This memo captures details for SOX IT testing, including objectives, project scope, transaction types, key risks, coordi...

This sample IT risk assessment audit report presents findings from an entity-level risk analysis review.

This basic-level course introduces COSO and the COSO Internal Control Integrated Framework and its five components.

This memo documents instructions for reviewing and testing a company's internal control environment.

This issue identification memo can be used to notify auditees of specific issues identified during an internal audit.

This memo outlines a process for reviewing entity-level controls.

In this issue of The Bulletin, we share 10 lessons learned from COSO 2013 successful implementations from a variety of s...

This questionnaire provides a format to evaluate current self-assessment practices and identify areas for improvement.

In this issue of Board Perspectives: Risk Oversight, we argue what qualifications a company should look for when evaluat...

This issue of Board Perspectives: Risk Oversight lists some recommendations for board members to consider about the curr...

Included in the inaugural edition of Board Perspectives: Risk Oversight are questions board members should ask of execut...

The questions answered in this booklet have risen in our discussions with clients and others in the marketplace who freq...