Samples
The following 99 items are listed by date.
April 19, 2010 Audit Plan Schedule - Sample Template This template can be used by the audit team when planning and scheduling specific audits. The document allows users to organize audits by process and location while assigning hours to specific dates throughout the year. CONTENT AREA: Samples TOPICS: Budgeting, Internal Audit, Audit Planning, Audit Testing, Internal Audit Administration, Project Management March 29, 2010 Application Control Review Risk Control Matrix This document is a sample application control review risk control matrix (RCM) that can be used while reviewing the existing application controls of an organization. It can also act as a basic checklist for organizations which have applied or plan to apply Enterprise Resource Planning (ERP) software. CONTENT AREA: Samples TOPICS: Business Continuity Management, Risk Management & Assessment, Internal Controls, Security, Entity-Level Control November 30, 2009 Logistics Risk and Control Matrix - Sample This document represents a sample risk control matrix (RCM) relevant to the logistics department of a corporation. It provides an overview of different risks organizations can face and the corresponding controls to safeguard the company against such risks. This RCM also addresses how a good Enterprise Resource Planning (ERP) system coupled with good management can prevent fraud. CONTENT AREA: Samples TOPICS: Materials Management & Inventory, Purchasing & Accounts Payable, Supply Chain, COSO, Fraud, Process-Level Control November 2, 2009 Risk Corridor Risk and Control Matrix - Sample The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) established a system of "risk corridors" for prescription drug plans and Medicare Advantage drug plans. That system would to some extent limit the profits or losses those plans would incur if their costs of providing the basic Medicare drug benefit turned out to be lower or higher than estimated in their bid submission. This sample risk and control matrix (RCM) addresses the risk corridor process. CONTENT AREA: Samples TOPICS: Healthcare & Pharmaceuticals Industry, Sarbanes-Oxley Act, Internal Controls, Risk Management & Assessment, Process-Level Control, GRC October 19, 2009 Month-End Close Template - Sample The purpose of this month-end close document is to ensure that all responsible employees are fully aware of their assignments and their responsibilities are completed on time, properly and accurately in accordance with the company’s financial closing and reporting internal control structure. This document is organized by ERP cutoff tasks and activities broken down into pre-close, recurring entries, reconciliations, internal controls and analysis & reporting. CONTENT AREA: Samples TOPICS: Accounting/Finance, Financial Reporting, Close the Books, Internal Controls, Segregation of Duties June 1, 2009 Control Testing Tracking Spreadsheet – Sample This document serves as a template to use in tracking the testing of internal controls. The spreadsheet can be used to track control testing status and operating effectiveness and to create a testing timeline. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Testing, Sarbanes-Oxley Act, Internal Controls, Project Management, Section 404 - Internal Control Reporting March 22, 2009 Financial Reporting Timeline - Sample This sample timeline outlines steps needed to complete the financial reporting process. It helps management define roles and responsibilities and meet specified deadlines. CONTENT AREA: Samples TOPICS: Accounting/Finance, Close the Books, Financial Reporting, Reporting/Disclosure, Best Practices March 16, 2009 Internal Audit Plan - Sample This document details an internal audit plan for a specific period and the related projects that are planned to be delivered to the organization. Further details on the scope of these projects are provided in relation to planned internal audit activities. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Planning, Internal Audit Administration, Project Management, Segregation of Duties March 2, 2009 Intercompany Accounts Reconciliation Template - Sample Performing regular account reconciliations contributes to strong internal controls. The purpose of this sample is to provide a template to document the reconciliation of the intercompany payable and receivable accounts. CONTENT AREA: Samples TOPICS: Accounting/Finance, Close the Books, Financial Reporting, Internal Controls February 16, 2009 Internal Audit Post Engagement Debrief Template - Sample Use this template upon completion of an audit to have team members discuss the audit and to provide feedback on audit execution, lessons learned, best practices, and future audit considerations. Sections include names of audit team members, performance against budget, lessons learned, internal process improvement suggestions, and future audit considerations. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting, Internal Audit Administration, Project Management February 9, 2009 Internal Audit Feedback Survey Template - Sample This survey is intended to be sent to relevant departments upon completion of work performed by internal audit. The questionnaire focuses on topics such as: communication, exit and closing meetings, technical proficiency, and level of value the audit provided to the business unit. