For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

CPE for Government Auditors

The Most Important Change to the Yellow Book is the Green Book

I’ve had a few months to digest the changes to the 2018 Yellow Book (Government Auditing Standards),and I’ve taught a few seminars and webinars about the changes.  Most of the changes do not shock my audiences. But I am noticing that quite a few auditors are not familiar with the Green Book which was published by the GAO in 2014.  This is not good because the Green Book is by far the biggest change to the Yellow Book.

The Green Book is the GAO’s version of the COSO model, and its formal title is “Standards for Internal Control in the Federal Government.”

Here are some quotes from one of the performance audit chapters in the 2018 Yellow Book that give performance auditors pause. (Financial auditors please read the section below titled ‘Financial auditors should be pleased.’) I added bolding to draw your eye to some new terms that I’d like you to notice.

8.41 Consideration of internal control in a performance audit begins with determining the significance of internal control to the audit objectives and documenting that determination. Some factors that may be considered when determining the significance of internal control to the audit objectives include

a.the subject matter under audit, such as the program or program component under audit, including the audited entity’s objectives for the program and associated inherent risks;

b.the nature of findings and conclusions expected to be reported, based on the needs and interests of audit report users;

c. the three categories ofentity objectives (operations, reporting, and compliance); and

d. the five components of internal control (control environment, risk assessment, control activities, information and communication, and monitoring) and the integration of the components.

8.42 If internal control is significant to the audit objectives, auditors determine which of the five components of internal control and underlying principles are significant to the audit objectives, as all components of internal control are generally relevant, but not all components may be significant to the audit objectives. This determination can also identify whether specific controls are significant to the audit objectives. Determining which internal control components and principles and/or specific controls are significant to the audit objectives is a matter of professional judgment.

8.47 Approaches for obtaining an understanding of internal control may vary and may include consideration of entity-level controls, transaction- level controls, or both. However, even when assessing only transaction- level controls, it may be beneficial to gain an understanding of entity-level controls that may affect transaction-level controls by obtaining a broad understanding of the five components of internal control at the entity level. This involves considering the relationships between the components, which work together in an integrated manner in an effective internal control system, and the principles of internal control that support each component. In addition to obtaining a broad understanding of internal control at the entity level, auditors may also obtain an understanding of internal control at the transaction level for the specific programs and processes under audit.

Here is an infographic from the Green Book that explains the highlighted terms:

The terms “three categories of entity objectives” appear at the top of the cube and the terms “five components of internal control” appear on the face of the cube. The seventeen “principles of internal control that support each component” are presented in a stack on the bottom left side of the infographic.

Nice infographic, now what?

Yes, the cube is cute and the stack is pretty… but so what?  What does all this new language mean to performance auditors, practically?  What the cube and the stack are illustrating is the most up-to-date structure for approaching internal controls.  This means that performance auditors are going to have to change the way they document internal controls. The GAO is working on a tool right now to help you with this task, but it won’t be published until the spring of 2019.

So if you want to implement these changes in your internal control documentation now, you will need to create something yourself. Here are a few tools developed by forward thinking audit shops that might get your creative juices flowing:

The Florida Department of Economic Opportunity:


To save time…

As you can tell, this is going to be a lot of work!  But before you start looking for another job, there is something you can do to minimize the documentation.  You can refine your objective early in the audit process!  The Yellow Book says auditors are only responsible for documenting internal controls that are relevant to the audit objective. Thank you, GAO!  So, the more specific you are about your audit objectives, the less controls you will end up having to document!   If you dig into controls AFTER you have performed your inherent risk assessment and refined your audit objectives, you will conserve precious audit resources and, maybe, be able to tolerate your job for another year or two.

If you want to know more about the Green Book and how to narrow your audit objectives, please check out these resources:

Newsletter explaining the Green Book:

A webinar or book on internal controls:

A newsletter explaining how to narrow objectives:

Or an on-demand video on audit objectives:

Financial auditors should be pleased

Financial auditors should be celebrating a rare moment when not much in the Yellow Book is  new to them. Right now, the AICPA is driving the changes to the GAO standards, and financial auditors have been adjusting to the AICPA standards as they come out.

