- ホーム
- > 洋書
- > 英文書
- > Business / Economics
Full Description
For the first time, smaller public companies must now comply with Sarbanes-Oxley 404. This book provides updated citations and references to SEC and PCAOB materials, links to current guidance on-line, and specific guidance to companies on working with auditors to achieve benefits and cost reductions. It also provides coverage of IT and IT general controls, and clarifies guidance directed to companies versus guidance directed to auditors. Business professionals will receive advice on working with auditors to achieve benefits and cost reductions.
Contents
Preface ix Acknowledgments xi About the Author xiii CHAPTER 1 Introduction and Company Requirements 1 Chapter Summary 1 Lessons Learned 1 Management s Evaluation of Internal Control 4 SEC Company Requirements 8 Working with the Independent Auditors 23 CHAPTER 2 The COSO Internal Control Framework 25 Chapter Summary 25 Need for Control Criteria 25 The Triangle of Efficiency 26 COSO Internal Control Integrated Framework 27 Information and Communication 50 Internal Control for Small Businesses 54 Information Technology Controls 58 Control Objectives and Assertions: The Building Blocks of Controls Documentation 64 Example Control Objectives by COSO Component 65 Appendix 2A: Understanding and Awareness of Control Responsibilities 71 Appendix 2B: Management Antifraud Programs and Controls: An Element of the Control Environment 73 Appendix 2C: Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees 95 CHAPTER 3 Project Scoping 97 Chapter Summary 97 Introduction 97 Does In Scope Imply Extensive Testing? 100 Review Obvious Information Sources 103 A Process for Risk Assessment 116 Appendix 3A: Summary of Scoping Inquiries 133 Appendix 3B: Understanding Fraud Risk Assessment 137 CHAPTER 4 Project Planning 143 Chapter Summary 143 Objective of Planning 143 Information Gathering for Decision Making 144 Structuring the Project Team 147 Consider Project Tools and Software 153 Consider a Pilot Project 163 Coordinating with the Independent Auditors 167 Documenting Your Planning Decisions 169 CHAPTER 5 Documentation of Internal Controls 173 Chapter Summary 173 Importance of Documentation 173 Assessing the Adequacy of Existing Documentation 175 Documentation Supporting the Control Environment 177 Documenting Activity-Level Controls 182 Finding Control Activity Control Objectives 208 Appendix 5A: Sample Control Objectives for Major Control Activities 210 Appendix 5B: Linkage of Significant Control Objectives to Example Control Policies and Procedures 223 CHAPTER 6 Testing and Evaluating Entity-Level Controls 231 Chapter Summary 231 Overall Objective of Testing Entity-Level Controls 231 Testing Techniques and Evidence 234 Evaluating the Effectiveness of Entity-Level Controls 252 Documenting Test Results 257 Appendix 6A: Conducting Interviews: Gathering Internal Control Information 259 Appendix 6B: Example Practice Aids Gathering Internal Control Information 267 Appendix 6C: Example Inquiries of Management Regarding Entity-Level Controls Gathering Internal Control Information 274 CHAPTER 7 Testing and Evaluating Activity-Level Controls 281 Chapter Summary 281 Introduction 281 Confirm Your Understanding of the Design of Controls First 281 Assessing the Effectiveness of Design 286 Assessing Operating Effectiveness 288 Evaluating Test Results 304 Documentation of Test Procedures and Results 305 Interactions with the Independent Auditors 305 Appendix 7A: Sample Size Tutorial 307 Appendix 7B: Example Inquiries 310 CHAPTER 8 Evaluating Control Deficiencies and Reporting on Internal Control Effectiveness 313 Chapter Summary 313 Control Deficiencies 313 Evaluating Control Deficiencies 314 Annual and Quarterly Reporting Requirements 326 Reporting on Management s Responsibilities for Internal Control 332 Required Company and Auditor Communications 333 Reporting the Remediation of Weaknesses 337 Coordinating with the Independent Auditors and Legal Counsel 337 Appendix 8A: Action Plan: Reporting 339 Appendix 8B: Assessing the Potential Magnitude of a Control Deficiency 341 KEY RESOURCES 345 Final Rule: Management's Report on Internal Control over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports 345 Index