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Planning, Audit Reporting, Audit Testing, Self-Assessment, Performance Management/Measurement January 19, 2009 Competency Assessment for Accounting Function - Sample Template The purpose of this sample template is to document the positions that currently make up a company’s accounting function during the competency assessment process. Information in this template includes: job title, job function and responsibilities, start date, relevant work history, education level, and professional organizations and accomplishments. CONTENT AREA: Samples TOPICS: Accounting/Finance, Internal Controls, Performance Management/Measurement, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, Training & Development September 8, 2008 Audit Discussion Form Sample This is a sample form used to communicate specific findings identified during an audit. This form focuses on the condition and/or significance of the finding, the standard by which the finding is compared, and the Management Action plan recommended to address the finding. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting, Audit Testing, Sarbanes-Oxley Act, Reporting/Disclosure, Project Management September 1, 2008 Acquisition Tracking Spreadsheet Template - Sample This is a sample spreadsheet used to track acquisition details. Data tracked in this spreadsheet can accommodate several acquisitions and details that include important dates, information related to the First Binding Agreement, and analysis. CONTENT AREA: Samples TOPICS: Accounting/Finance, Fixed Assets, Purchasing & Accounts Payable, Asset Management August 25, 2008 Process Interview Notes Template - Sample This interview template can assist with capturing information related to a process being reviewed by internal audit. The specific information tracked in this document includes identifying key personnel, relevant IT applications, relevant risks, controls currently in place, and related control gaps. CONTENT AREA: Samples TOPICS: Technology, IT Controls, Internal Audit, Audit Testing, Internal Controls, Process-Level Control August 18, 2008 Testing Status Template - Sample This testing status sample template can assist in tracking the testing of controls, control attributes, and testing attributes such as control description, control method, and control frequency. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Testing, Sarbanes-Oxley Act, Internal Controls, Project Management, Process-Level Control July 21, 2008 Goodwill / Indefinite Lives Impairment Analysis - Sample Template This template was designed to assist companies in the periodic evaluation of potential impairment of Goodwill and Indefinite Lived Intangibles. Note that this is a tool to assist companies in the summarization of their impairment evaluations under U.S. GAAP, but is not intended to promote one valuation model/methodology over another. CONTENT AREA: Samples TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, Audit Testing, Internal Controls, Process-Level Control June 9, 2008 Financial Close Process – Sample Schedule Improvement Action Plan The purpose of this sample is to document the activities performed as part of the monthly financial close process and identify areas where task duration can be improved upon. As part of this effort, users are encouraged to document the responsible person for each financial close task, current task duration, and desired task duration. CONTENT AREA: Samples TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, Audit Testing, Performance Management/Measurement, Close the Books May 5, 2008 Primary Controls Tracker - Sample This document serves as a template to use in tracking the number of key internal controls identified in an organization. The information compiled in this template can be used to develop project status reports and plan for remediation efforts. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Internal Controls, Project Management, Compliance, Process-Level Control, GRC April 14, 2008 Status Report Template This document serves as a template to use when developing an executive report to communicate project progress. The template provides an outline of information to use in this reporting process. CONTENT AREA: Samples TOPICS: Technology, IT Infrastructure, IT Strategy, Best Practices, Change Management, Project Management February 25, 2008 Internal Control Issues Log This sample serves as a template to use when documenting internal control issues and associated remediation plans. It provides an outline of information to use in this tracking process including: process, nature of issue, observation, control description, and action plan. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Planning, Audit Reporting, Audit Testing, Entity-Level Control, Process-Level Control December 17, 2007 Six Elements of Infrastructure - Sample Assessment Template The Six Elements of Infrastructure Framework is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for process recommendations. This template may be used by a company when identifying, assessing, or designing processes using this framework. For each of the Six Elements of Infrastructure, this sample template provides areas to document innovative practices, current practices, and improvement opportunities. CONTENT AREA: Samples TOPICS: Benchmarking, Best Practices, Internal Controls, Performance Management/Measurement December 3, 2007 Service Level Agreement Sample Template This is a template to be used by a company when developing a service level agreement (SLA). This sample template provides areas to document the version history, audience, assumptions, and escalation actions. CONTENT AREA: Samples TOPICS: Technology, IT Controls, IT Infrastructure, IT Strategy, Internal Audit, IT Audit, Outsourcing/Co-sourcing/Shared Services October 22, 2007 SOX 404 Program