But performance auditors are not going to be able to join in on the celebration because the changes to the Yellow Book are new to them. Although, technically, performance auditors do not have to follow AICPA standards, performance auditors indirectly get dragged into the changes prompted by the AICPA anyway because the GAO seeks to keep the Yellow Book consistent throughout.  So when the GAO plays along with the AICPA in the financial audit standards, they also have to play along with the AICPA in the performance audit standards.

Next time

In my next newsletter, I will discuss how internal control weaknesses can serve as the cause of a well-built finding.

Thanks for everything you do to keep the government running!

Is that your job? More on Control Environment

13 The next day, Moses took his seat to hear the people’s disputes against each other. They waited before him from morning till evening.

14 When Moses’ father-in-law saw all that Moses was doing for the people, he asked, “What are you really accomplishing here? Why are you trying to do all this alone while everyone stands around you from morning till evening?”

15 Moses replied, “Because the people come to me to get a ruling from God. 16 When a dispute arises, they come to me, and I am the one who settles the case between the quarreling parties. I inform the people of God’s decrees and give them his instructions.”

17 “This is not good!” Moses’ father-in-law exclaimed. 18 “You’re going to wear yourself out—and the people, too. This job is too heavy a burden for you to handle all by yourself. 19 Now listen to me, and let me give you a word of advice, and may God be with you. You should continue to be the people’s representative before God, bringing their disputes to him.20 Teach them God’s decrees, and give them his instructions. Show them how to conduct their lives. 21 But select from all the people some capable, honest men who fear God and hate bribes. Appoint them as leaders over groups of one thousand, one hundred, fifty, and ten. 22 They should always be available to solve the people’s common disputes, but have them bring the major cases to you. Let the leaders decide the smaller matters themselves. They will help you carry the load, making the task easier for you. 23 If you follow this advice, and if God commands you to do so, then you will be able to endure the pressures, and all these people will go home in peace.”

24 Moses listened to his father-in-law’s advice and followed his suggestions. 25 He chose capable men from all over Israel and appointed them as leaders over the people. He put them in charge of groups of one thousand, one hundred, fifty, and ten. 26 These men were always available to solve the people’s common disputes. They brought the major cases to Moses, but they took care of the smaller matters themselves.  

In this chapter, we will cover the remaining three principles included in the control environment component of the COSO model:  Principle 3 – structure, responsibility and authority, Principle 4 -competence and Principle 5 – accountability.

Not even Moses, God’s chosen leader, could get it done all on his own.  Taking care of everything for everyone will absolutely wear a person out.

I watched a TV biography on Jim Henson, the creator of the Muppets.   He tried to be involved in every aspect of his business – Sesame Street, an HBO series, the next Muppet movie- even as his team grew to 300 people.  He didn’t take care of himself, contracted a very common illness, and refused to slow down long enough to go to the doctor.  By the time he got to the hospital, it was too late and he died at age 53!

No, most of us don’t work under that kind of pressure, but I have made myself sick trying to do it all several times.  I have learned to delegate and to give those to whom I delegate the authority to act without checking in with me.  My late-found ability to let go allows me to spend time doing what I do best and allows me some space to rest and think.

From the Green Book’s perspective, the reason we have controls is to make sure the entity achieves its objectives.  If an entity unwisely lays too much responsible on one individual, and isn’t intentional about organizing itself and dividing and delegating the work, the Green Book points out that the entity simply won’t get where it wants to be.

3.01 Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity’s objectives. 

3.06 To achieve the entity’s objectives, management assigns responsibility and delegates authority to key roles throughout the entity….

3.07 Management considers the overall responsibilities assigned to each unit, determines what key roles are needed to fulfill the assigned responsibilities, and establishes the key roles. Those in key roles can further assign responsibility for internal control to roles below them in the organizational structure, but retain ownership for fulfilling the overall responsibilities assigned to the unit. 

That isn’t my job!

One of the deadliest things that someone in customer service can utter is, “That isn’t my job.”  What this person and organization have failed to realize is that I, as a customer, do not give a flying rat’s patootie whose job it is, I just want my product or service with as little hassle as possible.

I recently used my frequent flyer miles on American Airlines to buy tickets on British Airways.  Big mistake.  After two hours of work booking the tickets, I found out that I had no seat assignments.  The next day, I spent another two hours getting seat assignments.  When I would ask American Airlines for help, they would pass me off to British Airways.  When I asked British Airways for help – you guessed it – they passed me off to American Airlines.

