Our Entity-Level Controls Audit Work Program serves as a comprehensive guide for evaluating the entity-level controls within an organization, ensuring compliance with the Sarbanes-Oxley Act (SOX) requirements. It provides auditors with a structured framework to assess the effectiveness of internal controls that impact financial reporting and legal compliance. It begins by outlining the audit objectives, emphasizing the importance of evaluating the control environment, risk assessment processes, information and communication systems, control activities, and monitoring mechanisms. These elements are crucial in fostering a robust control environment that upholds integrity, ethical values and management's commitment to competence. Additionally, it details the expectations for organizational structure, authority assignment and human resources policies.

This audit program includes two samples of entity-level controls audit work programs. Sample 1 focuses on various controls and inspection tests that auditors should conduct, such as obtaining documentation related to the code of conduct, ethics training, job performance evaluations and financial reporting responsibilities. This sample illustrates how to ensure that the board of directors is adequately informed and involved in the oversight of the financial reporting process, including the establishment of an internal control steering committee and regular meetings with external auditors. Sample 2 delves deeper into the specifics of entity-level controls, particularly concerning the company's anti-fraud program. It outlines the critical components of the control environment, including the evaluation of fraud risks and the implementation of controls designed to mitigate these risks. This sample also highlights the significance of having an effective audit committee, detailing the independence of its members, their defined roles, and the level of engagement with both internal and external auditors. The appendix provides a thorough checklist of entity-level documentation requests, covering a wide range of documents from corporate governance policies to internal audit charters and risk assessments, ensuring that all necessary documents are collected and reviewed during the audit process.

Audit steps include:

• Inspect the training materials from the (Insert Year) ethics and compliance training events.
• Verify that the code contains consequences for deviations from the code.
• Obtain documentation showing the planning of Section 404 compliance efforts.
• Ensure that directors are independent.