Many professional books are filled with broad generalizations but offer few resources that would help with the actual problems in your specific situation: “Work with teams!” “Encourage a long-term perspective!” “Promote green initiatives!” So many writers encourage us to do good things but fail to be specific about how to do them. Graham, a true expert in his field, has written this book with the understanding that you need real help the first time you design and implement an internal control system.
If you don’t know what the COSO framework is, then this book isn’t for you. Graham assumes that the reader has a working knowledge of internal control, what it is, and why it’s important. He helps to get you from the planning stage through implementation of a COSO system that fully complies with the requirements of the Securities & Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). While undoubtedly the book would help external auditors test a client’s systems, it is aimed primarily at company management who actually do the work.
For example, Graham devotes a whole chapter to developing questionnaires and conducting interviews. It addresses specific details related to issues such as how to evaluate whether your employees are familiar with your firm’s ethical code of conduct or if employees do business in compliance with the code of conduct. You could struggle to determine these things yourself, or you could simply turn to this chapter in Graham’s book and find supportable answers.
But the strength of the book is also its weakness. This isn’t light reading. It will help get you to COSO compliance, but only if you put in the time to absorb the suggestions.