Internal Control is comprised of the following interrelated components: the control environment, risk assessment, control activities and information and communication monitoring. This center will provide information and resources related to these areas.
Learn more at the IT Audit School.
IT Control Objectives for Sarbanes-Oxley
The IT Governance Institute released a research document focusing on Sarbanes-Oxley, using COSO as the overall framework on which the supplementary IT guidance was based, and COBIT as the initial IT controls baseline to develop a control objective template.
Performing an Audit of Internal Control in an Integrated Audit
The AICPA’s Center for Audit Quality (CAQ) recently issued a publication entitled, CAQ Lessons Learned - Performing an Audit of Internal Control in an Integrated Audit (Lessons Learned), which was developed by a task force consisting of professionals from various member firms.
Segregation of Duties
Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business.
How CAATTs Identifies Potentially Fraudulent Activities
Fraud happens! Maybe it is accomplished by someone in the accounting department making a journal entry to affect revenue recognition for certain transactions. Or, perhaps it occurs when someone enters transactions for fictitious customers or vendors, or alters timecards. While auditors do not have a specific requirement to detect all fraud, we can turn to the auditing standards for guidance.
CAATTs Ideal for Efficient Audits
With a renewed emphasis on risk identification, evaluation of controls, and certain key financial statement areas and assertions, there are steps you can take to significantly increase the efficiency and effectiveness of your procedures. Computer Assisted Auditing Tools and Techniques (CAATTs) will address these risks.
XBRL, eXtensible Business Reporting Language, is an international information format designed specifically for business information (‘interactive data by the SEC). XBRL provides a unique, electronically readable tag for each individual disclosure item within business reports.
XBRL Extension Taxonomy and Instance Document Creation Process provides an illustration of the data flow and process flow associated with the how a XBRL Extension Taxonomy and an Instance Document is created leveraging XBRL.
XBRL Advocacy: Using a phased-in approach based upon market capitalization, all SEC filers that use U.S. generally accepting accounting principles (U.S. GAAP) and foreign issuers that use International Financial Reporting Standards (IFRS) are required to submit their reports to the SEC using XBRL.
COSO Proposed Internal Control - Integrated Framework
|COSO's Internal Control - Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the Internal Control -- Integrated Framework (IC-IF) back in 1992. The organization has now proposed an updated framework and issued an exposure draft.
COSO Sheds Light on Managing Cloud Risks
Before an organization even contracts with a cloud-computing service provider, management should begin control-related activities to guard against the related risks, according to new guidance from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO has developed a detailed analysis of how to use enterprise risk management to mitigate the risks cloud computing presents.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was jointly sponsored by five major professional associations in the United States. The Commission, wholly independent of each of the sponsoring organizations, contains representatives from industry, public accounting, investment firms, and NYSE.