finance-controls-auditlisted

# Finance Controls Audit ## Purpose Test a SOX 404 control over financial reporting (ICFR) or design a controls walkthrough. The deliverable is a workpaper that documents control description, design effectiveness, operating effectiveness sample testing, exception evaluation, deficiency classification, and remediation plan — to PCAOB AS 2201 standards. ## Scope Constraints - Produces the control test workpaper and remediation plan; does not assemble the broader evidence package (handoff to future finance-evidence-package). - Covers ICFR and ITGC controls (PCAOB AS 2201, COSO 2013); does not cover SOC 1 / SOC 2 service-organization audits as primary scope, though SOC reports may be used as evidence under AU-C 402 / AS 2601. - Does not opine on the underlying account balance — that is the domain of substantive testing or finance-reconciliation. ## Inputs - Control identifier and description (from the firm's Risk-Control Matrix) - Risk addressed and the assertion(s) covered (existence, completeness, valuation, etc.) - COSO component classification (control environment, risk assessment, control activities, information & communication, monitoring) - Control frequency (per-transaction, daily, weekly, monthly, quarterly, annual) - Population size and population identifier (system, report, run timestamp) - Prior-year test results and any deficiencies / remediation status - Sampling policy (per firm methodology — typically aligned to AICPA AAG-SAM) - Materiality / significance th