This page contains many of the samples that are available on KnowledgeLeader. These samples are all provided in downloadable versions so they can be repurposed for use in your organization.
Select one of the areas below to view summaries of these guides, or click to view the full list by Date, Title, or by Topic.
Audit Planning Memo – Sample 2
This memo provides a template for documenting the overall audit approach to evaluate the design of newly implemented controls or those planned to be implemented. It also focuses on evaluating the effectiveness of existing controls.
Request for Qualifications: IT Professional Services Qualified Vendor List – Sample
This is a sample request for qualified IT services to help create an IT vendor list for multiple year projects. The information requested in this document includes: description of work to be performed, service categories, procedures for obtaining services, and special contracting terms and conditions.
IT Projects Ranking Template – Sample
This sample provides a template to assess multiple project options using project risk factors and quantitative metrics.
Entity-Level Controls Memo – Sample
This memo can be used as a working template to ensure all company entity-level controls exist, are reviewed in detail and can document additional findings in need of escalation.
Management Response to Internal Audit Reports Memo – Sample
This sample memo provides guidance on drafting an action plan that will remediate risks associated with the observations noted during an audit.
Project Scope Change Request Form – Sample
This form documents the request to change project scope, identifying the purpose and the change management impact of the requested scope change.
Sarbanes-Oxley Section 404 Program Executive Scorecard - Sample
This document serves as an executive report template focused on the progress of the Sarbanes-Oxley Section 404 program.
Internal Audit Qualitative Diagnostic Presentation - Sample
This example presentation displays the results of an internal audit department evaluation to the audit committee, particularly following the quality assessment review process.
Process Level Documentation Requirements Memo – Sample
This memo describes example documentation requirements for Section 404 compliance efforts. The three levels of documentation standards described correlate to the priority rating of financial statement elements and associated processes.
Financial Elements and Business Process Prioritization Memo - Sample
This is an example memo used to define the process of prioritizing financial statement elements and related business processes for Sarbanes-Oxley Section 404 purposes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
Internal Audit Standards Crossword Puzzle
This crossword puzzle is a fun tool internal audit organizations can use as an activity during group meetings. The puzzle focuses on activities and skills key to the internal audit function. Many of the questions are derived from the IIA’s International Standards for the Professional Practice of Internal Auditing. The questions and answers for the puzzle are provided within this document.
Sarbanes-Oxley Compliance Request for Proposal – Sample
This is a sample request for proposal (RFP) for Sarbanes-Oxley compliance assistance working with a company’s internal audit department.
Internal Audit Plan – Sample 2
This sample document outlines the internal audit plan for specific projects that are planned to be delivered. Further details on the scope of these projects, interaction with the auditee and execution steps are provided in this planning document.
External Quality Assessment Review Request for Proposal - Sample
This is a sample request for proposal (RFP) for an external quality assessment review (QAR) of a company’s internal audit department.
Sarbanes-Oxley Testing Strategy Memo – Sample
This is a sample memo documenting a company’s testing strategy for Sarbanes-Oxley compliance. This memo focuses on the test strategy for business process controls including entity-level controls and validating this strategy with external auditors.
Sarbanes-Oxley Testing Strategy Memo – Sample
This is a sample memo documenting a company’s testing strategy for Sarbanes-Oxley compliance. This memo focuses on the test strategy for business process controls including entity-level controls and validating this strategy with external auditors.
Request for Proposal – Internal Audit Services and Sarbanes-Oxley Regulatory Compliance - Sample
This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to establish an internal audit function with an emphasis on compliance with the Sarbanes-Oxley Act.
SOX Section 404 Project Conclusion Memo – Sample
This sample memo documents a company’s annual Sarbanes-Oxley compliance process. It details steps followed and conclusions reached during the project including: the scoping, materiality and risk assessment process; testing; walkthroughs; evaluating deficiencies; and management’s conclusion on internal control over financial reporting.
Sarbanes-Oxley Auditor Walkthrough Prep Email - Sample
This is an example email you can use to notify SOX process owners that the external auditors will perform at least one walkthrough for each significant class of transactions. This communication explains what is involved in an audit walkthrough, preparatory actions to take, and tips and suggestions for the auditor’s assessment.
