{"product_id":"internal-control-audit-and-compliance-isbn-9781118996218","title":"Internal Control Audit and Compliance","description":"\u003cb\u003eEase the transition to the new COSO framework with practical strategy\u003c\/b\u003e  \u003cp\u003e\u003ci\u003eInternal Control Audit and Compliance\u003c\/i\u003e provides complete guidance toward the latest framework established by the Committee of Sponsoring Organizations (COSO). With clear explanations and expert advice on implementation, this helpful guide shows auditors and accounting managers how to document and test internal controls over financial reporting with detailed sections covering each element of the framework. Each section highlights the latest changes and new points of emphasis, with explicit definitions of internal controls and how they should be assessed and tested. Coverage includes easing the transition from older guidelines, with step-by-step instructions for implementing the new changes. The new framework identifies seventeen new principles, each of which are explained in detail to help readers understand the new and emerging best practices for efficiency and effectiveness.\u003c\/p\u003e \u003cp\u003eThe revised COSO framework includes financial and non-financial reporting, as well as both internal and external reporting objectives. It is essential for auditors and controllers to understand the new framework and how to document and test under the new guidance. This book clarifies complex codification and provides an effective strategy for a more rapid transition.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstand the new COSO internal controls framework\u003c\/li\u003e \u003cli\u003eDocument and test internal controls to strengthen business processes\u003c\/li\u003e \u003cli\u003eLearn how requirements differ for public and non-public companies\u003c\/li\u003e \u003cli\u003eIncorporate improved risk management into the new framework\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eThe new framework is COSO's first complete revision since the release of the initial framework in 1992. Companies have become accustomed to the old guidelines, and the necessary procedures have become routine – making the transition to align with the new framework akin to steering an ocean liner. \u003ci\u003eInternal Control Audit and Compliance\u003c\/i\u003e helps ease that transition, with clear explanation and practical implementation guidance.\u003c\/p\u003e \u003cp\u003ePreface xi\u003c\/p\u003e \u003cp\u003eAcknowledgments xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: What We All Share 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNeed for Control Criteria 1\u003c\/p\u003e \u003cp\u003eOverview of the COSO Internal Control Integrated Framework 2\u003c\/p\u003e \u003cp\u003eHolistic, Integrated View 3\u003c\/p\u003e \u003cp\u003eRevised COSO Internal Controls Framework 6\u003c\/p\u003e \u003cp\u003eWhat We Must Do 8\u003c\/p\u003e \u003cp\u003eBasic Scoping and Strategies for Maintenance 11\u003c\/p\u003e \u003cp\u003eWhere We Depart 12\u003c\/p\u003e \u003cp\u003eTriangle of Efficiency 13\u003c\/p\u003e \u003cp\u003eControls versus Processes 14\u003c\/p\u003e \u003cp\u003eThe Debate Continues 18\u003c\/p\u003e \u003cp\u003eOrganization of This Book 18\u003c\/p\u003e \u003cp\u003eAppendix 1A: COSO 17 Principles 20\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Setting the Scope of Your Documentation Project: Identifying the Core 21\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStart with Business Objectives 21\u003c\/p\u003e \u003cp\u003eAfter the Initial Year 24\u003c\/p\u003e \u003cp\u003eMapping the Entity to the Financial Statements: Ins and Outs 25\u003c\/p\u003e \u003cp\u003eConsider Risks, Not Just Quantitative Measures 27\u003c\/p\u003e \u003cp\u003eInherent and Control Risk 28\u003c\/p\u003e \u003cp\u003eOverstatement and Understatement 28\u003c\/p\u003e \u003cp\u003eDoes “In Scope” Imply Extensive Testing? 37\u003c\/p\u003e \u003cp\u003eA Consolation 39\u003c\/p\u003e \u003cp\u003eBe Careful Out There! 40\u003c\/p\u003e \u003cp\u003eAppendix 2A: Summary of Scoping Inquiries 42\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: The Risk Assessment Component 45\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRisk Assessment Principles in COSO 46\u003c\/p\u003e \u003cp\u003eCost Control 46\u003c\/p\u003e \u003cp\u003eBasics 47\u003c\/p\u003e \u003cp\u003eLikelihood, Magnitude, Velocity, and Persistence 48\u003c\/p\u003e \u003cp\u003eSeparate Assessments of Inherent and Control Risks 50\u003c\/p\u003e \u003cp\u003eRole of Assertions 51\u003c\/p\u003e \u003cp\u003eAssertions 52\u003c\/p\u003e \u003cp\u003ePrinciples 6 and 7: Specify Suitable Objectives; Identify and Analyze Risk 56\u003c\/p\u003e \u003cp\u003eIdentifying Risks 59\u003c\/p\u003e \u003cp\u003eExternal Sources of Risk Information 60\u003c\/p\u003e \u003cp\u003eInternal and External Reporting Risks 61\u003c\/p\u003e \u003cp\u003eCompliance Risks 61\u003c\/p\u003e \u003cp\u003eDisclosed Material Weaknesses in Risk Assessment 62\u003c\/p\u003e \u003cp\u003ePrinciple 8: Assess Fraud Risk 62\u003c\/p\u003e \u003cp\u003eAuditor Responsibility to Detect Fraud 65\u003c\/p\u003e \u003cp\u003eAntifraud Controls for Management