Internal Control Strategies: A Mid to Small Business Guide


Praise for Internal Control Strategies A Mid to Small Business Guide

"Internal Control Strategies is an excellent field guide for the implementation and maintenance of efficient and effective internal control systems. The book provides a practical approach to interpreting guidance from oversight agencies and integrating it with industry practice in a real-world environment. This handbook is an essential tool for managers and professionals going through the day-to-day struggle of managing auditor expectations and permitting business to proceed in the most efficient manner."
—Michael Rodriguez, former senior manager of finance, Qualcomm Incorporated

"Internal Control Strategies is the clearest path forward for middle-market SEC registrants and their independent registered public accounting firms as they streamline the SOX 404 compliance process in 2008 and beyond."
—Stephen G. Austin, MBA, CPA, Managing Firm Partner,Swenson Advisors, LLP, Regional PCAOB Accounting Firm

"Clearly written and practical, Internal Control Strategies is a must-read for every chief audit, finance, or compliance executive."
—Jeff Miller, Partner-in-Charge, Business Risk Services, Squar, Milner, Peterson, Miranda & Williamson, LLP

"As a CFO of small to mid-sized publicly traded and privately held companies, one is usually faced with the challenge of developing and implementing the right levels of internal controls and compliance within the restrictions of limited financial and human resources. Internal Control Strategies presents the relevant topics in a clear and concise manner, allowing the reader to understand the internal control framework and specific underlying requirements quickly. The author's vast experience with SOX compliance ensures a targeted and pragmatic approach for the successful implementation of internal controls. Her recommendations are 'to the point' and eliminate some of the guesswork we all have experienced while working towards SOX compliance."

—Robert S. Stefanovich, Chief Financial Officer, Novalar Pharmaceuticals, Inc.

The SEC requires all publicly traded companies to attest to the effectiveness of their internal controls.

Is your business ready?

Internal Control Strategies: A Mid to Small Business Guide clearly explains the latest PCAOB, SEC, and COSO guidance, providing you with an effective tool and reference guide for successful implementation of sections 302 and 404 of the Sarbanes-Oxley Act.

Extremely knowledgeable and insightful, author Julie Harrer brings practical clarity to this complex topic, leading you step by step in addressing the challenges associated in bringing your business in compliance with SOX.

Julie Harrer, CPA, is the President and founder of Hamlet Auditing Corporation, a consulting firm that provides Sarbanes-Oxley, management advisory, process improvement, and accounting services. She managed the Sarbanes-Oxley section 404 project for Qualcomm Incorporated, the first company to comply with section 404 in November 2004. Since then, she has managed several compliance projects as both an external auditor and internally working with management of large and small public companies. Prior to creating her own firm, she was vice president of finance for eAssist Global Solutions and Controller for MarDx Diagnostics. She began her career in public accounting as an auditor with Cairns, Eng & Applegate, LLP and Carter Polito Muscio, Inc.

Chapter 1: Understand the SEC's Guidance for Management.

Purpose of Internal Control over Financial Reporting.

Evaluation Process.

Reporting Considerations.

Rule Amendments and other SEC Guidance Related to Internal Control over Financial Reporting.

Chapter 2: The PCAOB's Auditing Standard No. 5.

Eight Concepts to Focus the Audit on Matters Most Important to Internal Control.

New Emphasis on Entity-Level Controls

Importance of a Fraud Risk Assessment.

Tips to Eliminate Unneccessary Procedures.

Scaling Audits for Smaller Companies.

Chapter 3: SEC's Guidance on a Risk-Based Approach.

Highlights of the SEC Staff Statement.

Staff's Emphasis on Reasonable Assurance.

Comments on Evaluating Internal Control Deficiencies.

Disclosures about Material Weaknesses.

Information Technology Comments from the Staff.

Communications with Auditors: An Unintended Consequence.

Message for Small Business Issuers and Foreign Private Issuers.

Chapter 4: Highlights of the PCAOB's May 2005 Policy Statement.

Policy Statement Highlights.

Integrating the Financial and Internal Control Auidts.

Importance of Professional Judgment.

Top-Down Approach and Role of Risk Assessment.

When Auditors Can Use the Work of Others.

Auditors' Ability to Provide Advice to Audit Clients.

How the PCAOB Inspections Help Drive Improvements.

A Final Comment.

Chapter 5: Starting at the Top: Using Entity-Level Controls to Create Efficiencies.

What are Entity-Level Controls?

How Strong Entity-Level Controls Can Reduce the Scope of Your Program.

How to Apply COSO's Recent Internal Control Guidance.