After several internet searches, a few password wrestling matches, multiple phone calls and hours of being on hold, I finally found a sympathetic ear.  Everyone else I encountered wanted to pass the responsibility on to someone else or gave me incomplete or erroneous information, but this angel stayed with me until I got the information I needed.

Who are the angels?

After figuring out what needs to be done, you have to put competent people in place to get it done.   Usually, an organization has to invest in its people to enable them to be good at their job.  My angel at American Airlines obviously had years of experience in customer care and knew exactly how to help me cut through all of the red tape and get my seat assignments.  I hope American is investing more in her.

The Green Book is clear that management is responsible for investing in its people and should not expect employees to be ready to work on their first day on the job!

4.01 Management should demonstrate a commitment to recruit, develop, and retain competent individuals. 

4.05 Management recruits, develops, and retains competent personnel to achieve the entity’s objectives. Management considers the following: 

  • Recruit - Conduct procedures to determine whether a particular candidate fits the organizational needs and has the competence for the proposed role. 
  • Train - Enable individuals to develop competencies appropriate for key roles, reinforce standards of conduct, and tailor training based on the needs of the role. 
  • Mentor - Provide guidance on the individual’s performance based on standards of conduct and expectations of competence, align the individual’s skills and expertise with the entity’s objectives, and help personnel adapt to an evolving environment. 
  • Retain - Provide incentives to motivate and reinforce expected levels of performance and desired conduct, including training and credentialing as appropriate. 

I’d love to hold customer service accountable

At the beginning of each call to the airlines, I heard “This call is recorded and may be used for training purposes.”  What I’d love the message to say instead is, “This call is being monitored by someone who will hold these customer care representatives accountable if they send you to the wrong place or give you wrong or incomplete information.”  Wouldn’t it be nice if, at the end of each interaction with a customer care rep, you could evaluate whether they helped you or frustrated you?  Is it just me, or have you noticed that the customer care reps only connect you with the evaluation when they know you are happy?

So how do you hold people accountable?  

When I teach budgeting courses, I discuss how budgets are the translation of an organization’s plan into numbers.  I emphasize that unless an organization identifies when managers are off plan and holds them accountable, a budget just becomes a silly, wasteful, paper-pushing exercise.

Through real life stories told by the participants in my classes and my own work experience, I’ve compiled a list of options organizations can use to hold folks accountable.  Here is a list of some of the options from least stringent to most stringent:

  • Send out a variance report to all managers
  • Require managers to explain variances to the accountant
  • Require managers to explain variances in writing
  • Require managers to explain variances during a staff meeting
  • Require managers to explain variances during a meeting with executives
  • Evaluate budget performance in the manager’s annual performance evaluation
  • Reprimand managers who do not stay on track with the budget
  • Withhold bonuses from managers who stray from the budget
  • Fire managers who dismiss and ignore the budget

Did you think the last one was too extreme?  A mature CFO shared with the class that every time he pushed forward a new initiative on behalf of the executive team, he made sure the executives gave him the ability to fire anyone who did not play along.  He told a story about the executive team wanting to hold managers to a tighter and very unpopular budget.  When one division director rebelled and would not follow the budget, the CFO fired him.  After that, he had no problem keeping the other managers in line.

Here is what the Green Book says about holding people accountable:

5.03 Management holds entity personnel accountable for performing their assigned internal control responsibilities. The oversight body, in turn, holds management accountable as well as the organization as a whole for its internal control responsibilities. 

The flip side of stringency

But the Green Book also acknowledges the negative, flip side of holding folks accountable.  Whatever gets measured gets done – which is a good thing… sort of.  But on the flip side, employees will occasionally do silly and wasteful things to meet expectations.

For example, I audited a manufacturer of computer components in the late 80’s.   At the end of the year, the manufacturing managers received a bonus if their inventory was minimal.  So, on December 30, the managers filled two semi trucks full of inventory and sent the trucks off to an unwitting customer in California.

The shipment was rejected by the customer on January 2 because they hadn’t ordered the components.  The trucks arrived back in Texas, full of inventory, on January 4.

