Laserfiche WebLink
<br /> <br /> <br /> Chapter 1: AUDIT PLAN <br /> <br /> <br /> V <br /> Audit Criteria: The Internal Control Integrated Framework published by the <br /> r-7 Committee of Sponsoring Organizations (COSO) is the recognized <br /> Internal Control standard for establishing internal controls. Under the COSO model, <br /> a system of internal controls is a process that is made up of five <br /> interrelated components. <br /> <br /> Control "Tone at the Top" is a term that is used to define management's <br /> leadership and commitment toward openness, honesty, integrity, <br /> Environment and ethical behavior. It is the most important component of the <br /> control environment. The "Tone at the Top" is set by all levels of <br /> management and has a trickle-down effect on all employees. Other <br /> factors that affect the control environment are organizational <br /> structure; clear assignment of authorities, duties, and <br /> responsibilities; industry and business environment in which the <br /> organization operates; economic and regulatory events; and the <br /> attentiveness of governing bodies. <br /> ~.1 <br /> Risk Assessment All organizations and levels within an organization face a myriad of <br /> operating risks. Risks affect the organization's ability to survive, <br /> successfully compete, maintain financial strength and positive <br /> public image, and maintain quality of services and products. <br /> Therefore, risk assessment deals with the organization's ability to <br /> f~ set clear operating goals and objectives, identify risks that could <br /> impede achievement of those objectives; and mitigate exposure to <br /> those risks to acceptable levels. <br /> <br /> Control Activities Internal controls are the systems, policies, procedures, and <br /> processes put in place by management to provide reasonable <br /> assurance for the achievement of management objectives, <br /> including effectiveness and efficiency of operations; reliability of <br /> financial reporting; and compliance with applicable laws, <br /> regulations, and policies. Examples of control activities include <br /> performance reports and reviews, segregation of duties, <br /> documentation to support financial transactions and contractual <br /> agreements, physical security controls, and IT access controls. <br /> <br /> Information and Communication of information through the organization is essential <br /> to achieving management objectives. This component examines <br /> Communication the way in which information is communicated throughout the <br /> organization and whether there is continuous feedback. <br /> <br /> <br /> jl <br /> <br /> <br /> <br /> <br /> 3 <br />