The Committee of Sponsoring Organizations, COSO, provides some examples of implementation
of good internal control. The link, login, and password for COSO is given below.
http://aaahq.org/COSO/Content (Links to an external site.)
The example that this problem comes from is in this:
Principle 2. The board of directors demonstrates independence from management and
exercises oversight for the development and performance of internal control.
Example: Interacting with Auditors
Sara Greenburg is the chair of the audit committee of Seaworthy Solutions, a marine construction services
provider. In accordance with the audit committee charter, she arranges for the committee to meet quarterly
with the external auditor to discuss a wide range of issues such as audit scope, testing plans, internal
control over external financial reporting, quality of financial reporting, and audit findings and
recommendations. She is responsible for coordinating the audit committee's evaluation of the external
1. Look at the COSO example for
Control Environment/Principle 2/ Example: Interacting with Auditors.
What considerations does Sara Greenburg base her evaluation on?
2. For this internal control issue, describe the objective, type or component or control, and entity level
(1) Objective: operations, reporting, or compliance
(2) Type or component of control: control environment, risk assessment, control activity, information
and communication, and/or monitoring. Also state whether it is prevention or detection of a problem.
(3) Entity level: entity, division, operating unit, or function
3. To push the issue to an extreme that I hope you and I never need to deal with, here is an enforcement
release from the SEC. https://www.sec.gov/litigation/litreleases/2019/lr24678.htm
The SEC also alleges that [some executives] misled MiMedx's outside auditors, members of MiMedx's
Audit Committee, and outside lawyers who inquired about these transactions.
How does Sara protect her reputation and document her professionalism?