Internal Control Strategies: A Mid to Small Business Guide Book

Preface     ix
Understanding the SEC's Guidance for Management     1
Purpose of Internal Control over Financial Reporting     1
Evaluation Process     5
Reporting Considerations     12
Rule Amendments and other SEC Guidance Related to Internal Control over Financial Reporting     14
The PCAOB's Auditing Standard No. 5     19
Eight Concepts to Focus the Aduit on Matters Most Important to Internal Control     20
New Emphasis on Entity-Level Controls     28
Importance of a Fraud Risk Assessment     29
Tips to Eliminate Unnecessary Procedures     30
Scaling Audits for Smaller Companies     36
SEC's Guidance on a Risk-Based Approach     39
Highlights of the SEC Staff Statement     40
Staff's Emphasis on Reasonable Assurance     41
Comments on Evaluating Internal Control Deficiencies     45
Disclosures about Material Weaknesses     46
Information Technology Comments from the Staff     47
Communications with Auditors: An Unintended Consequence     48
Message for Small Business Issuers and Foreign Private Issuers     50
Highlights of the PCAOB's May 2005 Policy Statement     51
Policy Statement Highlights     52
Integrating the Financial and Internal Control Audits     52
Importance of Professional Judgment     55
Top-Down Approach and Role of Risk Assessment     56
When Auditors Can Use the Work of Others     57
Auditors' Ability to Provide Advice to Audit Clients     57
How the PCAOB Inspections Help Drive Improvements     59
A Final Comment     59
Starting at the Top: Using Entity-Level Controls to Create Efficiencies     61
What are Entity-Level Controls?     61
How Strong Entity-Level Controls Can Reduce the Scope of Your Program     62
How to Apply COSO's Recent Internal Control Guidance     65
How to Create a Winning Control Environment     66
Steps for Creating a Useful Risk Assessment Process     76
Control Activities     85
Creating an Effective Information and Communication Program     85
How to Implement Successful Monitoring Controls     90
How to Assign Roles and Responsibilities to Enhance Internal Controls     94
Small-Company Issues for Implementing Entity-Level Controls     98
Summary of COSO's Guidance for Smaller Public Companies     103
Minimizing Excess through Proper Scoping and Planning Practices      105
Scoping Analysis: Event or Process?     106
How to Determine Materiality for Scoping Purposes     106
How to Use a Top-Down, Risk-Based Approach to Reduce the Scope of Your Program     111
Methods for Determining Significant Locations     116
Specific Areas Included and Excluded by the PCAOB     120
PCAOB and SEC Guidance on Other Common Scoping Issues     123
Tips for Resource Planning and Developing Useful Timelines     124
Advantageous Project Management Techniques     127
11 Areas of Focus for the Second Year and Beyond     128
How to Increase Productivity with a Sound Management Approach     129
Aim for the Target Instead of the Way to Get There     130
More Project Management Tips     135
Staffing Strategies     138
Restructuring the Organizational Chart for Sustainability     144
How to Communicate Effectively through Emails, Meetings, and Advisories     148
Tactics for Dealing with Business Changes for Sections 302 and 404 Compliance     150
Streamlining Documentation     155
Three Ideas to Improve Your Overall Documentation Process     157
Clearing the Clutter: How to Create and Maintain Meaningful Control Matrices     159
Using Relevant Financial Assertions for Planning Purposes     161
Financial Assertion Help for Nonauditors     162
Techniques for Scrutinizing the Number of Key Controls     163
How to Reduce and Improve Controls with Standardization     166
Practical Ideas for Documentation at International Locations     168
How to Create an Effective Spreadsheet Control Program     169
How to Create Strong Financial Reporting Controls     172
Tools for Assessing Control Design     175
An Alternative to Gap Remediation     176
Three More Ideas for Improving Documentation     177
Economical Testing Techniques     181
Testing Control Design and Operating Effectiveness     181
Practical Steps to Applying Guidance on the Nature, Timing, and Extent of Testing     182
Suggestions for Testing Significant Manual and Nonroutine Transactions     184
Using Update Tests to Ease the Burden of Testing at Year-End     186
Five Ideas for the Timing of Control Tests     190
Types of Control Tests and When to Use Them     194
Why You Should Minimize the Use of Self-Assessment Tests     197
Maximizing Your Auditors' Reliance on the Work of Others     199
More Inspiration on Efficient Testing     210
Methods for Remediation Madness     215
Do All Controls Have to Be Remediated?     216
For-Now Approach to Remediation     217
Creating Meaningful Remediation Plans     218
Nine Practice Tips for the Remediation Phase     218
Sufficient Periods for Remediated Controls     221
Steps to Prepare for Retesting     222
Project Management Tools for Remediation     223
Taking the Mystery out of Evaluating Deficiencies     227
Deficiencies Defined     228
Analytical Steps for Evaluating Deficiencies     230
Are All Exceptions Considered Deficiencies?     235
Techniques for Aggregating Deficiencies     237
Typical Material Weaknesses     239
Unique Nature of IT General Control Deficiencies     240
Market's Reaction to Process Specific versus Pervasive Material Weaknesses     242
How to Improve Material Weakness Disclosures     244
AS No. 4 and Reporting Whether a Previously Reported Material Weakness Still Exists     245
Successful Communication of Deficiencies to Management and the Audit Committee     246
Suggestions for Management's Final Assessment Report     247
Common Areas of Concern and How to Address Them     251
Control Options for the Use of Service Organizations     252
What to Do with Mergers and Acquisitions Activities     258
A Unique Solution for Managing the Tax Process     261
How to Minimize IT Developer Access to Production Issues     263
What to Do When Your ERP System Is Not Compatible with Your Access Controls     264
Tips for Changing ERP Systems and Staying SOX Compliant     266
Practical Ideas for Document Retention Requirements     267
Thoughts on Changing Accounting Firms     269
Simplified Sample Entity-Level Control Matrices     271
COSO's Internal Controls Checklist for Entity-Level Controls     279
Standardized Period-End Process Control Matrix     283
PCAOB Staff Question-and-Answer Index     287
SEC Office of the Chief Accountant Frequently Asked Questions Index     291
Summary of Changes Made to Auditing Standard No. 2 and the Related New Guidance     295
Index     301