This memo captures details for SOX IT testing, including objectives, project scope, transaction types, key risks, coordi...

In issue 12 of The Bulletin, Protiviti explores the question, “Are organizations curious enough to really understand all...

This sample policy helps to summarize management’s approach to plan, organize, execute, document and support its assessm...

This sample IT risk assessment audit report presents findings from an entity-level risk analysis review.

This basic-level course introduces COSO and the COSO Internal Control Integrated Framework and its five components.

This memo documents instructions for reviewing and testing a company's internal control environment.

This issue identification memo can be used to notify auditees of specific issues identified during an internal audit.

This memo outlines a process for reviewing entity-level controls.

This issue of Board Perspectives: Risk Oversight outlines important lessons for board members to consider as directors e...

In this issue of The Bulletin, we share 10 lessons learned from COSO 2013 successful implementations from a variety of s...

This questionnaire provides a format to evaluate current self-assessment practices and identify areas for improvement.

In this booklet, we provide guidance to Section 404 compliance project teams on the consideration of information technol...