I am trying to find IIA guidance for the objectives for performing a walkthrough. This is for internal controls documented for SOX. My experience has been to: 1. Evaluate design of the control; and 2. Evaluate operational effectiveness of the control.
Evaluate design to ensure appropriate risks and assertions are covered. Operational effectiveness is evaluated by testing a sample of one to ensure the control is operating as intended.
Currently engaged in discussions that walkthroughs are to evaluate design only. Pointing to specific IIA guidance would be helpful.