III . Bottom-Up Approach
a ) What were the strengths and weaknesses of Trinity ’ s practice-based bottom-up approach ? How effective was it ?
b ) What would you recommend it should have done differently in Year 1 ? Defend your response .
c ) Compare and contrast the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance .
d ) Which approach is more appropriate in completing a compliance project successfully for Trinity ’ s first year ?
e ) How does each approach affect a company ’ s internal control structure ?
f ) Identify the chief insights from the pilot project . How does the pilot project for the EDP system compare to SOX requirements ?
g ) Identify the testing processes Trinity performed and whether Trinity took the appropriate approach in designing their controls .
h ) Based on the substantive tests , which testing process proved to be most useful in assessing Trinity ’ s accounting system ?
i ) Compose a short memorandum that communicates the results of the first year of testing along with recommendations as to what Trinity should
do differently in subsequent years .
IV . SOX-Related Expenses