Database Reference
In-Depth Information
This can help in developing an effective test plan for evaluating significant processes
and key control activities at the selected locations within the organization in order to
meet compliance audit objectives. Control self-assessment improves the efficiency of
independent controls testing by enabling the independent auditors to use the control
testing work papers obtained from the management testing. This testing approach
is supported by AS2, which states that the higher the degree of
competence and
objectivity
is reflected in the work of others, the greater the auditor may make use
of that work. AS2 specifically groups
self-assessment programs
with the activities of
the internal audit function and the audit committee as controls designed to monitor
and evaluate other internal controls. Therefore, independent auditors can increase
the efficiency of their testing activities by utilizing a CSA program to obtain control
evaluations from the employees that are directly involved in monitoring the control
activities. Such employees are often referred to as
Control Owners
and have a better
understanding of the control for which they are responsible. The aggregate results of
this larger group of control owners can help auditors form a more objective opinion
of the overall control environment.
Management testing for Enterprise Risk
Management
The
Enterprise Risk Management
(
ERM
) is an integrated framework, which
was also developed by Committee of Sponsoring Organizations of the Treadway
Commission in 2004 (COSO 2004). Unlike COSO Internal Controls framework,
management takes a top down view of the risks, which guide the business unit's
heads and department managers to set objectives, rate risks, and determine
responses to risk. Under this framework, top management sets the objectives to
achieve the desired outcomes, for example, be recognized as a market leader in
innovations, achieve certain income level from operations, comply with laws and
regulations, and provide a nurturing workplace to employees. Many organizations
that have adopted this framework require management to test the controls, once
the risks are assessed and mitigating controls are identified. The Enterprise Risk
Management process is applied across the organization and it is designed to help
identify risks to provide reasonable assurance that an entity is able to meet its
business and financial reporting objectives. Once the objectives are established,
management identifies both internal and external events that could prevent the
organizations from achieving these objectives, such as emerging global competition,
customer credit risks, or employee theft, that have a likelihood to negatively impact
the organization's ability to achieve its objectives. Next, the management determines
its options to respond to the risks by establishing the appropriate level of controls
that can mitigate these risks. Once the controls are designed, periodic management
testing provides the assurance that the operations within specific business units and
departments have necessary controls to meet the business objectives.
Search WWH ::
Custom Search