The managers received their bonuses and the year-end records looked good – so on one hand, the manager’s mission was accomplished. But on the other hand, the records were misleading, the customer in California was annoyed, and the manufacturer wasted thousands on the bogus shipment.

From the Green Book:

5.04 If management establishes incentives, management recognizes that such actions can yield unintended consequences and evaluates incentives so that they align with the entity’s standards of conduct. 

5.07 Management adjusts excessive pressures on personnel in the entity. Pressure can appear in an entity because of goals established by management to meet objectives or cyclical demands of various processes performed by the entity, such as year-end financial statement preparation. Excessive pressure can result in personnel “cutting corners” to meet the established goals. 

The Control Environment Component is full of wisdom

The definition of wisdom is: the quality of having experience, knowledge, and good judgment. It is apparent that the creators of the COSO model and the Green Book have been around the block a few times and know the harm poor controls can do.

The control environment component of the COSO model tells us that what leaders do, matters; that oversight bodies have an important role to play in keeping controls strong; that everyone should know their job, be equipped to perform their job, and be held accountable for doing their jobs.

Here is a summary of the control environment component from the introduction to the chapter:

The control environment is the foundation for an internal control system. It provides the discipline and structure, which affect the overall quality of internal control. It influences how objectives are defined and how control activities are structured. The oversight body and management establish and maintain an environment throughout the entity that sets a positive attitude toward internal control. 

1. The oversight body and management should demonstrate a commitment to integrity and ethical values. 
2. The oversight body should oversee the entity’s internal control system. 
3. Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity’s objectives. 
4. Management should demonstrate a commitment to recruit, develop, and retain competent individuals. 
5. Management should evaluate performance and hold individuals accountable for their internal control responsibilities. 

Woven into these principles are warnings that our best intentions can go awry:

  • Under the first principle on tone at the top, we are warned that well-designed controls can break down when leaders act badly.
  • Under the second principle on oversight, we are warned that management might not want to fix obvious problems and therefore must be forced to act by an oversight body.
  • Under the fourth principle on competence, we are warned that our best people can leave us, and we’d better have a plan to keep the organization going without them.
  • Under the fifth principle on accountability, we are warned that holding people accountable can result in squirrely behavior that goes against the ultimate objectives of the entity.

What’s next?

In the next chapter, we will collect all of the controls we came up with for our case study, sort them out and then evaluate them for effectiveness and cost.

Chapter 12: Information and Communication

                        Might be a rock n’ roll addict, prancing on the stage

                        Might have money and drugs at your command, women in a cage

                        You may be a business man or some high degree thief

                        They may call you Doctor or they may call you Chief


                        But you’re gonna’ have to serve somebody, yes indeed

                        Your gonna’ have to serve somebody.

                        Well, it may be the devil, or it may be the Lord

                        But you’re gonna’ have to serve somebody.

Bob Dylan, Gotta’ Serve Somebody


My business is minuscule, but that doesn’t exempt me from having to formalize my information processes and comply with reporting requirements of oversight entities.

Every year, I send a detailed report of my CPE offerings to the National Association of State Boards of Accountancy (NASBA).  They want to know how many classes I offered, who taught them, where they were offered and for what group, the date of the classes, and the number of hours granted.

The first year I prepared the report, I suffered.  I had to dig up physical files from earlier in the year and reconstruct all of the data, so I could input it into the report.  Slog!  It took days to put it together, and when I was finished, NASBA sent it back to me because it wasn’t formatted correctly.  Really?  More time, more suffering.

The State of Texas Board of Accountancy requires similar information, but their report has to be handwritten!  Hand… friggin… written… with an ink pen.  That takes a while to complete…

I realized after that first fiasco that I needed to go paperless and track the information I needed throughout the year rather than wait to gather the data at the last minute.  My assistant Chelsea and I have a checklist of all of the documents we must collect after each class, and we maintain a running spreadsheet of the data I am required to report.  All of the information is kept in a Dropbox file that she and I share and update each time I teach.  No more messy paper files.

This year, I only spent a few hours creating both reports!  And on top of that fabulous achievement, I also feel more confident in the information I am reporting because Chelsea and I double-check each other throughout the process.

