Internal Control is comprised of the following interrelated components: the control environment, risk assessment, control activities and information and communication monitoring. This center will provide information and resources related to these areas.
|COSO's Internal Control - Integrated Framework
COSO Proposed Internal Control - Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the Internal Control -- Integrated Framework (IC-IF) back in 1992. The organization has now proposed an updated framework and issued an exposure draft.
COSO Sheds Light on Managing Cloud Risks
Before an organization even contracts with a cloud-computing service provider, management should begin control-related activities to guard against the related risks, according to new guidance from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO has developed a detailed analysis of how to use enterprise risk management to mitigate the risks cloud computing presents.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was jointly sponsored by five major professional associations in the United States. The Commission, wholly independent of each of the sponsoring organizations, contains representatives from industry, public accounting, investment firms, and NYSE.
This toolkit provides guidance on the implementation of SAS No. 115 and tools to assist you in educating and communicating the impact of SAS No. 115 with your clients. While these tools and resources were developed to support you in the implementation and communication of SAS No. 115 in your firm and with your clients, they are not meant to replace the guidance and direction outlined in SAS No. 115 and in the Risk Alert on SAS No. 115. Please refer to the AICPA’s Communicating Internal Control Related Matters Identified in an Audit - SAS No. 115.
Frequently Asked Questions
The FAQs document is intended to address the most common practitioner questions related to applying SAS No. 115. In addition, it provides links to additional resources that may help you in understanding and applying SAS No. 115.
SAS No. 115 Newsletter/Web site Template
This document is designed for practitioners to communicate the impact of SAS No. 115 to their clients via the member’s newsletter, Web site, or other marketing communications.
SAS No. 115 Educate Your Client Communication Letter
This template document is designed for practitioners to update and educate each client directly on the new SAS No. 115 requirements.
SAS No. 115 Overview PowerPoint
This presentation provides an overview of SAS No. 115, the impact to a client’s audit, and definitions and examples of significant deficiencies and material weaknesses. The presentation is designed for use by practitioners to educate their staff and clients about SAS No. 115 and can be tailored to address specific client issues.
SAS No. 115 Client Letter Communicating Identified Significant Deficiencies or Material Weaknesses
This template document is intended for you to use to communicate identified significant deficiencies or material weaknesses that are based on the sample communication outlined in the SAS No. 115. It can be tailored for your client’s specific issues that you identify during the audit and need to communicate to them in writing.
SAS No. 115 Sample Findings Accumulation Worksheet
This sample template document is designed for practitioners use to accumulate their findings in implementing SAS 115.
Considerations in Risk-Based Auditing
Considerations in Risk-Based Auditing is a strategic overview intended to provide readers with detailed, practical, specific and non-authoritative guidance when implementing the technology-related aspects of the eight Statements of Auditing Standards (SAS 104 through SAS 111).
IT Control Objectives for Sarbanes-Oxley
The IT Governance Institute released a research document focusing on Sarbanes-Oxley, using COSO as the overall framework on which the supplementary IT guidance was based, and COBIT as the initial IT controls baseline to develop a control objective template.
Performing an Audit of Internal Control in an Integrated Audit
The AICPA’s Center for Audit Quality (CAQ) recently issued a publication entitled, CAQ Lessons Learned - Performing an Audit of Internal Control in an Integrated Audit (Lessons Learned), which was developed by a task force consisting of professionals from various member firms.
Segregation of Duties
Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business.
How CAATTs Identifies Potentially Fraudulent Activities
Fraud happens! Maybe it is accomplished by someone in the accounting department making a journal entry to affect revenue recognition for certain transactions. Or, perhaps it occurs when someone enters transactions for fictitious customers or vendors, or alters timecards. While auditors do not have a specific requirement to detect all fraud, we can turn to the auditing standards for guidance.