Executive Scorecard Template - Sample This document serves as a template to use when developing an executive report communicating the progress of the SOX 404 program. The template provides an outline of information to use in this reporting process. CONTENT AREA: Samples TOPICS: Audit Committee & Board, Corporate Governance, External Auditor, Internal Controls, Project Management, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, GRC October 15, 2007 Strategic Internal Audit Plan This document is a template to be used by Internal Audit when developing an annual audit plan. This sample template provides areas to document the planning approach; major projects and associated timelines; and project sponsors. CONTENT AREA: Samples TOPICS: Audit Committee & Board, Audit Reporting, Audit Testing, Internal Audit, Internal Audit Administration, Audit Planning September 24, 2007 SFAS 13 Lease Criteria Template The purpose of this document is to provide a template to use when analyzing whether a lease should be classified as a capital or operating lease for financial reporting purposes. This template is based on the criteria outlined in SFAS 13. Note: This template contains formulas as outlined in the instructions. CONTENT AREA: Samples TOPICS: Financial Reporting, Fixed Assets, Purchasing & Accounts Payable, Internal Audit, Audit Testing September 17, 2007 Financial Due Diligence Report Template - Sample The purpose of this document is to provide a financial analysis of a company being purchased by another company. This report template can be used during the process of performing financial due diligence on company being acquired. CONTENT AREA: Samples TOPICS: Accounts Receivable, Financial Reporting, Fixed Assets, Materials Management & Inventory, Revenue July 30, 2007 COSO/COBIT Data Center Operations and Problem Management Control Objective Risk Matrix This risk and control matrix focuses on high-level control objectives DS10 (Manage Problems and Incidents) and DS13 (Manage Operations) of the COBIT Delivery and Support domain. CONTENT AREA: Samples TOPICS: Technology, IT Controls, Security, Operations Security, COSO, Internal Controls July 23, 2007 COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks. CONTENT AREA: Samples TOPICS: Business Continuity Management, Disaster Recovery, Technology, IT Controls, COSO, Internal Controls July 16, 2007 COSO/COBIT Application Change Control and QA Control Objective Risk Matrix This Risk and Control Matrix focuses on high-level control objectives AI2, AI5, and AI6 of the COBIT Acquire and Implement domain, PO10 and PO11 of the Plan and Organize domain, and DS11 of the Deliver and Support domain. CONTENT AREA: Samples TOPICS: Technology, IT Controls, Quality Assessment Review, Security, COSO, Internal Controls, Change Management July 16, 2007 Internal Audit Planning Memorandum – Sample Template This internal audit planning memorandum documents the audit approach and administrative details for each audit. This memorandum should be completed as part of the initial audit planning process and is meant to enhance audit efficiency. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Testing, Internal Audit Administration, IT Audit, Project Management July 9, 2007 COSO/COBIT Security Administration Control Objective Risk Matrix The COBIT Delivery and Support (DS) domain focuses on the delivery aspects of information technology. It covers areas such as the execution of the applications within the IT system and the results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. This risk and control matrix focuses on control objective DS5 - Ensure Systems Security. CONTENT AREA: Samples TOPICS: Technology, IT Controls, Security, Security Management Practices, COSO, Internal Controls July 9, 2007 Segregation of Duties Matrix A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying segregation of duties is that no employee or group should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This worksheet has been designed to highlight conflicting duties performed by one individual or group of individuals. Audit teams are encouraged to use this form to help identify potentially commingled duties within accounting processes that may constitute a control weakness. CONTENT AREA: Samples TOPICS: Accounts Receivable, Cash & Treasury, Fixed Assets, Payroll, Purchasing & Accounts Payable, Segregation of Duties June 25, 2007 Business Continuity Management Report Template - Sample Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents. CONTENT AREA: Samples TOPICS: Business Continuity Management, Disaster Recovery, Project Management April 16, 2007 Risk Assessment Survey Template - Sample The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Testing, Risk Management & Assessment, Sarbanes-Oxley Act, Internal Controls, Enterprise Risk Management, Audit Planning, GRC March 16, 2007 Exception Form - Evaluation of an Individual Process/Transaction-Level Control The process to evaluate and classify an individual process/transaction-level control deficiency incorporates the evaluation of quantitative and qualitative factors. This sample form assists in documenting and analyzing exceptions identified during individual process/transaction-level control testing. