Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework

  • 8h 6m
  • Lynford Graham
  • John Wiley & Sons (US)
  • 2015

Internal Control Audit and Compliance provides complete guidance toward the latest framework established by the Committee of Sponsoring Organizations (COSO). With clear explanations and expert advice on implementation, this helpful guide shows auditors and accounting managers how to document and test internal controls over financial reporting with detailed sections covering each element of the framework. Each section highlights the latest changes and new points of emphasis, with explicit definitions of internal controls and how they should be assessed and tested. Coverage includes easing the transition from older guidelines, with step-by-step instructions for implementing the new changes. The new framework identifies seventeen new principles, each of which are explained in detail to help readers understand the new and emerging best practices for efficiency and effectiveness.

The revised COSO framework includes financial and non-financial reporting, as well as both internal and external reporting objectives. It is essential for auditors and controllers to understand the new framework and how to document and test under the new guidance. This book clarifies complex codification and provides an effective strategy for a more rapid transition.

  • Understand the new COSO internal controls framework
  • Document and test internal controls to strengthen business processes
  • Learn how requirements differ for public and non-public companies
  • Incorporate improved risk management into the new framework

The new framework is COSO's first complete revision since the release of the initial framework in 1992. Companies have become accustomed to the old guidelines, and the necessary procedures have become routine making the transition to align with the new framework akin to steering an ocean liner. Internal Control Audit and Compliance helps ease that transition, with clear explanation and practical implementation guidance.

About the Author

Lynford Graham is a Certified Public Accountant with more than 30 years of public accounting experience in audit practice and in various national firm policy development groups. He is a visiting professor of accountancy and executive in residence at Bentley University in Waltham, MA. He currently maintains an active consultancy practice in statistical audit sampling, litigation support and audit methodologies, and develops numerous training seminars for conferences and Firms.

He was a partner and the national director of audit policy for BDO Seidman LLP, responsible for the development and implementation of audit policy, sampling training, and audit software. Dr. Graham was responsible for BDO Seidman's implementation of audits of internal control under PCAOB AS 2 and participated with professional groups in developing industry-wide guidance on audits of internal control. Prior to joining BDO Seidman LLP, Dr. Graham was an associate professor of accounting and information systems and a graduate faculty fellow at Rutgers University in Newark, NJ. Prior to that, he was a national accounting and SEC consulting partner for Coopers & Lybrand.

Dr. Graham is a member of the American Institute of Certified Public Accountants and a past member of the AICPA's Auditing Standards Board. He chaired the AICPA's Audit Risk Guide Task Force (Assessing and Responding to Audit Risk in a Financial Statement Audit) and its updates through 2014, and was the principal author and chair of the task force clearing the 2008–2014 revisions of the AICPA audit guide Audit Sampling. He is the author of several AICPA courses on technical subjects.

Throughout his career he has maintained an active profile in the academic as well as the business community. In 2002 he received the Distinguished Service Award of the Auditing Section of the AAA. His numerous academic and business publications span a variety of topical areas, including information systems, internal controls, expert systems, audit risk, audit planning, fraud, sampling, analytical procedures, audit judgment, and international accounting and auditing. The coauthored paper cited several times in this book (Bedard, J., and L. Graham. 2011. Detection and severity classification of Sarbanes-Oxley Section 404 internal control deficiencies. The Accounting Review 86 (3): 825–855) was awarded the AAA-Deloitte Wildman award Gold Medal in 2012.

In this Book

  • What We All Share
  • Setting the Scope of Your Documentation Project—Identifying the Core
  • The Risk Assessment Component
  • Control Environment
  • Control Activities
  • Information and Communication
  • Monitoring
  • Evidence and Testing
  • Developing Questionnaires and Conducting Interviews
  • Assessing the Severity of Identified Controls Deficiencies
  • Reporting Requirements
  • Project Management and Tools Assessment Design
  • Illustrative Forms and Templates
  • Summing up