This document contains two sample audit reports that can be used to document management’s assessment of internal controls over each of the five components at the entity level.

Testing involved activities such as facilitating an entity-level survey of top management to assess their views on the entity-level controls, reviewing documentation of entity-level controls as they exist, reviewing entity-level information technology controls, and assessing control effectiveness at the entity level and making recommendations for improvement as appropriate.

The following observations were noted as a result of testing:

• Key managers have adequate knowledge and experience to perform their responsibilities.
• Managers and employees agree with the measures used to monitor their performance.
• Personnel policies address adherence to appropriate ethical and moral standards.
• A process exists to inform the board of significant issues in a timely manner.