Business Process Benchmarking Tool – Sample
This template provides sample performance measures for the following business processes: accounts payable, accounts receivable, billing, close the books, commissions, finance and accounting, fixed assets, internal audit, inventory, payroll, purchasing, spare parts, supply chain, tax, and travel and entertainment.
Code of Business Conduct - Sample
This sample code of business conduct covers a wide range of business practices and procedures, including the Foreign Corrupt Practices Act. It sets out basic principles to guide all employees and officers of a company. The code of business conduct should be tailored to each company’s needs and governing rules.
SOX Year-End Update Testing Approach Memo - Sample
This example memo defines a process to update Sarbanes-Oxley testing of internal controls near or as of fiscal year-end. Such a process includes determining which controls to select for update testing as well as the type of testing to perform based on specific criteria.
Internal Audit Engagement Letter: Sample
This sample internal audit engagement letter informs the auditee of an upcoming audit. It details the audit objectives, audit timeline, audit team members, expected deliverables and audit team’s mission.
Sarbanes-Oxley Section 404: Compliance Plan – Sample
This sample document establishes a framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act.
Business Process Benchmarking Tool – Sample
This template provides sample performance measures for the following business processes: accounts payable, accounts receivable, billing, close the books, commissions, finance and accounting, fixed assets, internal audit, inventory, payroll, purchasing, spare parts, supply chain, tax, and travel and entertainment.
Sarbanes-Oxley Review Process Tracking Worksheet - Sample
This sample helps project teams track key information and dates associated with developing Sarbanes-Oxley process documentation and management review.
Request for Proposal – Systems Audit Work - Sample
This is an example of a relatively informal RFP for specialized systems audit outsourcing services to be coordinated by the Internal Audit Director.
General Ledger Account Reconciliation Matrix - Sample
The purpose of the matrix is to communicate assignments and responsibilities related to the account reconciliation process. It also helps to ensure these activities are completed on time and conducted properly and accurately in conjunction with the overall financial close process and internal control structure
Risk Assessment Map - Sample
This risk assessment sample helps to identify and document critical business processes. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analyses.
Finance and Accounting Integration Project Plan – Sample
The document serves as a sample project plan for integrating the finance and accounting processes for a company planning to go public. It addresses key issues such as: system integration, payroll processing, and billing and collections processes. It lists down the key actions that need to be taken by each department and milestones that they should set out to achieve.
Audit Committee Annual Planning Schedule - Sample
This sample schedule provides an annual planner for audit committee activities and demonstrates how to schedule and track audit committee activities throughout the year. Using an annual planner helps ensure that required topics and issues are discussed and not overlooked.
Candidate Evaluation Form - Sample
This evaluation form can be used by an interviewer or recruiter to rate a candidate for an internal audit position. The form suggests competencies and criteria that could be applied to someone seeking to obtain employment in the audit group.
Audit Report Tracker - Sample
This simple one-page tracking sheet allows you to follow the status of a particular internal audit report. It tracks the date the draft was distributed, the intended reviewer, and date of comments received.
Audit Status Worksheet - Sample
This document provides a template to track the progress of all completed and in-progress audit activity during a specified period.
Audit Planning Memo - Sample
This sample provides a template for documenting the overall audit approach. Topics addressed include: risk indicators, regulatory requirements, scope of audit work, internal control evaluation, and operation and functional structure.
Role-Based Access Control Report – Sample Template
Role-based access plays a big part in an identity management strategy. The implementation of an identity management system and the associated process redesign has many benefits for an organization if done right. This document provides a sample template to outline a role-based access approach.
COBIT Baseline Review Report – Sample Report
This sample report provides a template to assess the maturity of IT processes and controls using the COBIT framework.
IT Application Inventory Sample Template
This template provides a structured way to define an organization’s system landscape. Use this document to capture applications utilized in the company and assess whether they fall within scope for Sarbanes-Oxley compliance testing purposes.
