KPMG's " Defining Issues" Dec 2006 No. 06-34

Two Principles:

1. "Top-Donw, Risk Based Approach" - Management should evaluate the desing of the controls to determine whether they address the risk that a material misstatement in the financial statements would not be prevented or detected. (Pages 1-2)

2. Management's evaluation of the operations of its controls should be based on its assessment of the risk associated with those controls. (Page 2)
Example - Self Assessments in low-risk areas and extensive testing in high0risk areas.

Application of Approach to the following areas:

1. Identifying Risks and Related Controls (Pages 2-3)
2. Evaluating Operating Effectiveness (Page 3)
3. Evaluating Deficiencies and Reporting (Pages 3-4)
4. Evidence to Support the Assessment (Page 4)