Internal Control Strategies: A Mid to Small Business GuideISBN: 978-0-470-37619-5
Hardcover
320 pages
September 2008
This is a Print-on-Demand title. It will be printed specifically to fill your order. Please allow an additional 10-15 days delivery time. The book is not returnable.
|
Preface ix
Chapter 1 Understanding the SEC’s Guidance for Management 1
Purpose of Internal Control over Financial Reporting 1
Evaluation Process 5
Reporting Considerations 12
Rule Amendments and other SEC Guidance Related to Internal Control over Financial Reporting 14
Chapter 2 The PCAOB’s Auditing Standard No. 5 19
Eight Concepts to Focus the Audit on Matters Most Important to Internal Control 20
New Emphasis on Entity-Level Controls 28
Importance of a Fraud Risk Assessment 29
Tips to Eliminate Unnecessary Procedures 30
Scaling Audits for Smaller Companies 36
Chapter 3 SEC’s Guidance on a Risk-Based Approach 39
Highlights of the SEC Staff Statement 40
Staff’s Emphasis on Reasonable Assurance 41
Comments on Evaluating Internal Control Deficiencies 45
Disclosures about Material Weaknesses 46
Information Technology Comments from the Staff 47
Communications with Auditors: An Unintended Consequence 48
Message for Small Business Issuers and Foreign Private Issuers 50
Chapter 4 Highlights of the PCAOB’s May 2005 Policy Statement 51
Policy Statement Highlights 52
Integrating the Financial and Internal Control Audits 52
Importance of Professional Judgment 55
Top-Down Approach and Role of Risk Assessment 56
When Auditors Can Use the Work of Others 57
Auditors’ Ability to Provide Advice to Audit Clients 57
How the PCAOB Inspections Help Drive Improvements 59
A Final Comment 59
Chapter 5 Starting at the Top: Using Entity-Level Controls to Create Efficiencies 61
What are Entity-Level Controls? 61
How Strong Entity-Level Controls Can Reduce the Scope of Your Program 62
How to Apply COSO’s Recent Internal Control Guidance 65
How to Create a Winning Control Environment 66
Steps for Creating a Useful Risk Assessment Process 76
Control Activities 85
Creating an Effective Information and Communication Program 85
How to Implement Successful Monitoring Controls 90
How to Assign Roles and Responsibilities to Enhance Internal Controls 94
Small-Company Issues for Implementing Entity-Level Controls 98
Summary of COSO’s Guidance for Smaller Public Companies 103
Chapter 6 Minimizing Excess through Proper Scoping and Planning Practices 105
Scoping Analysis: Event or Process? 106
How to Determine Materiality for Scoping Purposes 106
How to Use a Top-Down, Risk-Based Approach to Reduce the Scope of Your Program 111
Methods for Determining Significant Locations 116
Specific Areas Included and Excluded by the PCAOB 120
PCAOB and SEC Guidance on Other Common Scoping Issues 123
Tips for Resource Planning and Developing Useful Timelines 124
Chapter 7 Advantageous Project Management Techniques 127
11 Areas of Focus for the Second Year and Beyond 128
How to Increase Productivity with a Sound Management Approach 129
Aim for the Target Instead of the Way to Get There 130
More Project Management Tips 135
Staffing Strategies 138
Restructuring the Organizational Chart for Sustainability 144
How to Communicate Effectively through Emails, Meetings, and Advisories 148
Tactics for Dealing with Business Changes for Sections 302 and 404 Compliance 150
Chapter 8 Streamlining Documentation 155
Three Ideas to Improve Your Overall Documentation Process 157
Clearing the Clutter: How to Create and Maintain Meaningful Control Matrices 159
Using Relevant Financial Assertions for Planning Purposes 161
Financial Assertion Help for Nonauditors 162
Techniques for Scrutinizing the Number of Key Controls 163
How to Reduce and Improve Controls with Standardization 166
Practical Ideas for Documentation at International Locations 168
How to Create an Effective Spreadsheet Control Program 169
How to Create Strong Financial Reporting Controls 172
Tools for Assessing Control Design 175
An Alternative to Gap Remediation 176
Three More Ideas for Improving Documentation 177
Chapter 9 Economical Testing Techniques 181
Testing Control Design and Operating Effectiveness 181
Practical Steps to Applying Guidance on the Nature, Timing, and Extent of Testing 182
Suggestions for Testing Significant Manual and Nonroutine Transactions 184
Using Update Tests to Ease the Burden of Testing at Year-End 186
Five Ideas for the Timing of Control Tests 190
Types of Control Tests and When to Use Them 194
Why You Should Minimize the Use of Self-Assessment Tests 197
Maximizing Your Auditors’ Reliance on the Work of Others 199
More Inspiration on Efficient Testing 210
Chapter 10 Methods for Remediation Madness 215
Do All Controls Have to Be Remediated? 216
For-Now Approach to Remediation 217
Creating Meaningful Remediation Plans 218
Nine Practice Tips for the Remediation Phase 218
Sufficient Periods for Remediated Controls 221
Steps to Prepare for Retesting 222
Project Management Tools for Remediation 223
Chapter 11 Taking the Mystery out of Evaluating Deficiencies 227
Deficiencies Defined 228
Analytical Steps for Evaluating Deficiencies 230
Are All Exceptions Considered Deficiencies? 235
Techniques for Aggregating Deficiencies 237
Typical Material Weaknesses 239
Unique Nature of IT General Control Deficiencies 240
Market’s Reaction to Process Specific versus Pervasive Material Weaknesses 242
How to Improve Material Weakness Disclosures 244
AS No. 4 and Reporting Whether a Previously Reported Material Weakness Still Exists 245
Successful Communication of Deficiencies to Management and the Audit Committee 246
Suggestions for Management’s Final Assessment Report 247
Chapter 12 Common Areas of Concern and How to Address Them 251
Control Options for the Use of Service Organizations 252
What to Do with Mergers and Acquisitions Activities 258
A Unique Solution for Managing the Tax Process 261
How to Minimize IT Developer Access to Production Issues 263
What to Do When Your ERP System Is Not Compatible with Your Access Controls 264
Tips for Changing ERP Systems and Staying SOX Compliant 266
Practical Ideas for Document Retention Requirements 267
Thoughts on Changing Accounting Firms 269
Appendix A Simplified Sample Entity-Level Control Matrices 271
Appendix B COSO’s Internal Controls Checklist for Entity-Level Controls 279
Appendix C Standardized Period-End Process Control Matrix 283
Appendix D PCAOB Staff Question-and-Answer Index 287
Appendix E SEC Office of the Chief Accountant Frequently Asked Questions Index 291
Appendix F Summary of Changes Made to Auditing Standard No. 2 and the Related New Guidance 295
Index 301