Identify risk, including fraud risk, associated with each significant account/process. Identify control objectives which address risks and assertions. Identify control activities in place to address control objectives. Also, identify IT systems relevant to the process. Document the processes and verify that adequately monitoring procedures are in place to ensure continuing effectiveness of controls.