Organizations.
What to Do with Mergers and Acquisitions Activities.
A Unique Solution for Managing the Tax Process.
How to Minimize IT Developer Access to Production Issues.
What to Do When Your ERP System Is Not Compatible with Your Access Controls.
Tips for Changing ERP System and Staying SOX Compliant.
Practical Ideas for Document Retention Requirements.
Thoughts on Changing Accounting Firms.
Appendix A: Simplified Sample Entity-Level Control Matrices.
Appendix B: COSO's Internal Controls Checklist for Entity-Level Controls.
Appendix C: Standardized Period-End Process Control Matrix.
Appendix D: PCAOB Staff Question-and-Answer Index.
Appendix E: SEC Office of the Chief Accountant Frequently Asked Questions Index.
Appendix F: Summary of Changes Made to Auditing Standard No. 2 and the Related New Guidance.
Index.