to Consider 66\u003c\/p\u003e \u003cp\u003eTies to Other Principles and Components 66\u003c\/p\u003e \u003cp\u003ePrinciple 9: Identify and Assess Significant Change 66\u003c\/p\u003e \u003cp\u003eGathering Information to Support the Risk Assessment and Consider Change 68\u003c\/p\u003e \u003cp\u003eAppendix 3A: SAS No. 99 Exhibit: Management Antifraud Programs and Controls 72\u003c\/p\u003e \u003cp\u003eAttachment 1: AICPA “CPA’s Handbook of Fraud and Commercial Crime Prevention” Code of Conduct 87\u003c\/p\u003e \u003cp\u003eAttachment 2: Financial Executives International Code of Ethics Statement 91\u003c\/p\u003e \u003cp\u003eAppendix 3B: Understanding Fraud Risk Assessment 93\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Control Environment 99\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple 1: Commitment to Integrity and Ethical Values 100\u003c\/p\u003e \u003cp\u003ePrinciple 2: Board of Directors (Governance) Demonstrates Independence from Management and Exercises Oversight of the Development and Performance of Internal Control 104\u003c\/p\u003e \u003cp\u003ePrinciple 3: Management Establishes, with Board Oversight, Structures, Reporting Lines, and Appropriate Authorities and Responsibilities in the Pursuit of Objectives 109\u003c\/p\u003e \u003cp\u003ePrinciple 4: Commitment to Attract, Develop, and Retain Competent Individuals in Alignment with Objectives 110\u003c\/p\u003e \u003cp\u003ePrinciple 5: The Organization Holds Individuals Accountable for Their Internal Control Responsibilities in the Pursuit of Objectives 113\u003c\/p\u003e \u003cp\u003eAppendix 4A: Understanding and Awareness of Control Responsibilities 117\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Control Activities 120\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple 10: Selects and Develops Control Activities to Mitigate Risk and Achieve Objectives 120\u003c\/p\u003e \u003cp\u003ePrinciple 11: Selects and Develops General Controls over Technology 132\u003c\/p\u003e \u003cp\u003ePrinciple 12: Deploys through Policies and Procedures 141\u003c\/p\u003e \u003cp\u003eSumming Up 143\u003c\/p\u003e \u003cp\u003eAppendix 5A: Linking Common Control Activities and Assertions 146\u003c\/p\u003e \u003cp\u003eAppendix 5B: Linkage of Principles to Controls, Policies, and Procedures 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Information and Communication 165\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple 13: Generates Relevant Information 166\u003c\/p\u003e \u003cp\u003ePrinciple 14: Communicates Internally 168\u003c\/p\u003e \u003cp\u003ePrinciple 15: Communicates Externally 170\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Monitoring 173\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple 16: Select, Develop, and Perform Ongoing and\/or Separate Evaluations 174\u003c\/p\u003e \u003cp\u003ePrinciple 17: Evaluate and Communicate Deficiencies as Appropriate 176\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Evidence and Testing 179\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSufficient Evidence 179\u003c\/p\u003e \u003cp\u003eGathering Information 187\u003c\/p\u003e \u003cp\u003eTesting and Sampling 194\u003c\/p\u003e \u003cp\u003eNonsampling Situations 202\u003c\/p\u003e \u003cp\u003eConfusion of Sample Size Guidance in Practice Today 203\u003c\/p\u003e \u003cp\u003eInformation Technology General Controls 204\u003c\/p\u003e \u003cp\u003eTesting Security and Access 205\u003c\/p\u003e \u003cp\u003eAppendix 8A: Sample Size Tutorial 211\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Developing Questionnaires and Conducting Interviews 217\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSurveys of Employees 219\u003c\/p\u003e \u003cp\u003eConducting Interviews 224\u003c\/p\u003e \u003cp\u003eManagement Inquiries: Sample Questions 234\u003c\/p\u003e \u003cp\u003eAppendix 9A: Sample Practice Aids 239\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Assessing the Severity of Identified Controls Deficiencies 248\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIt’s Inevitable 248\u003c\/p\u003e \u003cp\u003eAlignment of Public and Private Company Standards for Assessing Deficiency Severity 251\u003c\/p\u003e \u003cp\u003eControl Deficiencies and Definitions 252\u003c\/p\u003e \u003cp\u003eKey Factors When Assessing the Severity of a Deficiency 263\u003c\/p\u003e \u003cp\u003eConditions Indicating Control Deficiencies 270\u003c\/p\u003e \u003cp\u003eExamples of Evaluating the Severity of Deficiencies 277\u003c\/p\u003e \u003cp\u003eOverall Assessment 281\u003c\/p\u003e \u003cp\u003eAppendix 10A: A Framework for Evaluating Control Exceptions and Deficiencies 283\u003c\/p\u003e \u003cp\u003eAppendix 10B: Assessing the Potential Magnitude of a Control Deficiency 299\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Reporting Requirements 302\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNonpublic Entity Reporting 302\u003c\/p\u003e \u003cp\u003ePublic Company Annual and Quarterly Reporting Requirements 304\u003c\/p\u003e \u003cp\u003eReporting on Management’s Responsibilities for Internal Control 309\u003c\/p\u003e \u003cp\u003eRequired Company and Auditor Communications 312\u003c\/p\u003e \u003cp\u003eReporting the Remediation of