I also have to report my income to the IRS every year.  When I first started my business, I reasoned that I could keep the books myself because I am a CPA. The only problem is, I do not enjoy bookkeeping.  I waited until the end of the year to force myself to sit down and input transactions into QuickBooks.

As you can imagine, I forgot the purpose of several payments that occurred early in the year and had to SWAG a description of the transactions.  SWAG stands for Sophisticated Wild Ass Guess.   After about five SWAGS, I decided I needed to stop the madness and hired a real bookkeeper, Carol, who keeps contemporary information on my business.  Carol sends me up-to-date financials every Monday, and when it is time to report to the IRS, all the transactions are there, ready to report.  No SWAGs necessary.

I have learned the hard way that thinking of the info you need to accumulate and share in advance is better than trying to gather it – and guess at it – months or even a year later.

The Green Book is Out to Save You from Suffering

The authors of the COSO model and Green Book must have gone through similar experiences.  So, they advise us to think ahead about the information that needs to be shared and to make sure the data shared is valid.

In the chapter on Information and Communication they ask us to apply three principles:

13. Management should use quality information to achieve the entity’s objectives.

14. Management should internally communicate the necessary quality information to achieve the entity’s objectives.

15. Management should externally communicate the necessary quality information to achieve the entity’s objectives.

Principle #13 – no SWAGs

Auditors are trained to never take anyone’s word on anything.  Auditors are trained to seek convincing evidence and not base any conclusions on testimony.  Because both of my above reports could be audited, I am prepared to back up all of my data with original documents!  For instance, the information I send to NASBA about the classes I offer is backed up with sign-in sheets from attendees.  And the transactions in my accounting records are backed up with receipts and bank statements.

The first principle under the Information and Communication component advises us to put controls in place to make sure all of the information in the reports is valid and backed up with evidence.  Three attributes apply to this principle:

13.01 Management should use quality information to achieve the entity’s objectives.


The following attributes contribute to the design, implementation, and operating effectiveness of this principle:

  • Identification of Information Requirements
  • Relevant Data from Reliable Sources
  • Data Processed into Quality Information

Attribute 1: Figure out who wants the information and what information they need

This attribute asks “Who cares about whether your work succeeds or whether your controls are functioning?”  Our case study objective, is Do controls prevent the coach from using his purchasing card for personal purchases as defined by Grace School District Policy #C7.459?   I imagine that the following folks will care if the coach is making personal purchases:

  • The director of the athletic department
  • The executive team of the school
  • The school board
  • The citizens of the school district

Once we have a sense of who we will be sharing information with, we need to find out what they want to know.  We can inquire of the stakeholders directly, or we can make some assumptions about what they need. Knowing what they want rather than guessing what they want is best because the frequency and accuracy of information costs time and money; it is a waste of resources to generate and report information they don’t need.

Section 13.03 says that the process of identifying what stakeholders need is an iterative process… in other words, you will have to redesign the content of your reports several times before you hit on content that is meaningful to the stakeholders.

Here is what the Green Book has to say about this attribute.

Identification of Information Requirements

13.02 Management designs a process that uses the entity’s objectives and related risks to identify the information requirements needed to achieve the objectives and address the risks. Information requirements consider the expectations of both internal and external users. Management defines the identified information requirements at the relevant level and requisite specificity for appropriate personnel.

13.03 Management identifies information requirements in an iterative and ongoing process that occurs throughout an effective internal control system. As change in the entity and its objectives and risks occurs, management changes information requirements as needed to meet these modified objectives and address these modified risks.

Attribute #2: Who you get the information from matters

It is always preferable to get your evidence – or the back-up for your reports – from objective third parties.  So, instead of asking the coach to describe his own transactions, source your information from the credit card statement.  The credit card company has no reason to disguise the purpose of purchases, but the coach does.  If any transaction looks iffy, you could ask for original receipts from the coach.

From the Green Book:

Relevant Data from Reliable Sources

13.04 Management obtains relevant data from reliable internal and external sources in a timely manner based on the identified information requirements. Relevant data have a logical connection with, or bearing upon, the identified information requirements. Reliable internal and external sources provide data that are reasonably free from error and bias and faithfully represent what they purport to represent. Management evaluates both internal and external sources of data for reliability. Sources of data can be operational, financial, or compliance related. Management obtains data on a timely basis so that they can be used for effective monitoring.