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting, Process-Level Control March 8, 2007 Enterprise Risk Management Presentation While your business environment evolves, so do the risks you face. New vulnerabilities appear while old fears antiquate. Can you distinguish between the two? Identify, understand, mitigate. This is the ERM formula for a good nights sleep. CONTENT AREA: Samples TOPICS: COSO, Enterprise Risk Management, Risk Management & Assessment, Sarbanes-Oxley Act, GRC January 22, 2007 Payroll Process - SAS 70 Review Report Sample The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report provides an example of how to communicate the findings of a Type II SAS 70 review when a company outsources the processing of its employee payroll checks. It assess how the results of the report impact the company’s SOX compliance process. CONTENT AREA: Samples TOPICS: Compliance, Financial Reporting, IT Controls, Payroll, Sarbanes-Oxley Act, SAS 70, GRC October 23, 2006 Risk Assessment Facilitated Session Results Matrix - Sample This excel template can assist organizations in capturing results of a risk assessment facilitated session. It allows leaders of these sessions to document the final results, based on discussion or the use of voting technology, in an organized format. This sample also provides the opportunity to capture next steps and ownership related to the risk assessment results. CONTENT AREA: Samples TOPICS: Audit Committee & Board, Audit Testing, Corporate Governance, Enterprise Risk Management, Internal Audit, Risk Management & Assessment, GRC October 16, 2006 Risk Assessment Workshop Presentation - Sample This presentation was created to help facilitate a risk assessment workshop. It explains to workshop participants the objectives and ground rules, how to identify key risks, and how to plot significance and likelihood on a risk map. CONTENT AREA: Samples TOPICS: Enterprise Risk Management, Risk Management & Assessment, Self-Assessment, GRC October 6, 2006 Enterprise Risk Management Project Plan- Sample Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline. CONTENT AREA: Samples TOPICS: Enterprise Risk Management, Project Management, Corporate Governance, Audit Committee & Board, Risk Management & Assessment, GRC September 25, 2006 Self-Assessment on Internal Controls Report - Sample An internal audit department led a self-assessment initiative to evaluate the effectiveness of the design of internal controls for their company’s operations and budget process. This report describes the approach, the results, and the recommendations that resulted from the initiative. CONTENT AREA: Samples TOPICS: Self-Assessment, Internal Controls, Internal Audit, IT Audit, Audit Reporting, Process-Level Control September 18, 2006 SOX Testing Documentation Template – Sample This template provides a format to document SOX internal control testing procedures, results, and conclusions. It allows the user to detail the control being tested, testing procedures, test results to answer test procedures, and management’s response. CONTENT AREA: Samples TOPICS: Internal Controls, IT Controls, Process-Level Control, Project Management, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting July 17, 2006 Property Management System Control Requirements Matrix - Sample This matrix provides sample application controls to consider within a property-management accounting system. This document guides the user in assessing the priority and vendor capability of each control. The control assessment is then summarized to develop an action plan. CONTENT AREA: Samples TOPICS: Technology, Sarbanes-Oxley Act, Internal Controls, IT Controls, Software July 10, 2006 Request for Proposal – Quality Assessment Review of Internal Audit Department - Sample This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to conduct a quality assessment review of its internal audit department and coverage of its entities. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Committee & Board, Audit Reporting, Audit Testing, Quality Assessment Review June 12, 2006 Request for Proposal – Quality Assessment Review: Financial Institution - Sample This is sample request for proposal (RFP) from a financial institution seeking a service provider to conduct an evaluation of its internal audit approach and coverage of its regulated subsidiaries. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting, Audit Testing, Internal Audit Administration, Financial Services Industry, Quality Assessment Review May 8, 2006 Control Monitoring Quality Assessment Memo - Sample This is an example of an internal audit quarterly assessment of ongoing controls monitoring processes. This review encompassed processes in place during the quarter and remediation actions taken on identified control deficiencies. This memo provides an overview of the work performed and corresponding audit findings. CONTENT AREA: Samples TOPICS: Compliance, Internal Audit, Sarbanes-Oxley Act, Audit Reporting, Internal Controls, IT Controls, Section 404 - Internal Control Reporting, GRC May 1, 2006 SOX 404 Process Prioritization Report SOX Section 404 requires companies to evaluate the internal controls over financial reporting. This document outlines a process for management to use in determining the final process criticality, a primary factor in setting the scope of the controls assessment. This process includes prioritizing financial reporting elements, defining processes, linking processes to financial elements, and prioritizing processes. CONTENT AREA: Samples TOPICS: Audit Committee & Board, Compliance, Corporate Governance, Internal Controls, Process-Level Control, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, GRC March 6, 2006 Request for Proposal – External Quality Assessment Review - Sample This sample request for proposal (RFP) document focuses on finding a service provider to perform an external quality assessment review of an internal audit department. It details the process and timeline