Audit Plan Schedule - Sample Template
This template can be used by the audit team when planning and scheduling specific audits. The document allows users to organize audits by process and location while assigning hours to specific dates throughout the year.
Application Control Review Risk Control Matrix
This document is a sample application control review risk control matrix (RCM) that can be used while reviewing the existing application controls of an organization. It can also act as a basic checklist for organizations which have applied or plan to apply Enterprise Resource Planning (ERP) software.
Logistics Risk and Control Matrix - Sample
This document represents a sample risk control matrix (RCM) relevant to the logistics department of a corporation. It provides an overview of different risks organizations can face and the corresponding controls to safeguard the company against such risks. This RCM also addresses how a good Enterprise Resource Planning (ERP) system coupled with good management can prevent fraud.
Risk Corridor Risk and Control Matrix - Sample
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) established a system of "risk corridors" for prescription drug plans and Medicare Advantage drug plans. That system would to some extent limit the profits or losses those plans would incur if their costs of providing the basic Medicare drug benefit turned out to be lower or higher than estimated in their bid submission. This sample risk and control matrix (RCM) addresses the risk corridor process.
Month-End Close Template - Sample
The purpose of this month-end close document is to ensure that all responsible employees are fully aware of their assignments and their responsibilities are completed on time, properly and accurately in accordance with the company’s financial closing and reporting internal control structure. This document is organized by ERP cutoff tasks and activities broken down into pre-close, recurring entries, reconciliations, internal controls and analysis & reporting.
Control Testing Tracking Spreadsheet – Sample
This document serves as a template to use in tracking the testing of internal controls. The spreadsheet can be used to track control testing status and operating effectiveness and to create a testing timeline.
Internal Audit Plan - Sample
This document details an internal audit plan for a specific period and the related projects that are planned to be delivered to the organization. Further details on the scope of these projects are provided in relation to planned internal audit activities.
Intercompany Accounts Reconciliation Template - Sample
Performing regular account reconciliations contributes to strong internal controls. The purpose of this sample is to provide a template to document the reconciliation of the intercompany payable and receivable accounts.
Internal Audit Post Engagement Debrief Template - Sample
Use this template upon completion of an audit to have team members discuss the audit and to provide feedback on audit execution, lessons learned, best practices, and future audit considerations. Sections include names of audit team members, performance against budget, lessons learned, internal process improvement suggestions, and future audit considerations.
Internal Audit Feedback Survey Template - Sample
This survey is intended to be sent to relevant departments upon completion of work performed by internal audit. The questionnaire focuses on topics such as: communication, exit and closing meetings, technical proficiency, and level of value the audit provided to the business unit.
Competency Assessment for Accounting Function - Sample Template
The purpose of this sample template is to document the positions that currently make up a company’s accounting function during the competency assessment process. Information in this template includes: job title, job function and responsibilities, start date, relevant work history, education level, and professional organizations and accomplishments.
Audit Discussion Form Sample
This is a sample form used to communicate specific findings identified during an audit. This form focuses on the condition and/or significance of the finding, the standard by which the finding is compared, and the Management Action plan recommended to address the finding.
Acquisition Tracking Spreadsheet Template - Sample
This is a sample spreadsheet used to track acquisition details. Data tracked in this spreadsheet can accommodate several acquisitions and details that include important dates, information related to the First Binding Agreement, and analysis.
Process Interview Notes Template - Sample
This interview template can assist with capturing information related to a process being reviewed by internal audit. The specific information tracked in this document includes identifying key personnel, relevant IT applications, relevant risks, controls currently in place, and related control gaps.
Testing Status Template - Sample
This testing status sample template can assist in tracking the testing of controls, control attributes, and testing attributes such as control description, control method, and control frequency.
Goodwill / Indefinite Lives Impairment Analysis - Sample Template
This template was designed to assist companies in the periodic evaluation of potential impairment of Goodwill and Indefinite Lived Intangibles. Note that this is a tool to assist companies in the summarization of their impairment evaluations under U.S. GAAP, but is not intended to promote one valuation model/methodology over another.
