audit-support
The audit-support skill provides SOX 404 compliance guidance covering control testing methodology, sample selection techniques, testing documentation standards, and control deficiency classification. Use it when creating internal control testing workpapers, selecting audit samples, evaluating control design and operating effectiveness, classifying control deficiencies by severity, or preparing documentation for internal or external audits. The skill addresses scoping significant accounts, identifying relevant assertions, and assessing risks of material misstatement in financial reporting.
git clone --depth 1 https://github.com/openyak/openyak /tmp/audit-support && cp -r /tmp/audit-support/backend/app/data/plugins/finance/skills/audit-support ~/.claude/skills/audit-supportSKILL.md
# Audit Support **Important**: This skill assists with SOX compliance workflows but does not provide audit or legal advice. All testing workpapers and assessments should be reviewed by qualified financial professionals. While "significance" and "materiality" are context-specific concepts that are ultimately assessed by auditors, this skill is intended to assist professionals in the creation and evaluation of effective internal controls and documentation for audits. SOX 404 control testing methodology, sample selection approaches, testing documentation standards, control deficiency classification, and common control types. ## SOX 404 Control Testing Methodology ### Overview SOX Section 404 requires management to assess the effectiveness of internal controls over financial reporting (ICFR). This involves: 1. **Scoping:** Identify significant accounts and relevant assertions 2. **Risk assessment:** Evaluate the risk of material misstatement for each significant account 3. **Control identification:** Document the controls that address each risk 4. **Testing:** Test the design and operating effectiveness of key controls 5. **Evaluation:** Assess whether any deficiencies exist and their severity 6. **Reporting:** Document the assessment and any material weaknesses ### Scoping Significant Accounts An account is significant if there is more than a remote likelihood that it could contain a misstatement that is material (individually or in aggregate). **Quantitative factors:** - Account balance exceeds materiality threshold (typically 3-5% of a key benchmark) - Transaction volume is high, increasing the risk of error - Account is subject to significant estimates or judgment **Qualitative factors:** - Account involves complex accounting (revenue recognition, derivatives, pensions) - Account is susceptible to fraud (cash, revenue, related-party transactions) - Account has had prior misstatements or audit adjustments - Account involves significant management judgment or estimates - New account or significantly changed process ### Relevant Assertions by Account Type | Account Type | Key Assertions | |-------------|---------------| | Revenue | Occurrence, Completeness, Accuracy, Cut-off | | Accounts Receivable | Existence, Valuation (allowance), Rights | | Inventory | Existence, Valuation, Completeness | | Fixed Assets | Existence, Valuation, Completeness, Rights | | Accounts Payable | Completeness, Accuracy, Existence | | Accrued Liabilities | Completeness, Valuation, Accuracy | | Equity | Completeness, Accuracy, Presentation | | Financial Close/Reporting | Presentation, Accuracy, Completeness | ### Design Effectiveness vs Operating Effectiveness **Design effectiveness:** Is the control properly designed to prevent or detect a material misstatement in the relevant assertion? - Evaluated through walkthroughs (trace a transaction end-to-end through the process) - Confirm the control is placed at the right point in the process - Confirm the control addresses the identified risk - Performed at least annually, or when processes change **Operating effectiveness:** Did the control actually operate as designed throughout the testing period? - Evaluated through testing (inspection, observation, re-performance, inquiry) - Requires sufficient sample sizes to support a conclusion - Must cover the full period of reliance ## Sample Selection Approaches ### Random Selection **When to use:** Default method for transaction-level controls with large populations. **Method:** 1. Define the population (all transactions subject to the control during the period) 2. Number each item in the population sequentially 3. Use a random number generator to select sample items 4. Ensure no bias in selection (all items have equal probability) **Advantages:** Statistically valid, defensible, no selection bias **Disadvantages:** May miss high-risk items, requires complete population listing ### Targeted (Judgmental) Selection **When to use:** Supplement to random