for responding to the RFP. In addition, it documents proposal requirements and the acceptance or rejection process. CONTENT AREA: Samples TOPICS: Compliance, Internal Audit, Audit Committee & Board, Audit Reporting, Audit Testing, Internal Audit Administration, Quality Assessment Review, GRC March 6, 2006 Sarbanes-Oxley Act Project Approach for IS Processes - Sample Memo This is a sample memo from the CFO explaining management’s approach to Sarbanes-Oxley compliance project for IS processes. The memo outlines the IS processes in scope, the SOX process documentation, the testing approach and sample sizes used, and the sign-off process. CONTENT AREA: Samples TOPICS: Compliance, Internal Audit, Sarbanes-Oxley Act, Audit Reporting, IT Controls, GRC February 20, 2006 SOX Control Deficiency Assessment Form - Sample This form assists in evaluating SOX control deficiencies and documenting management responses. Users can also assess the severity of deficiencies noted during the documentation and testing process. The evaluation criteria includes: evidential deficiencies, potential impact to financial statements, safeguarding of assets and antifraud controls, likelihood that an error could occur, compensating controls, and multiple similar control deficiencies. CONTENT AREA: Samples TOPICS: Internal Controls, Project Management, Reporting/Disclosure, Sarbanes-Oxley Act, SAS 70, Section 302 - Executive Certifications, Section 404 - Internal Control Reporting November 21, 2005 SOX – Section 404 – Documentation of Tax Compliance Process Report - Sample This is an example of how a Sarbanes-Oxley (SOX) team can report their findings related to the tax compliance process. This document reviews the business processes related to the tax compliance process, identifies manual and system-based controls, and documents issues and weaknesses. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Cross Border & Non-US Issues, Taxation, Financial Reporting, Internal Controls, Section 404 - Internal Control Reporting October 24, 2005 Contract/Project Approval Sheet - Sample This approval sheet documents a company’s contract/project approval process. It includes steps to be completed during this process to ensure proper management review and approval. CONTENT AREA: Samples TOPICS: Cost Management, Outsourcing/Co-sourcing/Shared Services, Fixed Assets, Purchasing & Accounts Payable October 3, 2005 Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization. CONTENT AREA: Samples TOPICS: Business Continuity Management, Disaster Recovery September 5, 2005 Entity-Level Fraud Risk Assessment Process - Sample Section 404 of SOX requires that each company have a documented, on-going process to identify, assess and evaluate fraud risks related to internal control over financial reporting. This example provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risk that pertain to internal control over financial reporting. CONTENT AREA: Samples TOPICS: Corporate Governance, Sarbanes-Oxley Act, Fraud, Audit Committee & Board, Ethics, Entity-Level Control, GRC August 22, 2005 Internal Audit Standards Crossword Puzzle - Sample This crossword puzzle is a fun tool internal audit organizations can use as an activity during group meetings. The puzzle focuses on activities and skills key to the internal audit function. Many of the questions are derived from the IIA’s International Standards for the Professional Practice of Internal Auditing. The questions and answers for the puzzle are provided within this document. CONTENT AREA: Samples TOPICS: Internal Audit, Training & Development, Accounting/Finance, Internal Audit Administration August 22, 2005 Process Level Documentation Requirements Memo – Sample This is an example of a memo used by a public company to describe the documentation they prepared for each process determined applicable to their Section 404 compliance efforts. The three levels of documentation described correlate to the priority rating of the financial statement elements and associated processes. Also included are descriptions of standard documentation types (process narrative, process flow, and risk control matrix). CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Compliance, Section 404 - Internal Control Reporting, Financial Reporting, Internal Controls, Process-Level Control, GRC August 15, 2005 Financial Elements and Business Process Prioritization Memo - Sample This is an example memo used to define the process a company used to explain the models they employed to prioritize the financial elements and processes for Section 404 purposes. This memo describes using the Process Classification Framework and the ranking criteria applied to financial statement elements and associated processes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Compliance, Financial Reporting, Project Management, Internal Controls, Section 404 - Internal Control Reporting, GRC August 8, 2005 Year Two SOX Testing Strategy Memo - Sample This is a sample concluding memo documenting a company’s testing strategy for Year Two SOX compliance. This memo focuses on the test strategy for manual and automated (application) business process controls including entity-level controls. This includes sample size guidance and validating the testing strategy with external auditors. