This page contains an updated, alphabetized list of the audit memos that are available on KnowledgeLeader. These memos are provided in downloadable versions, so they can be repurposed for use in your organization.
A
Accounts Receivable Collections Confirmation Memo
When conducting a routine audit of the procedures followed for posting payments on accounts sent to the company’s collection attorneys, certain collection accounts are randomly selected for payment testing. This sample memo is used for confirming payment details of accounts selected from respective guarantors by the accounts receivable manager.
Audit Planning Memo
This audit planning memo is divided into three sections: administration and job set-up, risk assessment, and approach.
Audit Planning Memo: Sample 2
This memo documents an audit approach to evaluating the adequacy of the design of new controls and the effectiveness of existing controls.
Audit Report Rating Memo
This memo outlines a system to use when rating individual audit findings and overall audit reports. It is designed to be referenced by all members of the internal audit department when reviewing findings that are noted during an audit.
C
Cash Applications Observations Memo
This memo outlines internal audit's observations related to a locations FSC cash applications process.
D
Data Breach Notification Memo
This memo notifies an individual regarding the possibility of a personal information breach and explains the steps taken by a company to protect against identity theft or abuse of information.
Data Governance Review Phase I Memo
This memo documents internal audit's summary of findings from a data governance review.
Delegated Entity Review Memo
This memo focuses on IT SOX readiness procedures for an application, testing change management, computer operations and logical security areas.
E
Enterprise Accounting System Post-Implementation Review Memo
This review focuses on the configurable application controls, application security, and segregation of duties for the accounts payable and general ledger modules.
Entity-Level Controls Memo
This memo can be used as a working template to ensure all company entity-level controls exist, are reviewed in detail and can document additional findings in need of escalation.
Expense Reporting Policy Violation Memo
This memo notifies an employee of potential non-compliance with the company’s expense reporting policy.
F
Financial Elements and Business Process Prioritization Memo
This memo summarizes the customized models used to prioritize financial statement elements (FSE) and processes for Sarbanes-Oxley (SOX) Section 404 compliance. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
I
Internal Audit Planning Memorandum
This internal audit planning memorandum documents the audit approach and administrative details for each audit.
Internal Audit Project Administration Memo
This memo documents a company’s approach to administering and supervising internal audit work completed by department personnel for a specific project.
Internal Audit Risk Assessment Announcement Memo
This sample letter from the internal audit director informs all participants of a company-wide internal audit risk assessment and solicits their participation.
Internal Control Audit Instructions Memo
This memo documents instructions for reviewing and testing a company's internal control environment.
Issue Identification Memo
This sample letter notifies an auditee of a specific issue identified during an internal audit.
M
Management Response to Internal Audit Reports Memo
This memo outlines specifics to consider when drafting management responses to audit observations.
Merger and Integration Memo
This memo outlines a project to document a company’s finance and accounting processes, as well as to identify the system support and interactions for these key processes. The project scope includes financial close procedures, but also all other independent financial processes for the purposes of identifying the system support and interactions for those processes.
Minimum Testing Standards for Systems and Data Memo
This memo outlines minimum IT controls around user access, change control, backup, privacy, licenses and document retention.
Mobile Device Procurement Memo
This memo outlines an internal audit review of an organization's mobile device procurement process.
N
Network Audit Management Memo
This memo documents low-risk opportunities in the network infrastructure environment identified during an internal audit review and meant for management’s information and consideration only.
P
Process-Level Documentation Requirements Memo
This memo describes the documentation requirements for each in-scope process related to Sarbanes-Oxley Section 404 compliance.
Procurement Card Internal Audit Planning Memorandum
This procurement card internal audit planning memorandum documents the audit approach and scope.
Purchasing Rebates Review Planning Memo
This memo documents an approach for planning a purchasing rebates review.
R
Remote Locations Audit Planning Memo
The purpose of this memo is to document the audit approach, project scope and project timing for auditing various locations of a university in order to determine compliance with select university policies and procedures, whether key financial controls exist and are operating effectively and whether reasonable security protocols are being followed.
S
Sarbanes-Oxley Act Project Approach Memo
The purpose of this memo is to document management’s approach for the current financial year's Sarbanes-Oxley compliance project processes.
Sarbanes-Oxley Multiple Locations Scoping Memo
This memo outlines the analysis performed by a company to determine the scope of internal control documentation and testing.
Sarbanes-Oxley Section 404 Project Conclusion Memo
This memo documents an organization’s approach to Sarbanes-Oxley Section 404 compliance as well as concluding results from the annual assessment.
Sarbanes-Oxley Spreadsheet Controls Memo
This is a sample email sent by the process owner to finance staff regarding the documentation of controls over spreadsheets as part of Section 404 SOX compliance.
Sarbanes-Oxley Testing Strategy Memo
This memo documents a company's high-level testing strategy for Sarbanes-Oxley compliance.
Scope of Application Security Memo
This memo outlines the assumptions and decision criteria in scoping the documentation efforts around application security.
SOX Year-End Update Testing Memo
This memo defines the process a company uses to update testing of internal controls for Sarbanes-Oxley compliance purposes near or at the year-end.