With the books closing on many companies’ first internal control assessments under new, relaxed compliance guidelines, many chief financial officers are already pondering how to improve next year’s processes.

For some companies and external auditors, it means another round in the tug-of-war over risk, zeroing in on areas that present the most meaningful risk of errors that could have a material effect on financial statements. Since regulators gave new direction last summer calling for a more top-down look at internal controls with a sharper focus on risk, companies and auditors have sparred over just how to do that, each side usually ...