Praise for Internal Control Strategies A Mid to Small Business Guide\ "Internal Control Strategies is an excellent field guide for the implementation and maintenance of efficient and effective internal control systems. The book provides a practical approach to interpreting guidance from oversight agencies and integrating it with industry practice in a real-world environment. This handbook is an essential tool for managers and professionals going through the day-to-day struggle of managing...
Internal Control StrategiesA Mid to Small Business Guide As of December 2007, the SEC required all publicly traded companies to attest to the effectiveness of their internal controls in accordance with sections 302 and 404 of the Sarbanes-Oxley Act. Already a requirement for accelerated filers, an external auditors' report on internal control will soon be required for non-accelerated filers. While many larger companies spent millions of dollars implementing internal control programs, smaller budget-conscious companies may still be struggling with their compliance programs without the option of expensive advisors and systems. Internal Control Strategies: A Mid to Small Business Guide provides smaller, publicly traded companies with clear guidance on creating strong but streamlined internal control programs. Designed to be a resource of truly practical ideas for controllers, business managers, and auditors to cut costs and reduce time, this timely book expertly reveals how both accelerated and non-accelerated filers can implement effective internal controls and covers: The SEC's guidance for management The PCAOB's guidance on implementing auditing standard No. 5 Using entity-level controls to create efficiencies Minimizing excess costs through proper scoping practices Advantageous project management techniques Streamlining documentation Economical testing tips Successful methods for remediation Simplified tools for evaluating deficiencies Common areas of concern and how to address them With discussion of the latest PCAOB, SEC, and COSO guidance in nontechnical, easy-to-understand language, Internal Control Strategies: A Mid to Small Business Guide provides auditing professionals with useful advice and distinct practice tips for each phase of sections 302 and 404 compliance. This hands-on guide is a must-read for every business serious about identifying and understanding operational threats and monitoring the health of their internal control structure.
Preface ixUnderstanding the SEC's Guidance for Management 1Purpose of Internal Control over Financial Reporting 1Evaluation Process 5Reporting Considerations 12Rule Amendments and other SEC Guidance Related to Internal Control over Financial Reporting 14The PCAOB's Auditing Standard No. 5 19Eight Concepts to Focus the Aduit on Matters Most Important to Internal Control 20New Emphasis on Entity-Level Controls 28Importance of a Fraud Risk Assessment 29Tips to Eliminate Unnecessary Procedures 30Scaling Audits for Smaller Companies 36SEC's Guidance on a Risk-Based Approach 39Highlights of the SEC Staff Statement 40Staff's Emphasis on Reasonable Assurance 41Comments on Evaluating Internal Control Deficiencies 45Disclosures about Material Weaknesses 46Information Technology Comments from the Staff 47Communications with Auditors: An Unintended Consequence 48Message for Small Business Issuers and Foreign Private Issuers 50Highlights of the PCAOB's May 2005 Policy Statement 51Policy Statement Highlights 52Integrating the Financial and Internal Control Audits 52Importance of Professional Judgment 55Top-Down Approach and Role of Risk Assessment 56When Auditors Can Use the Work of Others 57Auditors' Ability to Provide Advice to Audit Clients 57How the PCAOB Inspections Help Drive Improvements 59A Final Comment 59Starting at the Top: Using Entity-Level Controls to Create Efficiencies 61What are Entity-Level Controls? 61How Strong Entity-Level Controls Can Reduce the Scope of Your Program 62How to Apply COSO's Recent Internal Control Guidance 65How to Create a Winning Control Environment 66Steps for Creating a Useful Risk Assessment Process 76Control Activities 85Creating an Effective Information and Communication Program 85How to Implement Successful Monitoring Controls 90How to Assign Roles and Responsibilities to Enhance Internal Controls 94Small-Company Issues for Implementing Entity-Level Controls 98Summary of COSO's Guidance for Smaller Public Companies 103Minimizing Excess through Proper Scoping and Planning Practices 105Scoping Analysis: Event or Process? 