Chapter 3. Project Scoping

CHAPTER SUMMARY

Provide guidance on applying the risk-based, top-down approach to determine which controls should be included within the scope of management's evaluation of internal control.

Provide additional guidance on entity-level controls and related control objectives that typically are included within the project scope, including:

Corporate culture

Personnel policies

Information technology general controls

Risk identification

Monitoring

Provide guidance on identifying significant activity-level controls and control objectives

Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.