This tool defines lockbox accounts, shares leading practices to mitigate the effects of processing, and provides methods to consider.

This document contains three sample reports that can be used by auditors to learn how other organizations facilitated a site review audit.

This document includes two sample reports that can be used to communicate the results of a Sarbanes-Oxley Section 404 review and improve an organization’s internal control structure.

This sample questionnaire can be used by auditors to efficiently assess and classify an organization’s control deficiencies.

This sample questionnaire contains best practices and questions to consider for communicating and prioritizing risk across an organization.

This tool features questions to consider for verifying an organization’s internal controls over financial reporting (ICFR) during management’s assessment.

This sample charter outlines the responsibilities and duties, membership and operations, and meetings and attendance for an organization’s enterprise risk management (ERM) committee.

This tool contains technology-based questions to consider for evaluating and improving an organization’s enterprise risk management.

This sample contains eight policies that outline procedures governing the handling of protected health information (PHI) in compliance with HIPAA security provisions.

This tool contains two sample policies that establish procedures for determining the bad debt reserve when finalizing accounts receivable on the financial statements.

This document contains two sample audit reports that can be used to document management’s assessment of internal controls over each of the five components at the entity level.

This tool contains questions to consider for improving an organization’s risk management capabilities by evaluating its risk management executive committee (RMEC).