Professional Documents
Culture Documents
The Sarbanes-Oxley Section 404 Implementation Toolkit
The Sarbanes-Oxley Section 404 Implementation Toolkit
DOC-1B
Assessment of Internal
Control Effectiveness:
Checklist for the Review
of the Documentation of
Entity-Level Controls
PURPOSE
INSTRUCTIONS
This form contains a series of worksheets that should be prepared for each entity-level
group of controls selected for review. These worksheets correspond to the entity-level con-
trols that are required to be included in the company’s assessment of internal control, as
indicated on form ADM-2. All control deficiencies identified during your review should be
carried forward to your summary of control deficiencies (e.g., form ADM-3).
Each worksheet provides a listing of the key elements that should be described by the
relevant document. As you read each document, determine whether it contains the
required element and mark the corresponding checkbox.
66
DOC-1B 67
CONTROL ENVIRONMENT
Documentation Content
Does the documentation include the following
policies and procedures with sufficient clarity and
detail so that they can be understood by all those
who are affected by them?
Communication
We reviewed the ways in which the company communicates its control environment–
related policies throughout the organization. Our findings and conclusions are as follows.
DOC-1B 69
RISK ASSESSMENT
Documentation Content
Communication
We reviewed the ways in which the company communicates its risk assessment policies and
procedures to affected individuals and groups. Our findings and conclusions are as follows.
70 Documentation of Internal Control Design
MONITORING
Documentation Content
Communication
We reviewed the ways in which the company communicates its internal control monitoring
policies and procedures to affected individuals and groups. Our findings and conclusions
are as follows.
DOC-1B 71
Documentation Content
Communication
We reviewed the ways in which the company communicates its period-end financial report-
ing policies and procedures to affected individuals and groups. Our findings and conclu-
sions are as follows.
Documentation Content
Communication
We reviewed the ways in which the company communicates its policies and procedures for
the selection and application of significant accounting policies to affected individuals and
groups. Our findings and conclusions are as follows.
74 Documentation of Internal Control Design
IT GENERAL CONTROLS
Documentation Content
Monitoring
Communication
We reviewed the ways in which the company communicates its IT general control policies
and procedures to affected individuals and groups. Our findings and conclusions are as
follows.
DOC-1B 79
NONROUTINE TRANSACTIONS
Documentation Content
Communication
We reviewed the ways in which the company communicates its policies and procedures
related to nonroutine transactions to affected individuals and groups. Our findings and
conclusions are as follows.