Database Reference
In-Depth Information
The assessment process can help auditors to improve the effectiveness of overall
audit plan. Employees that manage the process and monitor related control
activities have deeper knowledge of risks and controls. The auditors can facilitate
the management self-assessment of the risks and controls within a business
process without comprising the independence as long as the auditor maintains the
management testing records as the evidence of the process, risks, or controls assessed
by management.
In addition to evaluating many aspects of the internal control system, auditors
can use CSA to gain a better understanding of the organizational policies and
procedures, which helps gain a better understanding of the internal control system,
and to assess all types of risks such as inherent risks and residual risks.
Management testing for Regulatory
Compliance Audits
The growing regulatory compliance requirements have set higher expectations
for management evaluation of internal controls. For example, under the Sarbanes-
Oxley act of 2002, Public Company Accounting Oversight Board (PCAOB)'s
Auditing Standard (AS) 2 was established, which gives guidance of special interest
contained in the document named as "An Audit of Internal Control over Financial
Reporting Performed in Conjunction with an Audit of Financial Statements." The AS
2 audit requires that financial statement auditors audit and attest to the fairness of
management's assessment of their internal control system over financial reporting.
Many organizations have implemented the Committee of Sponsoring Organizations
(COSO) controls framework to comply with this audit standard. Management
plays a key role in the effective implementation of all aspects of this framework's
controls including environment, risk assessment, control activities, information and
communication, and monitoring. For example, management can help evaluate the
control environment by assessing entity level controls such as tone at the top and
code of conduct. Such controls are often reflected in an employee's perception of
management's behavior and attitudes that can only be evaluated using employee
interviews and surveys.
Management testing can improve the quality and efficiency of compliance audits. For
example, an employee survey of internal controls questionnaire can produce a highly
corroborated evidence of controls effectiveness when many employees responsible
for the business process can identify changes in policies, procedures, and control
activities over the period under audit. The independent auditors can use the survey
results to better assess risks due to procedural problems, identify ineffective controls,
and processes.
Search WWH ::
Custom Search