KnowledgeLeader's guides can be used as development tools for managing risk, conducting internal audits and leading an internal audit department. They provide innovative auditing techniques, processes and procedures, audit plans, training, and more. As always, these tools are provided in downloadable versions, so they can be customized for use in your organization.

We offer over 100 sample guides that offer a wide range of support. Some of KnowledgeLeader's most popular guides are listed below. For a full list of available items, visit our Guides content area.

INTERNAL AUDIT GUIDE SAMPLES

Self-Assessment Validation and Independent Testing: Level of Effort Estimate Guide
Navigating the complexities of self-assessment and independent testing can be a little difficult, but our Self-Assessment Validation and Independent Testing Level of Effort Estimate Guide transforms this challenge into a manageable process. This resource empowers organizations to methodically estimate the time and effort required for effective risk management activities. By focusing on key components such as control testing and risk identification, the guide illuminates the pathways to achieving operational efficiency while ensuring accountability among stakeholders. With a clear outline of roles and responsibilities, it sets the stage for a collaborative approach to enhancing the control environment.

Risk Management Concepts Guide
In this tool, we’ve compiled guidelines that auditors can use to better understand and improve the organization’s risk management processes. This guide underscores the importance of an integrated risk management (ERM) approach that encompasses all strategic, operational, compliance and reporting risks. It also outlines key components such as developing a risk management policy, integrating risk management into existing processes, clearly defining roles and responsibilities, and maintaining focused executive and board reporting. It also emphasizes building and driving a risk-aware culture, assigning clear accountability, and using consistent risk language and evaluation scales. The document details various risk management techniques such as avoiding, accepting, reducing and transferring risks, along with specific actions like divesting, prohibiting, self-insuring and outsourcing.  

SARBANES-OXLEY ACT GUIDE SAMPLES

Sarbanes-Oxley 404 IT Testing Methodology
Use the high-level diagram in this guide to test your company’s Sarbanes-Oxley Section 404 IT general control set. According to this sample, in order to define the company’s Sarbanes-Oxley Section 404 scope, IT management will work closely with the business (process owners/control owners and their delegates) to identify and evaluate the in-scope financial processes. Various applications, systems and platforms will be in scope, though this list may change from year to year. As part of the annual planning process, IT management will review the IT general controls in the context of the business process. 

Sarbanes-Oxley Process Improvement Guide
Use this guide to transition your organization’s SOX sustainability program from an ad-hoc process to a sustainable, cost-effective and value-added process over time. In order to meet this objective, the sustainability plan has four stages. The benefits of this approach include: responsibility for assessing control lies with the process owner, control monitoring is part of regular job performance, all levels of organization assume responsibility for effective risk management, self-assessment reinforces process owner accountability for critical controls, a wider range of locations is covered, and costs of compliance are decreased through imbedding control ownership within the organization.  

COMPLIANCE GUIDE SAMPLES

Root Cause Analysis Guide
Organizations can use this tool to enhance problem-solving capabilities through root cause analysis (RCA). This document is designed to equip users with key concepts, tools and methodologies necessary to identify the underlying causes of issues rather than just addressing the superficial symptoms. It provides detailed guidance on documenting root causes accurately, avoiding common pitfalls that merely restate the issue, and ensuring that management action plans are comprehensive and effective in preventing recurrence. 

IT General Controls Guide
Auditors can use the comprehensive framework in our IT General Controls Guide to assess and ensure the effectiveness of an organization's IT general controls. It outlines a step-by-step approach for identifying critical applications and associated IT processes, evaluating risks at each technology layer (application, database, operating system and network), and determining control objectives without specifying key controls. The guide emphasizes a risk-based methodology to scope IT process controls in alignment with financial reporting requirements.

SECTION 404: INTERNAL CONTROL REPORTING GUIDE SAMPLES

Process and Activity-Level Controls Assessment Guide
This sample document can be used as a guide to assessing controls at the process or activity level. Example steps include selecting the priority elements, understanding the processes, sourcing the risks, documenting the key controls, assessing the control design, and validating the control operation and reporting.

Documenting Processes and Controls for Sarbanes-Oxley Guide
Organizations can utilize this manual as a guide for establishing consistent and thorough Sarbanes-Oxley documentation standards. According to this guide, to write a process narrative and a process flow chart, it is helpful to conduct a walk-through. A walk-through is a process by which you take one example of a transaction and trace it all the way through the process. During the walk-through, ask questions to validate your understanding of the process so that you can document it as accurately as possible. The purpose of the walk-through is to validate the completeness and accuracy of process documentation.