Financial Close Process – Sample Schedule Improvement Action Plan
The purpose of this sample is to document the activities performed as part of the monthly financial close process and identify areas where task duration can be improved upon. As part of this effort, users are encouraged to document the responsible person for each financial close task, current task duration, and desired task duration.
Primary Controls Tracker - Sample
This document serves as a template to use in tracking the number of key internal controls identified in an organization. The information compiled in this template can be used to develop project status reports and plan for remediation efforts.
Internal Control Issues Log
This sample serves as a template to use when documenting internal control issues and associated remediation plans. It provides an outline of information to use in this tracking process including: process, nature of issue, observation, control description, and action plan.
Six Elements of Infrastructure - Sample Assessment Template
The Six Elements of Infrastructure Framework is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for process recommendations. This template may be used by a company when identifying, assessing, or designing processes using this framework. For each of the Six Elements of Infrastructure, this sample template provides areas to document innovative practices, current practices, and improvement opportunities.
Service Level Agreement Sample Template
This is a template to be used by a company when developing a service level agreement (SLA). This sample template provides areas to document the version history, audience, assumptions, and escalation actions.
SOX 404 Program Executive Scorecard Template - Sample
This document serves as a template to use when developing an executive report communicating the progress of the SOX 404 program. The template provides an outline of information to use in this reporting process.
Strategic Internal Audit Plan
This document is a template to be used by Internal Audit when developing an annual audit plan. This sample template provides areas to document the planning approach; major projects and associated timelines; and project sponsors.
SFAS 13 Lease Criteria Template
The purpose of this document is to provide a template to use when analyzing whether a lease should be classified as a capital or operating lease for financial reporting purposes. This template is based on the criteria outlined in SFAS 13. Note: This template contains formulas as outlined in the instructions.
Financial Due Diligence Report Template - Sample
The purpose of this document is to provide a financial analysis of a company being purchased by another company. This report template can be used during the process of performing financial due diligence on company being acquired.
COSO/COBIT Data Center Operations and Problem Management Control Objective Risk Matrix
This risk and control matrix focuses on high-level control objectives DS10 (Manage Problems and Incidents) and DS13 (Manage Operations) of the COBIT Delivery and Support domain.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
COSO/COBIT Application Change Control and QA Control Objective Risk Matrix
This Risk and Control Matrix focuses on high-level control objectives AI2, AI5, and AI6 of the COBIT Acquire and Implement domain, PO10 and PO11 of the Plan and Organize domain, and DS11 of the Deliver and Support domain.
Internal Audit Planning Memorandum – Sample Template
This internal audit planning memorandum documents the audit approach and administrative details for each audit. This memorandum should be completed as part of the initial audit planning process and is meant to enhance audit efficiency.
COSO/COBIT Security Administration Control Objective Risk Matrix
The COBIT Delivery and Support (DS) domain focuses on the delivery aspects of information technology. It covers areas such as the execution of the applications within the IT system and the results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. This risk and control matrix focuses on control objective DS5 - Ensure Systems Security.
Segregation of Duties Matrix
A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying segregation of duties is that no employee or group should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This worksheet has been designed to highlight conflicting duties performed by one individual or group of individuals. Audit teams are encouraged to use this form to help identify potentially commingled duties within accounting processes that may constitute a control weakness.
Business Continuity Management Report Template - Sample
Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Risk Assessment Survey Template - Sample
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee.
Exception Form - Evaluation of an Individual Process/Transaction-Level Control
The process to evaluate and classify an individual process/transaction-level control deficiency incorporates the evaluation of quantitative and qualitative factors. This sample form assists in documenting and analyzing exceptions identified during individual process/transaction-level control testing.
Enterprise Risk Management Presentation
While your business environment evolves, so do the risks you face. New vulnerabilities appear while old fears antiquate. Can you distinguish between the two? Identify, understand, mitigate. This is the ERM formula for a good nights sleep.
Payroll Process - SAS 70 Review Report Sample
The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report provides an example of how to communicate the findings of a Type II SAS 70 review when a company outsources the processing of its employee payroll checks. It assess how the results of the report impact the company’s SOX compliance process.
