At Your Own Risk
How the Risk-Conscious Culture
Meets the Challenge of Business Change
By Gary S. Lynch
Effective December 2007 the Securities and
Exchange Commission required all publicly traded companies to attest to
the effectiveness of their internal controls in accordance with the
Sarbanes-Oxley Act. Non-accelerated filers will soon have to comply with
this requirement. Small companies have unique issues surrounding
internal control. Internal Control Strategies A Mid to Small Business
Guide is a clearly written practical book that lays out strategies
for creating strong internal programs to meet the needs of these smaller
companies. The book starts with an overview of the SEC's guidance, the
Public Company Accounting Oversight Board and guidance on a risk-based
approach. The coverage of using entity level control to create
efficiencies includes an excellent methodology for creating; a
risk assessment process step by step and an effective information and
communications program. Scoping and planning are important and the
author devotes a chapter with tips for resource planning and developing
timelines. The chapters on documentation, testing techniques and
remediation cover areas that auditors will appreciate. Internal auditors
can demonstrate to other interested readers such as controllers and
business managers how they can utilize the strategies provided in this
book to implement an effective control environment with their
organizations. If you work for a small or medium size organization
this book should be on your reading list as it addresses the subject in
a clear, concise and well-organized manner.
JMK 11/08