Weaknesses 314\u003c\/p\u003e \u003cp\u003eCoordinating with the Independent Auditors and Legal Counsel 315\u003c\/p\u003e \u003cp\u003eAppendix 11A: Illustrative AICPA Report on Internal Controls 316\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Project Management and Tools Assessment Design 318\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProject Management 318\u003c\/p\u003e \u003cp\u003eStructuring the Project Team 319\u003c\/p\u003e \u003cp\u003eTools Assessment Design 325\u003c\/p\u003e \u003cp\u003eFeatures of a Good Tools Solution 326\u003c\/p\u003e \u003cp\u003eValue of a Pilot Project 331\u003c\/p\u003e \u003cp\u003eCoordinating with the Independent Auditors 334\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: Illustrative Forms and Templates 337\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHistorical Perspective 338\u003c\/p\u003e \u003cp\u003e2013 Framework Examples 340\u003c\/p\u003e \u003cp\u003eAppendix 13A: Information-Gathering Form—Principle Focused 348\u003c\/p\u003e \u003cp\u003eAppendix 13B: Information Gathering Form—Revenue 350\u003c\/p\u003e \u003cp\u003eAppendix 13C: Walk-through Documentation Form 353\u003c\/p\u003e \u003cp\u003eAppendix 13D: Information Technology General Controls Assessment Form 355\u003c\/p\u003e \u003cp\u003eAppendix 13E: Documentation of Financial Reporting Software and Spreadsheets 364\u003c\/p\u003e \u003cp\u003eAppendix 13F: Sampling Form for Tests of Controls 368\u003c\/p\u003e \u003cp\u003eAppendix 13G: Summary of Internal Control Deficiencies 371\u003c\/p\u003e \u003cp\u003eAppendix 13H: Control Environment Component Evaluation Summary 372\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14: Summing Up 373\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAbout the Author 375\u003c\/p\u003e \u003cp\u003eIndex 377\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eLYNFORD GRAHAM, CPA,\u003c\/b\u003e has more than 30 years of public accounting experience in audit practice and in various national firm policy development groups. He is a visiting professor of accountancy and executive-in-residence at Bentley University, Waltham, MA. He currently maintains an active consultancy practice in statistical audit sampling, litigation support, and audit methodologies, and develops numerous training seminars for conferences and firms.   \u003c\/p\u003e\u003cp\u003ePrior to 1992 when the National Commission on Fraudulent Financial Reporting published \u003ci\u003eInternal Control—Integrated Framework\u003c\/i\u003e, there were no broad set of criteria against which to evaluate the effectiveness of the auditing entity in controlling its risk of filing materially false financial information and preventing other types of fraud. The COSO Framework filled that void. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eInternal Control Audit and Compliance\u003c\/i\u003e offers auditors, controllers, and accounting managers a comprehensive guide to the latest framework established by the Committee of Sponsoring Organizations (COSO). Written by Lynford Graham—a noted expert on the topic—this important resource offers clear explanations and expert advice on implementation and shows how to document and test internal controls over financial reporting. \u003c\/p\u003e\u003cp\u003eThe COSO internal control framework identifies five components of internal control: control environment; risk assessment; control procedures; information and communication; and monitoring. Each component has a relationship with and can influence the functioning of every other component, operating in an almost organic way. While these five components remain unchanged, the level of detailed guidance over the years has increased due to the more recent widespread implementation of the framework in the business environment and a desire to have more consistency in the application of COSO principles. \u003ci\u003eInternal Control Audit and Compliance\u003c\/i\u003e includes detailed information covering each element of the revised framework and puts the emphasis on the latest changes. The author includes explicit definitions of internal controls and shows how they should be assessed and tested. The updated COSO framework also includes financial and non-financial reporting, as well as both internal and external reporting objectives, and \u003ci\u003eInternal Control Audit and Compliance\u003c\/i\u003e clarifies complex codification. \u003c\/p\u003e\u003cp\u003eThe newly revised framework identifies seventeen new principles, each of which are explained in detail to help clarify the new and emerging best practices that are designed to enhance efficiency and effectiveness. \u003c\/p\u003e\u003cp\u003eTo ease the transition from the older and outdated guidelines, Graham reveals an effective strategy for incorporating the new framework into day-to-day operations and offers step-by-step guidance for implementing the new changes.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989445230821,"sku":"NP9781118996218","price":110.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118996218.jpg?v=1761784127","url":"https:\/\/k12savings.com\/es\/products\/internal-control-audit-and-compliance-isbn-9781118996218","provider":"K12savings","version":"1.0","type":"link"}