Stop building from scratch. Download the industry-standard template used by hundreds of audit professionals to map risks, controls, and assertions.
*Instant direct download. No credit card required.
Everything you need to document your internal controls environment.
Professionally formatted structure with frozen panes, filters, and conditional formatting for "High Risk" items.
Drop-downs for financial assertions: Completeness, Accuracy, Existence, Valuation, and Rights & Obligations.
Dedicated sections for Test of Design (ToD) and Test of Operating Effectiveness (ToE) documentation.
Columns to track control deficiencies, remediation plans, and owners for missing controls.
An RCM is a document used by auditors to map a company's financial risks to the internal controls designed to mitigate them. It serves as the foundation for SOX compliance testing.
Your RCM should be a living document. Best practice is to review it quarterly, or whenever there are significant changes to your business processes, systems, or personnel.
Yes, the template includes columns for mapping controls to the 17 COSO 2013 principles, which is a requirement for most external auditors.