Entity Level Documentation Request Checklist

The COSO Internal Control - Integrated Framework requires that risks and controls be assessed at both the entity level and the process level. Entity level controls address the “tone at the top” and include items such as ethics programs, investigation protocols, and IT infrastructure controls. Adequate evidence of the entity level controls should be accumulated to support management’s assertions.

One of the ways to gather such evidence is to review the corporate documentation that supports that these entity level controls are in place. This checklist provides a template in which to track the availability and status of such entity level control documentation.

Document Name	Source	Received	Notes
Code of Conduct
Code of Conduct Acknowledgements
By-Laws
Proxy Statement
SEC Comment Letters
Management Letters
Corporate Governance Policies
Bios of Committee Members
Passed Adjustments
Business Plans
Management Operating Reports
2004 Corporate Budget
2004 Risk Assessment
Anti-Fraud Risk Assessment
Anti-Fraud Programs
Audit Committee Charter
Audit Committee Meeting Minutes
Audit Committee Agenda/Schedule
Internal Audit Charter
Internal Audit Job Descriptions
Internal Audit Organizational Chart
Internal Audit Training Program
2004 Internal Audit Plan
Other Committee Charters
Organizational Chart
Subsidiary Structure
Significant Relationship Monitoring
Accounting Procedures
Corporate Purchasing Policies
Purchasing Chart of Authority
Expenditure Chart of Authority
Vendor Relationship Guidelines
New Employee Orientation Materials
Human Resource Policies
Hiring Policies
Job Descriptions
Background Check Procedures
Employee Discipline Policies
Training Programs
Employee Evaluation Policies
Incentive Compensation Plans
Employee Retention Procedures
Ethics Hotline Procedures/Analysis
Mission and Value Statements
Critical System List
Strategic IT Plan
IT Org Chart
Report Change Request Monitoring
Financial Systems Monitoring

Download Word Document