
The work program specifically focuses on entity-level controls topics such as: (1) control environment, including integrity and ethical values, management commitment to competence, an effective board of directors, management's philosophy and operating style, organizational structure, assignment of authority and responsibility, etc; (2) risk assessment, covering entity-level objectives, process-level objectives, risk identification and analysis, and managing change; (3) information and communication, including quality of information, and effectiveness of communication; (4) control activities, including process controls; and (5) monitoring, covering ongoing monitoring activities, evaluation of the internal control system, and reporting deficiencies.