Download the 10 most frequently viewed audit tools and publications on KnowledgeLeader in April.

1. IT General Controls Audit Work Program

This tool contains four sample work programs that provide best-practice steps an organization should consider when evaluating its IT general controls environment. The objective is to assess how well the infrastructure, applications, policies and procedures support the organization’s operations. This evaluation involves identifying ITGCs through discussions with key IT personnel and reviewing relevant policies and documents. The design assessment compares current practices against leading IT frameworks such as COBIT and ITGI, allowing for a thorough understanding of the organization's adherence to best practices.

2. Internal Audit Status Update Report

Access our internal audit status update report for detailed information on enterprise risk planning (ERP) control changes and NIST CSF key areas. This document offers a detailed summary of an internal audit plan, including the status and completion percentages of various audit projects. It highlights completed audits, such as a company’s post-implementation review, providing insights into the scope, results and identified opportunities for improvement.

3. Fixed Assets Audit Work Program

The attached Fixed Assets Audit Work Program outlines the process of auditing fixed assets to ensure accurate capitalization, depreciation and accounting. The primary goal of this audit program is to maintain the integrity of financial statements. The document includes six samples, each with specific procedures and steps. Sample 1 outlines the initial understanding of fixed assets, emphasizing policies on classification, useful life determination and depreciation calculation.

4. Employee Stock Option Termination Policy

Use the procedures and guidelines in this policy to handle stock options when employment is terminated. This policy ensures that terminated employees are aware of their rights and obligations regarding vested and unvested stock options. It mandates that terminated employees must exercise any vested options within 30 days, or they will be automatically canceled. The document also details the step-by-step process for HR representatives to manually terminate employees in various systems, update payroll, and manage the transfer of data to the online equity administrator.

5. Enterprise Risk Assessment Process Questionnaire

Our Enterprise Risk Assessment Process Questionnaire can be used to evaluate and enhance their risk management processes. This document is designed to facilitate discussions among board members, management and internal auditors regarding the identification, assessment and prioritization of risks that could impact the organization's strategic objectives. It includes a series of structured questions aimed at assessing the board's involvement in risk evaluation, the effectiveness of current risk management practices, and the alignment of these practices with the organization's overall strategy.

6. Quarterly Compliance Assessment Audit Report

Our Quarterly Compliance Assessment Audit Report is an essential tool for evaluating and ensuring adherence to established compliance policies and procedures within your organization. This document provides a robust review of various key areas, including anti-money laundering (AML), whistleblowing, custody, insurance and the code of ethics. By documenting thorough testing and validation of these areas, the report helps identify any deficiencies or enhancement opportunities, allowing management to implement corrective action plans.

7. Sarbanes-Oxley Documentation Review Audit Work Program

Our Sarbanes-Oxley Documentation Review Audit Work Program can be used to evaluate the adequacy and effectiveness of documentation related to SOX Section 404 compliance. This tool facilitates a thorough understanding of the process, controls, risks and key roles involved in maintaining compliance. By downloading this tool, you can expect to benefit from detailed guidance on project planning, execution and reporting, which ensures that all process maps and risk and control matrices (RCM) are accurately updated and reviewed. The work program outlines steps for obtaining current documentation, interviewing process owners, and verifying the relevance and accuracy of the existing controls.

8. Internal Audit Plan Status & Report to the Audit Committee

Document updates on the internal audit plan status and its implications for the audit committee's decision-making process. This document is primarily used to communicate with the audit committee about the status of various audits and projects scheduled throughout the fiscal year. It details the execution stages of ongoing audits, including scope, fieldwork progress and reporting phases, as well as outlines the results and recommendations from audits completed within the quarter.

9. Entity-Level Controls Risk Assessment Questionnaire

Risk assessment is the component of the entity’s internal control that involves identifying and analyzing risks internally and externally. Risk assessment is relevant to achieving business objectives as well as objectives related to the preparation of reliable financial statements. This questionnaire template provides a number of COSO elements and the related objectives for entity-level controls. Within the questionnaire, you can document the control's COSO attribute, whether the control exists, whether it was designed properly, related test procedures, management's action plan for deficiencies, and more.

10. Process Documentation Narrative and Flow Chart Guide

Documenting the understanding of a process, related controls, and key roles and responsibilities can be achieved through process narratives and flow charts. Both of these documentation techniques assist internal audit teams and those responsible for the processes with establishing a common understanding of a process. Once these documents are confirmed as accurate, they provide a baseline for performing risk analysis, testing internal controls and implementing process improvements as necessary.