Database Reference
In-Depth Information
The CAE provides the management and the board of directors' periodic updates
during the assessment phase.
The audit engagements are completed once the audit team has obtained sufficient
and appropriate audit evidence about all business processes performed within
the business units included in the audit plan. The audit engagements also include
testing subprocesses, as well as a review of the mega processes operating across the
organization. The auditors have the flexibility to adjust the test plans during the
audit cycle, which is a result of changes in operations, external factors impacting
the business, or change in management objectives. For example, due to the increase
in output at a computer manufacturing plant in China, the sample size of evidence
may no longer be sufficiently relative to the payment transaction volume to establish
effectiveness of control over the three-way match in the vendor payment process for
the Procure-to-Pay cycle (mega process). In such a case, the auditor may increase the
number of random purchase orders, invoices, and receiving vouchers required to
satisfy the audit procedure.
The audit engagements are revised based on events that impact the risks within
the business processes, and controls that mitigate risks. Risks events can be
external, such as marketplace or investment conditions, as well as internal, such
as acquisitions and divestitures, joint ventures, organizational realignments, and
information system upgrades. For example, when InFission acquired computer
operations of a Chinese manufacturer, the audit engagement was revised to include
the controls, which mitigate the risks in significant processes such as product
manufacturing, inventory management, procurement, and distribution.
Assessing internal controls using
Oracle GRC Manager
InFission audit team utilizes the
GRC Manager Assessment Workflow
tool to test
the design and operating effectiveness of internal controls in order to ensure that
the appropriate levels of documentation and control are in place. This assessment
tool can also be implemented to evaluate the validity and effectiveness of risks,
perspectives, and other base object components with a GRC module.
Assessing internal controls includes the following steps:
Test
Components
Initiate
Assessment
Select
Criteria
Select
Component
Select
Delegates
Submit for
Approval
Search WWH ::
Custom Search