This section explores Financial Statement Audits, Internal Control and the control environment, risk assessment, control activities, information and communication monitoring. It covers Service Organization Control (SOC 1), Statement on Audit Standards, and Segregation of Duties.

Internal Control

Verifying the financial auditSegregation of Duties
Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business.

COSO Proposed Internal Control - Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the Internal Control -- Integrated Framework (IC-IF) back in 1992. The organization released an updated framework May 14, 2013.

Visit the Internal Control pages for additional information.

Statement on Audit Standards

Working each piece of the SAS auditsThese resources help support the CPA's efforts towards providing quality assurance services. When used appropriately, the CPA can provide independent and professional opinions that improve the quality of information to management as well as other decision makers within an organization.

Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements.

Visit the SAS pages for additional information.

Service Organization Control (SOC 1)

Outsourcing to service organizations

Today, it is common for entities to outsource business tasks or functions to service organizations, even those that are core to an entity’s operations. Although user entities may rely on a service organization to perform outsourced tasks or functions, the user entity still retains responsibility (and the risks associated) for the service it provides to its customers.

Learn more about SOC reports covering controls over security, availability, processing integrity, confidentiality or privacy.

Visit the Service Organization Control Reporting for additional information.

Additional Resources

Tools for guidanceCAQ: The Center for Audit Quality is an autonomous, nonpartisan, nonprofit group based in Washington, D.C. It is governed by a Board that comprises leaders from the public company auditing firms, the American Institute of CPAs and three members from outside the public company auditing profession. The organization is affiliated with the American Institute of CPAs.

Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international professional association that offers certification, education, research, and technological guidance for internal auditors.

ISACA is a global organization for information governance, control, security and audit professionals. It offers IS auditing and IS control standards.

Public Company Accounting Oversight Board
The PCAOB is a private-sector, non-profit corporation, created by the Sarbanes-Oxley Act of 2002, to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.

© 2017 Association of International Certified Professional Accountants. All rights reserved.