III. Bottom-Up Approach
a) What were the strengths and weaknesses of Trinity’ s practice-based bottom-up approach? How effective was it?
b) What would you recommend it should have done differently in Year 1? Defend your response.
c) Compare and contrast the strengths and weaknesses of a bottom-up versus a top-down risk approach to compliance.
d) Which approach is more appropriate in completing a compliance project successfully for Trinity’ s first year?
e) How does each approach affect a company’ s internal control structure?
f) Identify the chief insights from the pilot project. How does the pilot project for the EDP system compare to SOX requirements?
g) Identify the testing processes Trinity performed and whether Trinity took the appropriate approach in designing their controls.
h) Based on the substantive tests, which testing process proved to be most useful in assessing Trinity’ s accounting system?
i) Compose a short memorandum that communicates the results of the first year of testing along with recommendations as to what Trinity should
do differently in subsequent years.
IV. SOX-Related Expenses