106How to Determine Materiality for Scoping Purposes 106How to Use a Top-Down, Risk-Based Approach to Reduce the Scope of Your Program 111Methods for Determining Significant Locations 116Specific Areas Included and Excluded by the PCAOB 120PCAOB and SEC Guidance on Other Common Scoping Issues 123Tips for Resource Planning and Developing Useful Timelines 124Advantageous Project Management Techniques 12711 Areas of Focus for the Second Year and Beyond 128How to Increase Productivity with a Sound Management Approach 129Aim for the Target Instead of the Way to Get There 130More Project Management Tips 135Staffing Strategies 138Restructuring the Organizational Chart for Sustainability 144How to Communicate Effectively through Emails, Meetings, and Advisories 148Tactics for Dealing with Business Changes for Sections 302 and 404 Compliance 150Streamlining Documentation 155Three Ideas to Improve Your Overall Documentation Process 157Clearing the Clutter: How to Create and Maintain Meaningful Control Matrices 159Using Relevant Financial Assertions for Planning Purposes 161Financial Assertion Help for Nonauditors 162Techniques for Scrutinizing the Number of Key Controls 163How to Reduce and Improve Controls with Standardization 166Practical Ideas for Documentation at International Locations 168How to Create an Effective Spreadsheet Control Program 169How to Create Strong Financial Reporting Controls 172Tools for Assessing Control Design 175An Alternative to Gap Remediation 176Three More Ideas for Improving Documentation 177Economical Testing Techniques 181Testing Control Design and Operating Effectiveness 181Practical Steps to Applying Guidance on the Nature, Timing, and Extent of Testing 182Suggestions for Testing Significant Manual and Nonroutine Transactions 184Using Update Tests to Ease the Burden of Testing at Year-End 186Five Ideas for the Timing of Control Tests 190Types of Control Tests and When to Use Them 194Why You Should Minimize the Use of Self-Assessment Tests 197Maximizing Your Auditors' Reliance on the Work of Others 199More Inspiration on Efficient Testing 210Methods for Remediation Madness 215Do All Controls Have to Be Remediated? 216For-Now Approach to Remediation 217Creating Meaningful Remediation Plans 218Nine Practice Tips for the Remediation Phase 218Sufficient Periods for Remediated Controls 221Steps to Prepare for Retesting 222Project Management Tools for Remediation 223Taking the Mystery out of Evaluating Deficiencies 227Deficiencies Defined 228Analytical Steps for Evaluating Deficiencies 230Are All Exceptions Considered Deficiencies? 235Techniques for Aggregating Deficiencies 237Typical Material Weaknesses 239Unique Nature of IT General Control Deficiencies 240Market's Reaction to Process Specific versus Pervasive Material Weaknesses 242How to Improve Material Weakness Disclosures 244AS No. 4 and Reporting Whether a Previously Reported Material Weakness Still Exists 245Successful Communication of Deficiencies to Management and the Audit Committee 246Suggestions for Management's Final Assessment Report 247Common Areas of Concern and How to Address Them 251Control Options for the Use of Service Organizations 252What to Do with Mergers and Acquisitions Activities 258A Unique Solution for Managing the Tax Process 261How to Minimize IT Developer Access to Production Issues 263What to Do When Your ERP System Is Not Compatible with Your Access Controls 264Tips for Changing ERP Systems and Staying SOX Compliant 266Practical Ideas for Document Retention Requirements 267Thoughts on Changing Accounting Firms 269Simplified Sample Entity-Level Control Matrices 271COSO's Internal Controls Checklist for Entity-Level Controls 279Standardized Period-End Process Control Matrix 283PCAOB Staff Question-and-Answer Index 287SEC Office of the Chief Accountant Frequently Asked Questions Index 291Summary of Changes Made to Auditing Standard No. 2 and the Related New Guidance 295Index 301