This memo documents instructions for reviewing and testing a company's internal control environment, which consists of the following cycles: financial reporting, tuition, purchases and payables, development, auxiliary, information technology, platform security, security management, end-user computing, and systems development lifecycle.

In this example, an external auditor has been engaged to express an audit opinion on the financial statements of a company, in accordance with U.S. generally accepted accounting principles. The external auditor sets the procedures necessary for the internal auditor to perform in order to place reliance on testing of the internal control environment.