The Center for Audit Quality (CAQ) issued a report highlighting lessons learned from section 404 audits of internal control over financial reporting. The nonauthoritative report, designed to help audit firms that have not yet conducted an integrated audit, as well as more experienced firms, identifies 21 practical tips for auditors.
The report, CAQ Lessons Learned—Performing an Audit of Internal Control in an Integrated Audit, includes suggestions about identifying material risks to reliable financial reporting and the controls necessary to sufficiently address those risks. The report is based on feedback from a CAQ task force of auditors with extensive experience with integrated audits.
Section 404 of the Sarbanes-Oxley Act requires public company management and auditors to evaluate and assess the effectiveness of the internal controls that contribute to public company financial reports.
“Not all firms handle all audit matters in the same way—nor should they—and task force discussions reflected this diversity in practice,” CAQ Executive Director Cindy Fornelli said in a press release.
The 46-page report is available here.