selection for risk-based testing; primary method when population is small or highly varied. **Method:** 1. Identify items with specific risk characteristics: - High dollar amount (above a defined threshold) - Unusual or non-standard transactions - Period-end transactions (cut-off risk) - Related-party transactions - Manual or override transactions - New vendor/customer transactions 2. Select items matching risk criteria 3. Document rationale for each targeted selection **Advantages:** Focuses on highest-risk items, efficient use of testing effort **Disadvantages:** Not statistically representative, may over-represent certain risks ### Haphazard Selection **When to use:** When random selection is impractical (no sequential population listing) and population is relatively homogeneous. **Method:** 1. Select items without any specific pattern or bias 2. Ensure selections are spread across the full population period 3. Avoid unconscious bias (don't always pick items at the top, round numbers, etc.) **Advantages:** Simple, no technology required **Disadvantages:** Not statistically valid, susceptible to unconscious bias ### Systematic Selection **When to use:** When population is sequential and you want even coverage across the period. **Method:** 1. Calculate the sampling interval: Population size / Sample size 2. Select a random starting point within the first interval 3. Select every Nth item from the starting point **Example:** Population of 1,000, sample of 25 → interval of 40. Random start: item 17. Select items 17, 57, 97, 137, ... **Advantages:** Even coverage across population, simple to execute **Disadvantages:** Periodic patterns in the population could bias results ### Sample Size Guidance | Control Frequency | Expected Population | Low Risk Sample | Moderate Risk Sample | High Risk Sample | |------------------|--------------------|-----------------|--------------------|-----------------| | Annual | 1 | 1 | 1 | 1 | | Q
Convert laboratory instrument output files (PDF, CSV, Excel, TXT) to Allotrope Simple Model (ASM) JSON format or flattened 2D CSV. Use this skill when scientists need to standardize instrument data for LIMS systems, data lakes, or downstream analysis. Supports auto-detection of instrument types. Outputs include full ASM JSON, flattened CSV for easy import, and exportable Python code for data engineers. Common triggers include converting instrument files, standardizing lab data, preparing data for upload to LIMS/ELN systems, or generating parser code for production pipelines.
Run nf-core bioinformatics pipelines (rnaseq, sarek, atacseq) on sequencing data. Use when analyzing RNA-seq, WGS/WES, or ATAC-seq data—either local FASTQs or public datasets from GEO/SRA. Triggers on nf-core, Nextflow, FASTQ analysis, variant calling, gene expression, differential expression, GEO reanalysis, GSE/GSM/SRR accessions, or samplesheet creation.
This skill should be used when scientists need help with research problem selection, project ideation, troubleshooting stuck projects, or strategic scientific decisions. Use this skill when users ask to pitch a new research idea, work through a project problem, evaluate project risks, plan research strategy, navigate decision trees, or get help choosing what scientific problem to work on. Typical requests include "I have an idea for a project", "I'm stuck on my research", "help me evaluate this project", "what should I work on", or "I need strategic advice about my research".
Deep learning for single-cell analysis using scvi-tools. This skill should be used when users need (1) data integration and batch correction with scVI/scANVI, (2) ATAC-seq analysis with PeakVI, (3) CITE-seq multi-modal analysis with totalVI, (4) multiome RNA+ATAC analysis with MultiVI, (5) spatial transcriptomics deconvolution with DestVI, (6) label transfer and reference mapping with scANVI/scArches, (7) RNA velocity with veloVI, or (8) any deep learning-based single-cell method. Triggers include mentions of scVI, scANVI, totalVI, PeakVI, MultiVI, DestVI, veloVI, sysVI, scArches, variational autoencoder, VAE, batch correction, data integration, multi-modal, CITE-seq, multiome, reference mapping, latent space.
Performs quality control on single-cell RNA-seq data (.h5ad or .h5 files) using scverse best practices with MAD-based filtering and comprehensive visualizations. Use when users request QC analysis, filtering low-quality cells, assessing data quality, or following scverse/scanpy best practices for single-cell analysis.
Set up your bio-research environment and explore available tools. Use when first getting oriented with the plugin, checking which literature, drug-discovery, or visualization MCP servers are connected, or surveying available analysis skills before starting a new project.
>
>