Wed, Sep 13, 2023


The following tools were published on KnowledgeLeader this week:

Password Security Policy

Use the four sample policies included in this tool to establish your company’s guidelines regarding secure and consistent system passwords.  Sample procedures include: users must not write down or otherwise record their passwords in readable form near the system to which the password pertains; passwords must not be written down and left in a place where others might discover them.

Banking/Financial Institution Account Policy 

This tool contains three sample policies that establish guidelines for a company’s activities related to opening, closing and maintaining financial institution accounts.  In these samples, Treasury should establish and maintain written policies and central control procedures related to opening, closing and maintaining financial institution accounts.

Finance Department Review Report

This Finance Department Review Report can be used by auditors looking to identify performance gaps and improvement opportunities in the finance department. In this sample, internal audit's work consisted of conducting a kickoff meeting with the finance department leadership team; conducting an analysis of the finance department infrastructure utilizing the internal auditor's six elements of the infrastructure framework.

IT Asset Management Audit Work Program

This work program includes two samples that each cover a complete IT asset management diagnostic audit. Areas covered within these work programs include tactical alignment, stability and reliability, human capital, the IT asset management function, IT asset management processes and IT asset financial management.

Enterprise Risk Management Summary Approach Guide

Components of this ERM approach include planning, facilitating risk discussions, analyzing risk, external verification, management review, gap assessment, and coordination and oversight. This document includes activities and output/deliverables for each component.

Sarbanes-Oxley Self-Assessment and Self-Testing Guide

This guide includes the following sections: Mapping Global Risk Set of Risks and Initial Template Completion for: Self-Testing (for those entities with existing SOX documentation that require self-testing for specific processes) and Self-Assessment (for those entities without any existing SOX documentation); Reporting Results; Project Timeline; Appendix I: Control Attributes; and Appendix II: Testing Instructions.


KnowledgeLeader has also published several publications this week.

Good, Better and the Best Security

If the goal of an organization is to build a culture of cybersecurity awareness, the cybersecurity leadership and the security team must be approachable and engaged with the business. The desire to demonstrate or measure security through the application of key performance indicators (KPIs) becomes counterintuitive to actual progress in strengthening the organizational cybersecurity posture. 

Audit Fee Trends of S&P 500

The S&P 500 is one of the most followed equity indices that tracks the largest 500 companies listed on U.S. exchanges. Does this mean they are susceptible to paying higher audit fees overall? There are many factors that affect the general cost of an audit. The amount of time and labor needed to perform the audit, the complexity of the company and its financials, and the potential risk or liability a firm takes on when they provide an audit are all factors evaluated when it comes time to pay external auditors. 

Metaverse 2030: Defining the “Next Internet” and Finding Ways for Businesses to Thrive in It

A leading metaverse proponent describes the internet’s next evolutionary phase by clarifying what it isn’t. The metaverse is not immersive virtual reality (VR), a VR headset, a new video game or “an all-encompassing clear vision of the future,” according to Matthew Ball, author of The Metaverse: And How It Will Revolutionize Everything.

Recommended Resources 

This list of recommended resources from the web may be of interest to you. Click each link to learn more. 

  1. A Pandemic-Era Tax Break That Remains Rife With Abuse — The ERC
  2. A Full-Blown Debt Crisis Is Avoidable
  3. Evolving No Surprises Act Requirements Continue to Be a Heavy Lift