Attribute #3: Don’t let anyone doctor the report before it is published

The last attribute addresses how the evidence is processed.  The true financial results for Enron, which were created from reliable and relevant evidence by the Enron accounting department, didn’t look that attractive, so the Enron executives made a few fraudulent changes to the reports before they were published.  Obviously, we don’t want to allow bogus changes to our reports in order to make the results look more acceptable.

This is what the Green Book has to say about processing data.

Data Processed into Quality Information

13.05 Management processes the obtained data into quality information that supports the internal control system. This involves processing data into information and then evaluating the processed information so that it is quality information. Quality information meets the identified information requirements when relevant data from reliable sources are used. Quality information is appropriate, current, complete, accurate, accessible, and provided on a timely basis. Management considers these characteristics as well as the information processing objectives in evaluating processed information and makes revisions when necessary so that the information is quality information.  Management uses the quality information to make informed decisions and evaluate the entity’s performance in achieving key objectives and addressing risks.

13.06 Management processes relevant data from reliable sources into quality information within the entity’s information system. An information system is the people, processes, data, and technology that management organizes to obtain, communicate, or dispose of information.

Answering Who, What, When, Where & How

So, now that the Green Book has prompted you to answer the who and what questions –who you need to communicate with and what information they need –  principles 14 & 15 prompt us to answer the when, where, and how questions.

The content of principle  14 & 15 are very similar.  Principle 14 focuses on internal reporting and principle 15 focuses on external reporting.  Both ask that we consider:

  • Audience - The intended recipients of the communication
  • Nature of information - The purpose and type of information being communicated
  • Availability - Information readily available to the audience when needed
  • Cost - The resources used to communicate the information
  • Legal or regulatory requirements - Requirements in laws and regulations that may impact communication

A report for our case study

Let’s make up a report for our case study example.  Remember our control objective is:

Do controls prevent the coach from using his purchasing card for personal purchases as defined by Grace School District Policy #C7.459? 

Thinking through each of the prompts given in section 14.07 and 15.07:


The intended recipients of the communication

The school board and the public.

Nature of information

The purpose and type of information being communicated

This report will contain a bar graphic for each user of the purchasing card and will look something like this:


It will also include a detailed list of transactions for each cardholder that will include the date of the transaction, the vendor, the amount of the purchase, and the items purchased.


Information readily available to the audience when needed

The board will receive the report every month via email and the report will be available to the public on the school’s website after the board has reviewed it.


The resources used to communicate the information

Accounting has the transaction information readily available in the general ledger, but it is not separated by user.  So, the initial cost to set up individual accounts for each user will require some customization of the accounting software.  But, once it is set up, the report should only take an accountant an hour to create and email to the board.  The webmaster will have to post the report to the site, and that should take about 30 minutes.

Legal or regulatory requirements

Requirements in laws and regulations that may impact communication

This report will not help satisfy any regulatory requirements imposed by the state or federal government. However, the Comptroller of the State will award us a ‘Transparency’ award and will feature our report on their website if we meet their award criteria.

Information and Communication is the most straightforward component

The information and communication component of the COSO model/Green Book advises us to make sure that the information we share is valid and communicated in a manner that is helpful to stakeholders.  In my opinion, it is the most straightforward and clear component of the COSO model/Green Book.

So far, we have covered three components of the COSO model/Green Book – the risk assessment component, the control activities component and the information and communication component.  In the next chapter, we will cover the monitoring component.

Registering for this Webinar - How it works
  1. When you’re ready to register, select the “Register Now” button (at the top-right or bottom-left of this page).
  2. You’ll be taken directly to the secure website of our webinar-distribution partner:  CPA Crossings
  3. Fill out the “Register Online” section of the CPA Crossings page (near the bottom) and then select “Add to Cart”
  4. (Note:  If you want to register multiple attendees on the same purchase, just re-select the webinar and do a separate “Add to Cart” for each, as required.)
  5. After checking out, look for your notification and registration info via email – and mark your calendar to attend the webinar!
Stay Up-To-Date

Sign up here to have the lastest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

* indicates required

Stay Up-To-Date

Sign up here to have the latest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

[newsletters_subscribe list="20"]



Lost your password?