Database Reference
In-Depth Information
Managing Your Testing
Phase: Management Testing
and Certifying Controls
In the previous chapter, we learned the techniques used to develop and maintain the
controls documentation that is essential to test and certify controls. After completing
the controls documentation as described in the previous chapter, you can begin
testing the design and operating effectiveness of internal controls. There are two
major methods for testing internal controls:
Management testing
and
Independent
testing
. In this chapter, we will describe the Management testing uses, approach, and
techniques that are a critical phase of a governance, and risk and compliance-program.
Management testing is often included in the audit plan for control self-assessment.
Management testing is also required by compliance regulations, such as Sarbanes-
Oxley for asserting controls over financial statements, and it is an important part of the
Enterprise Risk Management program.
Management testing for internal audit
program
Many organizations start the control testing phase of the audit plan by asking
process owners and controls owners to assess the risks and evaluate the internal
controls before conducting the independent audit. This process, commonly referred
to as the
Control Self-Assessment
(
CSA
), is defined by the
Institute of Internal
Auditors
(
IIA
) as "A process through which internal control effectiveness is
examined with the objective of providing reasonable assurance that all business
objectives are met."
Search WWH ::
Custom Search