Assignment Brief (Comprehensive)
ASSIGNMENT TITLE: Internal Control & Audit Readiness Case (COSO/SOX Focus)
Course Alignment: Advanced Auditing (ACC 499)
Estimated Effort: 12–15 hours
Scenario
You are engaged to perform a pre-audit readiness review for a mid-sized issuer. The Board
is concerned about control design, documentation, and SOX Section 404 readiness.
Learning Outcomes
• Map processes to risks and controls using the COSO framework.
• Design and evaluate key controls; distinguish design vs. operating effectiveness.
• Develop a remediation plan with timelines and ownership.
Deliverables
A. Process Narrative & Flowchart (Revenue-to-Cash or Procure-to-Pay).
B. Risk & Control Matrix (RCM): objectives, risks, key/secondary controls, frequency, owner,
evidence.
C. Testing Strategy: sample sizes, attributes, population definition, exception criteria.
D. Gap Assessment & Remediation Plan: severity (material weakness/significant
deficiency/deficiency), actions, owners.
E. Executive Brief (750–1,000 words): top 5 risks, control maturity rating, quick wins.
Detailed Task Requirements
1) Process Documentation
• Draft a narrative and a swimlane or flowchart including systems, users, and control points.
2) Risk Assessment
• Identify assertions (e.g., occurrence, completeness, cutoff). Link to risks.
3) Control Design Evaluation
• Specify preventive/detective, manual/automated, frequency, segregation of duties, and
evidence.
4) Testing Plan (design vs. operation)
ASSIGNMENT TITLE: Internal Control & Audit Readiness Case (COSO/SOX Focus)
Course Alignment: Advanced Auditing (ACC 499)
Estimated Effort: 12–15 hours
Scenario
You are engaged to perform a pre-audit readiness review for a mid-sized issuer. The Board
is concerned about control design, documentation, and SOX Section 404 readiness.
Learning Outcomes
• Map processes to risks and controls using the COSO framework.
• Design and evaluate key controls; distinguish design vs. operating effectiveness.
• Develop a remediation plan with timelines and ownership.
Deliverables
A. Process Narrative & Flowchart (Revenue-to-Cash or Procure-to-Pay).
B. Risk & Control Matrix (RCM): objectives, risks, key/secondary controls, frequency, owner,
evidence.
C. Testing Strategy: sample sizes, attributes, population definition, exception criteria.
D. Gap Assessment & Remediation Plan: severity (material weakness/significant
deficiency/deficiency), actions, owners.
E. Executive Brief (750–1,000 words): top 5 risks, control maturity rating, quick wins.
Detailed Task Requirements
1) Process Documentation
• Draft a narrative and a swimlane or flowchart including systems, users, and control points.
2) Risk Assessment
• Identify assertions (e.g., occurrence, completeness, cutoff). Link to risks.
3) Control Design Evaluation
• Specify preventive/detective, manual/automated, frequency, segregation of duties, and
evidence.
4) Testing Plan (design vs. operation)