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, COSO, Project Management, External Auditor, Internal Controls, Risk Management & Assessment, Process-Level Control, Entity-Level Control, GRC July 11, 2005 SOX 404 – Project Conclusion Memo - Sample This is a sample concluding memo documenting a company’s annual Sarbanes-Oxley compliance process. It details steps followed and conclusions reached during the project. This includes items such as the scoping, materiality, and risk assessment process; testing; walkthroughs; and evaluating deficiencies. This memo also documents management’s conclusion on internal control over financial reporting. CONTENT AREA: Samples TOPICS: Sarbanes-Oxley Act, Compliance, Internal Controls, IT Controls, Section 404 - Internal Control Reporting, Project Management, GRC April 25, 2005 SOX Auditor Walkthrough Prep Email - Sample This is an example of an email you can use to notify SOX process owners about the requirement for external auditors to perform at least one walkthrough for each significant class of transactions. This communication explains what is involved in an audit walkthrough, preparatory actions to take, and tips and suggestions for the auditor’s assessment. CONTENT AREA: Samples TOPICS: Compliance, Corporate Governance, External Auditor, Internal Controls, IT Controls, Process-Level Control, Sarbanes-Oxley Act, GRC April 11, 2005 SAS 70 Review – Report on Assessment of Controls - Sample Type II SAS 70 reports are an integral part of assessing a company’s internal controls over financial reporting if a company uses an outsource provider. The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report can help an organization communicate the findings of a Type II SAS 70 review and assess how the results of the report impact the company’s internal controls over financial reporting. CONTENT AREA: Samples TOPICS: Corporate Governance, Internal Controls, IT Controls, Outsourcing/Co-sourcing/Shared Services, Sarbanes-Oxley Act, SAS 70, GRC February 21, 2005 Spreadsheet Controls Procedures and Checklists for Sarbanes-Oxley Compliance - Sample Lack of controls over spreadsheets can present a risk to the accuracy of financial statement information and may be identified as a deficiency under Sarbanes-Oxley Section 404. This document contains an example of spreadsheet control procedures. The procedures outline the access and change control steps that could be applied for financial spreadsheets. Also included is a checklist that tracks the spreadsheet control procedures and can be used in SOX spreadsheet testing. CONTENT AREA: Samples TOPICS: Compliance, Corporate Governance, GRC, Internal Controls, IT Controls, Sarbanes-Oxley Act, Spreadsheet Risk, Technology February 21, 2005 Spreadsheet Controls: Process Owner Email Communication - Sample This is an example of an email you can use to notify spreadsheet owners about the requirement to document controls over spreadsheets that are relied upon for financial reporting. The communication explains why these controls are needed and introduces the Spreadsheet Controls Procedures and Checklist to those individuals responsible for spreadsheet or journal entry preparation. CONTENT AREA: Samples TOPICS: Corporate Governance, GRC, Internal Controls, IT Controls, Sarbanes-Oxley Act, Spreadsheet Risk, Technology February 7, 2005 Code of Business Conduct - Sample This sample code of business conduct covers a wide range of business practices and procedures. It sets out basic principles to guide all employees and officers of a company. The code of business conduct must be tailored to each company’s needs and governing rules. CONTENT AREA: Samples TOPICS: Corporate Governance, Ethics, Laws & Regulations, Human Resources, Whistleblower/Complaint Reporting, GRC December 20, 2004 SOX Year-End Update Testing Approach Memo - Sample This is an example memo used to define the process a company can use to update Sarbanes-Oxley testing of controls near or as-of its fiscal year-end. This process includes determining which controls will be selected for update testing as well as the type of update testing that will be performed, based on specific criteria. The memo also describes testing strategies a company can take to complete this process. CONTENT AREA: Samples TOPICS: Corporate Governance, Sarbanes-Oxley Act, Internal Controls, IT Controls, Process-Level Control, GRC November 8, 2004 Sarbanes-Oxley Review Process Tracking Worksheet - Sample This worksheet was created to help an internal audit group track key information and dates associated with Sarbanes-Oxley process documentation and management review. The spreadsheet updates the total number of processes that are at various stages of review. CONTENT AREA: Samples TOPICS: Internal Audit, Sarbanes-Oxley Act, Internal Audit Administration, Project Management October 11, 2004 Request for Proposal – Systems Audit Work - Sample This is an example of a relatively informal RFP for specialized systems audit outsourcing services to be coordinated by the Internal Audit Director over a 3-year contract. CONTENT AREA: Samples TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Internal Audit Administration January 23, 2004 Sarbanes-Oxley Section 404: Compliance Plan for 2004 - Sample This sample document establishes the framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act. CONTENT AREA: Samples TOPICS: Internal Audit, Laws & Regulations, Sarbanes-Oxley Act, Enterprise Risk Management, Financial Reporting, Project Management, Section 404 - Internal Control Reporting, Entity-Level Control, GRC November 20, 2003 Request For Proposal. Internal Audit & Sarbanes-Oxley Compliance: Sample This sample RFP for Internal Audit Co-sourcing and Sarbanes-Oxley compliance services provides a number of interesting questions to be asked of a potential outsource or co-source partner. A thorough RFP that asks the for the right information can save time and help identify the best company for the job. CONTENT AREA: Samples TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Sarbanes-Oxley Act, Human Resources, Internal Audit Administration, Project Management, Compliance, GRC November 20, 2003 Security Policy and Procedure Evaluation – Controls and Responsibilities - Sample This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates security policy issues and best practices regarding controls and responsibilities that could be incorporated into a review, and provides a useful format for reporting the results. