Database Reference
In-Depth Information
For example, the control elements of completeness, accuracy, authorization,
safeguarding of assets, rights/obligations, and so on can be incorporated into
activities within a process. The SOX compliance audit plan ensures the verification
of controls incorporated into the processes being documented, mitigates the
associated risk of financial statement misstatement, and ensures consistency
with GAAP.
InFission approach to risk and controls
documentation
Each department manager is also responsible for maintaining the risks and controls
documentation in a similar manner as it is done for the Process and Procedure
documents. However, the audit team provides risks and controls templates to
the process owners who ensure that the controls are designed to meet InFission
risk tolerance and control objectives. The biannual walkthrough of control
documentations with each department also includes the review of the risks and
controls matrix. In addition, as required by Sarbanes Oxley Act section 302, each
process owner certifies that the controls are operating effectively and reports any
issues to the audit team.
During the biannual control documentation walkthrough, the auditor and the
process owner review any changes to the risk ratings, controls, and control test plans.
Risk rating is a relative ranking of risk value, calculated as a product of the numeric
values (1 through 5) from the
risk significance
and the
risk likelihood
values.
InFission classifies risks into the following categories:
• Financial fraud
• Theft of assets
• Theft of services
• Regulatory compliance
• Breach of security
InFission auditor marks a control as a
key
if a failure of that control could cause a
reasonable likelihood of a material error in the financial statements, which may not
be prevented or detected on a timely basis.
Search WWH ::
Custom Search