Database Reference
In-Depth Information
The audit findings provide independent audit opinion regarding the design and
operating effectiveness of controls to the managers responsible for their controls
over the business process within the scope of the assessment plan.
InFission internal controls assessment
approach
InFission internal controls assessment objectives include:
• Financial governance controls
• IT governance controls
• Operational controls
• SOX Compliance controls
The CAE oversees the testing, administration, and assessment of the controls that
are included in the scope of the audit plan. InFission process owners are responsible
for updating and providing control documentation for their respective areas. The
audit directors manage the fieldwork assigned to internal auditors. Internal auditors
perform control documentation walk-through with the control owners to obtain
control test samples which provide evidence of the effectiveness of controls, and also
document the effectiveness of risk management and control activities in the assigned
processes. The auditors also perform transaction testing to gather control evidence
that the control is operating as described by the control owner. For example, to
collect the evidence for the control over the
duplicate vendor payment
risk in the
Procure-to-Pay
process, InFission auditors obtain the supplier invoice and payment
records from Oracle E-Business suite payables and purchasing modules using Oracle
Transaction Controls Governor. (Refer to
Chapter 9
,
IT Audit
for further details).
For manual and spread-sheet controls where the evidence requires independent
examination to controls documents and work papers such as adjusting entries in the
financial-close process, the auditor follows the procedures in the audit engagement.
The auditor also communicates the initial findings and prepares the draft of the
audit report.
The audit directors review the internal auditor findings and document their opinion
about the adequacy and effectiveness of the control processes.
All audit opinions are reviewed and approved by the CAE based on sufficient audit
evidence obtained through the completion of audits. The CAE also reviews the
entire management's self-assessment of risks, processes, and controls, as well as the
audit work performed by external auditors who provide assurances to the board of
directors and the audit committee.
Search WWH ::
Custom Search