Risk Assessment Facilitated Session Results Matrix - Sample
This excel template can assist organizations in capturing results of a risk assessment facilitated session. It allows leaders of these sessions to document the final results, based on discussion or the use of voting technology, in an organized format. This sample also provides the opportunity to capture next steps and ownership related to the risk assessment results.
Risk Assessment Workshop Presentation - Sample
This presentation was created to help facilitate a risk assessment workshop. It explains to workshop participants the objectives and ground rules, how to identify key risks, and how to plot significance and likelihood on a risk map.
Enterprise Risk Management Project Plan- Sample
Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.
Self-Assessment on Internal Controls Report - Sample
An internal audit department led a self-assessment initiative to evaluate the effectiveness of the design of internal controls for their company’s operations and budget process. This report describes the approach, the results, and the recommendations that resulted from the initiative.
SOX Testing Documentation Template – Sample
This template provides a format to document SOX internal control testing procedures, results, and conclusions. It allows the user to detail the control being tested, testing procedures, test results to answer test procedures, and management’s response.
Property Management System Control Requirements Matrix - Sample
This matrix provides sample application controls to consider within a property-management accounting system. This document guides the user in assessing the priority and vendor capability of each control. The control assessment is then summarized to develop an action plan.
Request for Proposal – Quality Assessment Review of Internal Audit Department - Sample
This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to conduct a quality assessment review of its internal audit department and coverage of its entities.
Request for Proposal – Quality Assessment Review: Financial Institution - Sample
This is sample request for proposal (RFP) from a financial institution seeking a service provider to conduct an evaluation of its internal audit approach and coverage of its regulated subsidiaries.
Control Monitoring Quality Assessment Memo - Sample
This is an example of an internal audit quarterly assessment of ongoing controls monitoring processes. This review encompassed processes in place during the quarter and remediation actions taken on identified control deficiencies. This memo provides an overview of the work performed and corresponding audit findings.
SOX 404 Process Prioritization Report
SOX Section 404 requires companies to evaluate the internal controls over financial reporting. This document outlines a process for management to use in determining the final process criticality, a primary factor in setting the scope of the controls assessment. This process includes prioritizing financial reporting elements, defining processes, linking processes to financial elements, and prioritizing processes.
Request for Proposal – External Quality Assessment Review - Sample
This sample request for proposal (RFP) document focuses on finding a service provider to perform an external quality assessment review of an internal audit department. It details the process and timeline for responding to the RFP. In addition, it documents proposal requirements and the acceptance or rejection process.
Sarbanes-Oxley Act Project Approach for IS Processes - Sample Memo
This is a sample memo from the CFO explaining management’s approach to Sarbanes-Oxley compliance project for IS processes. The memo outlines the IS processes in scope, the SOX process documentation, the testing approach and sample sizes used, and the sign-off process.
SOX Control Deficiency Assessment Form - Sample
This form assists in evaluating SOX control deficiencies and documenting management responses. Users can also assess the severity of deficiencies noted during the documentation and testing process. The evaluation criteria includes: evidential deficiencies, potential impact to financial statements, safeguarding of assets and antifraud controls, likelihood that an error could occur, compensating controls, and multiple similar control deficiencies.
SOX – Section 404 – Documentation of Tax Compliance Process Report - Sample
This is an example of how a Sarbanes-Oxley (SOX) team can report their findings related to the tax compliance process. This document reviews the business processes related to the tax compliance process, identifies manual and system-based controls, and documents issues and weaknesses.
Contract/Project Approval Sheet - Sample
This approval sheet documents a company’s contract/project approval process. It includes steps to be completed during this process to ensure proper management review and approval.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
Entity-Level Fraud Risk Assessment Process - Sample
Section 404 of SOX requires that each company have a documented, on-going process to identify, assess and evaluate fraud risks related to internal control over financial reporting. This example provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risk that pertain to internal control over financial reporting.
Internal Audit Standards Crossword Puzzle - Sample
This crossword puzzle is a fun tool internal audit organizations can use as an activity during group meetings. The puzzle focuses on activities and skills key to the internal audit function. Many of the questions are derived from the IIA’s International Standards for the Professional Practice of Internal Auditing. The questions and answers for the puzzle are provided within this document.