How to Create a Winning Control Environment.

Steps for Creating a Useful Risk Assessment Process.

Control Activities.

Creating an Effective Information and Communication Program.

How to Implement Successful Monitoring Controls.

How to Assign Roles and Responsibilities to Enhance Internal Controls.

Small-Company Issues for Implementing Entity-Level Controls.

Summary of COSO's Guidance for Smaller Public Companies.

Chapter 6: Minimizing Excess through Proper Scoping and Planning Practices.

Scoping Analysis Event or Process?

How to Determine Materiality for Scoping Purposes.

How to Use a Top-Down, Risk-Based Approach to Reduce the Scope of Your Program.

Methods for Determining Significant Locations.

Specific Areas Included and Excluded by the PCAOB.

PCAOB and SEC Guidance on Other Common Scoping Issues.

Tips for Resource Planning and Developing Useful Timelines.

Chapter 7: Advantageous Project Management Techniques.

11 Areas of Focus for the Second Year and Beyond.

How to Increase Productivity with a Sound Management Approach.

Aim for the Target Instead of the Way to Get There.

More Project Management Tips.

Staffing Strategies.

Restructuring the Organizational Chart for Sustainability.

How to Communicate Effectively through Emails, Meetings, and Advisories.

Tactics for Dealing with Business Changes for Sections 302 and 404 Compliance.

Chapter 8: Streamlining Documentation.

Three Ideas to Improve Your Overall Documentaion Process.

Clearing the Clutter: How to Create and Maintain Meaningful Control Matrices.

Using Relevant Financial Assertions for Planning Purposes.

Financial Assertion Help for Nonauditors

Techniques for Scrutinizing the Number of Key Controls.

How to Reduce and Improve Controls with Standardization.

Practical Ideas for Documentation at International Locations.

How to Create an Effective Spreadsheet Control Program.

How to Create Strong Financial Reporting Controls.

Tools for Assessing Control Design.

An Alternative to Gap Remediation.

Three More Ideas for Improving Documentation. 

Chapter 9: Economical Testing Techniques.

Testing Control Design and Operating Effectiveness.

Practical Steps to Applying Guidance on the Nature, Timing, and Extent of Testing.

Suggestions for Testing Significant Manual and Nonroutine Transactions.

Using Update Tests to Ease the Burden of Testing at Year-End.

Five Ideas for the Timing of Control Tests.

Types of Control Tests and When to Use Them.

Why Your Should Minimize the Use of Self-Assessment Tests.

Maximizing Your Auditors' Reliance on the Work of Others.

More Inspiration on Efficient Testing.

Chapter 10: Methods for Remediation Madness.

Do All Controls Have to Be Remediated?

For-Now Approach to Remediation.

Creating Meaningful Remediation Plans.

Nine Practice Tips for the Remediation Phase.

Sufficient Periods for Remediated Controls.

Steps to Prepare for Retesting.

Project Management Tools for Remediation.

Chapter 11: Taking the Mystery out of Evaluating Deficiencies.

Deficiencies Defined.

Analytical Steps for Evaluating Deficiencies.

Are All Exceptions Considered Deficiencies?

Techniques for Aggregating Deficiencies.

Typical Material Weaknesses.

Unique Nature of IT General Control Deficiencies.

Market's Reaction to Process Specific versus Pervasive Material Weaknesses.

How to Improve Material Weakness Disclosures.

AS No. 4 and Reporting Whether a Previously Reported Material Weakness Still Exists.

Successful Communication of Deficiencies to Management and the Audit Committee.

Suggestions for Management's Final Assessment Report. 

Chapter 12: Common Areas of Concern and How to Address Them.

Control Options for the Use of Service Organizations.

What to Do with Mergers and Acquisitions Activities.

A Unique Solution for Managing the Tax Process.

How to Minimize IT Developer Access to Production Issues.

What to Do When Your ERP System Is Not Compatible with Your Access Controls.

Tips for Changing ERP System and Staying SOX Compliant.

Practical Ideas for Document Retention Requirements.

Thoughts on Changing Accounting Firms.

Appendix A: Simplified Sample Entity-Level Control Matrices.

Appendix B: COSO's Internal Controls Checklist for Entity-Level Controls.

Appendix C: Standardized Period-End Process Control Matrix.

Appendix D: PCAOB Staff Question-and-Answer Index.

Appendix E: SEC Office of the Chief Accountant Frequently Asked Questions Index.

Appendix F: Summary of Changes Made to Auditing Standard No. 2 and the Related New Guidance.