COSO is a recommended format to facilitate the attestation process. It is the Treadyway Commissions Committee of Sponsoring Organizations. It recommends evaluating risk based on specific factors..external, internal and risk relating to change. I was employed by a bank that went from 5 separate charters, each under $500M in assets, which then collapsed all charters into one..immediately catipulting assets in excess of $500M. I was the I/A, which was a new dept, and responsible for implementation of the new audit dept and adherence with FDICIA requirements. Finding a format for the reporting was difficult. Although our primary regulator was aware of the requirement, they were unable to provide guidance regarding documentation and attestation format. I found contacting other institutions under the same requirements to be most beneficial. Our external audit firm also provided assistance as they have additional duties regarding FDICIA if their client's assets are in excess of $500M. Good Luck!
_________________________
An error is not a mistake until you refuse to correct it