Database Reference
In-Depth Information
InFission's approach to management
testing
InFission utilizes management testing to support the internal audit, compliance,
and Enterprise Risk Management programs.
The internal auditor team uses the findings management testing to develop the
scope for the independent audit plan. A control self-assessment questionnaire is
distributed to the management that identifies the status of controls effectiveness
over the audit cycle. The auditors only facilitate this process and never participate
in responding to this survey to preserve their independence. While the auditors
do not rely solely on the results of the survey to determine the effectiveness of the
controls, the results of the survey are used to determine the scope of the audit plan
to focus on significant process changes, emerging risks, organizational changes,
and other issues reported by management. Auditors also use the results of the
control self-assessment to determine the qualitative assessment of controls such
as the complexity of process activities, fraud risks, the spreadsheets that are used
to record accounting information, the need for employee training to perform their
jobs, and factors that affect the financial statements.
The auditors establish the inherent risk levels based on the evidence obtained
from management responses to the controls survey. This approach enables the
auditors to optimize the effectiveness of independent controls testing and efficient
use of audit resources.
As a publically listed company on NASDAQ, InFission complies with the
Sarbanes-Oxley Act (SOX). As a part of the SOX 404 compliance program,
management testing approach is used to evaluate the overall control environment
including the code of conduct and the tone at the top. An internal controls survey
is distributed to management to obtain information such as the effectiveness of
communications with the board of directors and the audit committee, management
style, organization culture, employee competency, and human resources policies
and practices.
In addition to including management in the testing of controls for internal audit
and SOX compliance, InFission has also implemented a controls testing program to
support its ERM initiative. The management has adopted the COSO-ERM framework
to improve the overall strategic planning process. Once the enterprise risk assessment
is completed based on the survey of management and a series of workshops facilitated
by the internal audit team, management control testing is performed by business
process owners and management that includes an in depth review with marketing,
engineering, product development, and production operations.
Search WWH ::
Custom Search