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Internal Audit, Security, Internal Controls, Operations Security, Security Management Practices November 5, 2003 Security Policy and Procedure Evaluation Report: Administrative Personnel - Sample This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates administrative and personnel security policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Security, Human Resources, Security Management Practices October 30, 2003 Security Policy and Procedure Evaluation Report: Communications - Sample This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates communications security policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Security, Telecommunications, Network & Internet Security, Communications Industry October 10, 2003 Security Policy and Procedure Evaluation – Data Security This sample report records the result of an evaluation of data security policies and procedures at a hypothetical company, Company X. The purpose of this sample is to illustrate: A report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management, including details of specific policy and procedure findings, gaps, and recommendations regarding policy changes; Data security policy issues and practices that could be incorporated into your own review. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Security, Security Management Practices, Software October 10, 2003 Security Policy and Procedure Evaluation – Software This sample report records the result of an evaluation of software security policies and procedures at a hypothetical company, Company X. The purpose of this sample is to illustrate: A report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management; Software Security Policy issues and practices that could be incorporated into your own review. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Internal Audit, Security, Security Management Practices October 10, 2003 Security Policy and Procedure Evaluation Report: Application Development and Change Control - Sample This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates application development and change control policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results. CONTENT AREA: Samples TOPICS: Best Practices, Technology, Security, Application Development Security, Operations Security, Software September 4, 2003 Internal Audit Engagement Letter: Sample This sample internal audit engagement letter informs the auditee of an upcoming audit. It details the audit objectives, the timeline, and the audit team members. It also covers the pre-audit meeting, expected deliverables, and the audit team’s mission. CONTENT AREA: Samples TOPICS: Internal Audit, Internal Audit Administration February 6, 2003 Risk Assessment Map - Sample This risk assessment map helps to identify and document critical business processes. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analyses. CONTENT AREA: Samples TOPICS: Performance Management/Measurement, Risk Management & Assessment, Sarbanes-Oxley Act, GRC December 13, 2002 Segregation of Duties: Assessment Form for Accounting Applications - Sample Segregation of duties is an integral part of the internal control environment. The following assessment form and quide will assist in understanding a function’s segregation of duties and related internal control effectiveness. Sales, accounts receivables, related cash collections are included. CONTENT AREA: Samples TOPICS: Fraud, Internal Controls, Accounts Receivable, Cash & Treasury, Credit & Collections, Sales Process & Marketing, Segregation of Duties October 24, 2002 Candidate Evaluation Form - Sample This evaluation form can be used by an interviewer or recruiter to rate a candidate for an internal audit position. The form suggests competencies and criteria that could be applied to someone seeking to obtain employment in the audit group. CONTENT AREA: Samples TOPICS: Internal Audit, Human Resources, Internal Audit Administration January 24, 2002 Request for Proposal (Sample 3) – Internal Audit Co-Sourcing/Outsourcing This sample Request For Proposal (RFP) illustrates the types of questions can be asked of a potential internal audit outsourcing/co-sourcing service provider. CONTENT AREA: Samples TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Internal Audit Administration December 4, 2001 Construction Project Risk Management Manual - Sample This risk management manual contains a methodology that can be modified and used by other construction companies, or by businesses that are themselves undertaking construction projects. The methodology allows for project risk analysis and deciding whether or not to proceed with the project. CONTENT AREA: Samples TOPICS: Risk Management & Assessment, GRC November 8, 2001 Request for Proposal (Sample 2) – Internal Audit Co-Sourcing/Outsourcing This sample Request For Proposal (RFP) contains many questions to be considered when outsourcing or co-sourcing any part of an internal audit function. Many or all of the questions presented on the list can be placed in the RFP