Process Level Documentation Requirements Memo – Sample
This is an example of a memo used by a public company to describe the documentation they prepared for each process determined applicable to their Section 404 compliance efforts. The three levels of documentation described correlate to the priority rating of the financial statement elements and associated processes. Also included are descriptions of standard documentation types (process narrative, process flow, and risk control matrix).
Financial Elements and Business Process Prioritization Memo - Sample
This is an example memo used to define the process a company used to explain the models they employed to prioritize the financial elements and processes for Section 404 purposes. This memo describes using the Process Classification Framework and the ranking criteria applied to financial statement elements and associated processes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
Year Two SOX Testing Strategy Memo - Sample
This is a sample concluding memo documenting a company’s testing strategy for Year Two SOX compliance. This memo focuses on the test strategy for manual and automated (application) business process controls including entity-level controls. This includes sample size guidance and validating the testing strategy with external auditors.
SOX 404 – Project Conclusion Memo - Sample
This is a sample concluding memo documenting a company’s annual Sarbanes-Oxley compliance process. It details steps followed and conclusions reached during the project. This includes items such as the scoping, materiality, and risk assessment process; testing; walkthroughs; and evaluating deficiencies. This memo also documents management’s conclusion on internal control over financial reporting.
SOX Auditor Walkthrough Prep Email - Sample
This is an example of an email you can use to notify SOX process owners about the requirement for external auditors to perform at least one walkthrough for each significant class of transactions. This communication explains what is involved in an audit walkthrough, preparatory actions to take, and tips and suggestions for the auditor’s assessment.
SAS 70 Review – Report on Assessment of Controls - Sample
Type II SAS 70 reports are an integral part of assessing a company’s internal controls over financial reporting if a company uses an outsource provider. The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report can help an organization communicate the findings of a Type II SAS 70 review and assess how the results of the report impact the company’s internal controls over financial reporting.
Spreadsheet Controls Procedures and Checklists for Sarbanes-Oxley Compliance - Sample
Lack of controls over spreadsheets can present a risk to the accuracy of financial statement information and may be identified as a deficiency under Sarbanes-Oxley Section 404. This document contains an example of spreadsheet control procedures. The procedures outline the access and change control steps that could be applied for financial spreadsheets. Also included is a checklist that tracks the spreadsheet control procedures and can be used in SOX spreadsheet testing.
Spreadsheet Controls: Process Owner Email Communication - Sample
This is an example of an email you can use to notify spreadsheet owners about the requirement to document controls over spreadsheets that are relied upon for financial reporting. The communication explains why these controls are needed and introduces the Spreadsheet Controls Procedures and Checklist to those individuals responsible for spreadsheet or journal entry preparation.
Code of Business Conduct - Sample
This sample code of business conduct covers a wide range of business practices and procedures. It sets out basic principles to guide all employees and officers of a company. The code of business conduct must be tailored to each company’s needs and governing rules.
SOX Year-End Update Testing Approach Memo - Sample
This is an example memo used to define the process a company can use to update Sarbanes-Oxley testing of controls near or as-of its fiscal year-end. This process includes determining which controls will be selected for update testing as well as the type of update testing that will be performed, based on specific criteria. The memo also describes testing strategies a company can take to complete this process.
Sarbanes-Oxley Review Process Tracking Worksheet - Sample
This worksheet was created to help an internal audit group track key information and dates associated with Sarbanes-Oxley process documentation and management review. The spreadsheet updates the total number of processes that are at various stages of review.
Request for Proposal – Systems Audit Work - Sample
This is an example of a relatively informal RFP for specialized systems audit outsourcing services to be coordinated by the Internal Audit Director over a 3-year contract.
Sarbanes-Oxley Section 404: Compliance Plan for 2004 - Sample
This sample document establishes the framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act.
>> Sign up now for a 30-day free trial or an annual subscription.
Find out more about our subscription prices and group discounts.
If you have any questions please contact us.