Assessment of Control Environment
Information and Communication
Control Environment
Risk Assessment
Control Activities
Monitoring Activities
Key executive integrity, ethics, and behavior Control consciousness and operating style
Define objectives and risk tolerances Identify, analyze, and respond to risk Identify, analyze, and respond to change Mechanisms to anticipate, identify, and react to significant events Processes and procedures to identify changes in GAAP, business practices, and internal control Assess fraud risk
Design control activities Design activities for the information system
Use quality information Communicate internally Communicate externally Adequate performance reports produced from information systems Information systems are connected with business strategy Commitment of HR and finance to develop, test, and monitor IT systems and programs Business continuity and disaster plan for IT Established communication channels for employees to fulfill responsibilities Adequate communication across organization
Perform monitoring activities Remediate deficiencies Periodic evaluations of internal controls
Implement control activities
Commitment to competence Exercise oversight responsibility
Existence of necessary policies and procedures Clear financial objectives with active monitoring Logical segregation of duties Periodic comparisons of book-to-actual and physical count-to- books Adequate safeguards of documents, records, and assets Assess controls in place
Implementation of improvement recommendations
Organizational structure, responsibility, and authority Enforce accountability
HR policies and procedures
Effective
Effective
Effective
Effective
Effective
5
Made with FlippingBook Digital Proposal Creator