to potential service providers. CONTENT AREA: Samples TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Internal Audit Administration November 7, 2001 Request for Proposal (Sample 1) – Internal Audit Co-Sourcing/Outsourcing This sample Request For Proposal (RFP) illustrates the types of questions that can be asked of a potential internal audit outsourcing/co-sourcing service provider. CONTENT AREA: Samples TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Internal Audit Administration July 20, 2001 Benford’s Law Analysis Spreadsheet - Sample Benford's Law demonstrates that seemingly random numbers in large volumes of data have digits that can be predicted to occur with certain frequencies. Internal auditors can use this principle to analyze large volumes of numerical data. This spreadsheet contains formulas for calculating expected frequencies using Benford's Law. CONTENT AREA: Samples TOPICS: Internal Audit, Accounting/Finance, Audit Testing, Internal Audit Administration July 17, 2001 Audit Committee Annual Planning Schedule - Sample The audit committee is a committee of the board of directors. This sample schedule provides an annual planner for audit committee activities. CONTENT AREA: Samples TOPICS: Corporate Governance, Internal Audit, Accounting/Finance, Audit Committee & Board, Financial Reporting, Audit Planning, GRC June 20, 2001 Fraud Detection: Financial Ratio Calculator - Sample This calculator identifies some common fraudulent and/or deceptive financial accounting practices, and gives the user examples of substantive audit tests and ratios to help catch the activity. CONTENT AREA: Samples TOPICS: Fraud, Internal Audit, Accounting/Finance, Audit Testing, Internal Audit Administration January 11, 2001 Internal Audit Meeting Scheduling Template and Overview - Sample These internal audit meeting and schedule planning templates can be used in the planning and scheduling of meetings. CONTENT AREA: Samples TOPICS: Internal Audit, Internal Audit Administration January 11, 2001 Internal Audit Qualitative Diagnostic Presentation - Sample This example presentation show one way to present results of an evaluation of an Internal Audit department, particularly following a Quality Assurance Review process. CONTENT AREA: Samples TOPICS: Best Practices, Internal Audit, Performance Management/Measurement, Internal Audit Administration, Quality Assessment Review December 22, 2000 Audit Report Tracker - Sample This simple one-page tracking sheet allows you to follow the status of a particular internal audit report. It tracks the date the draft was distributed, the intended reviewer, and date of comments received. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting, Internal Audit Administration November 30, 2000 Audit Test Selection: Case Studies These case studies describe internal audit situations for different business processes. CONTENT AREA: Samples TOPICS: Audit Testing, Customer Satisfaction, Internal Audit, Internal Audit Administration, Materials Management & Inventory, Purchasing & Accounts Payable, Training & Development November 15, 2000 Self Assessment: Sample Session The following is taken from an actual self assessment session, investigating possible process improvements for the Foreign Exchange process. CONTENT AREA: Samples TOPICS: Internal Audit, Self-Assessment November 13, 2000 Audit Status Worksheet - Sample This worksheet allows the progress of all completed and in-progress audit activity during a specified period to be tracked. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting, Internal Audit Administration November 13, 2000 Quality Assurance Review (QAR) Implementation Report - Sample This presentation provides an example of how recommendations and action plans can be presented to management upon completion of a Quality Assurance Review (QAR). CONTENT AREA: Samples TOPICS: Internal Audit, Internal Audit Administration, Quality Assessment Review November 4, 2000 Balanced Scorecard Performance Measures for Internal Audit - Sample Balanced scorecards look at performance from four perspectives, rather than from a single bottom-line measure. Balanced scorecards can be used to demonstrate the value of departments to their companies, and to make departments more responsive to corporate needs. CONTENT AREA: Samples TOPICS: Internal Audit, Performance Management/Measurement, Internal Audit Administration November 4, 2000 Risk Assessment and Control Activities Worksheet - Sample This worksheet can be used as a template for documenting and linking business risks,
process objectives, related controls, and an auditor's evaluation. It is based on the COSO framework. CONTENT AREA: Samples TOPICS: COSO, Risk Management & Assessment, GRC October 28, 2000 Action Planning Matrix - Sample This matrix template can be used to identify corrective action steps, the persons responsible for taking corrective actions, and the due dates for completing corrective actions. CONTENT AREA: Samples TOPICS: Internal Audit, Audit Reporting October 28, 2000 Audit Opinion/Conclusion Writing - Sample This report-writing example illustrates how different types of opinions/conclusions could be issued at the completion of an audit. CONTENT AREA: Samples TOPICS: Internal Audit, Training & Development, Audit Reporting, Internal Audit Administration October 28, 2000 Audit Planning Memo - Sample The Audit Planning Memorandum (APM) documents the overall audit approach. It should however, not repeat other planning documentation. CONTENT AREA: Samples TOPICS: Internal Audit, Risk Management & Assessment, Internal Audit Administration, Audit Planning, GRC
|