Laserfiche WebLink
CHAPTER 1: AUDIT PLAN <br />Government Auditing <br />Criteria Government Auditing Standards (July 2007 Revision), <br />referred to as the "Yellow Book ", published by the United <br />States Government Accountability Office, by the Comptroller <br />General of the United States: <br />Government Auditinq Standards, Section 1.30, <br />Performance Audits: "Internal control comprises the <br />plans, policies, methods and procedures used to meet the <br />organization's mission, goals and objectives... Examples <br />of audit objectives related to internal control include an <br />assessment of the extent to which internal control provides <br />reasonable assurance about whether: (a) organizational <br />missions, goals, and objectives are achieved effectively and <br />efficiently; (b) resources are used in compliance with laws, <br />regulations, or other requirements; (c) resources, including <br />sensitive information accessed or stored outside the <br />organization's physical perimeter, are safeguarded against <br />unauthorized acquisition, use, or disposition; (d) management <br />information, such as performance measures, and public <br />reports are complete, accurate, and consistent to support <br />performance and decision making; (e) the integrity of <br />information from computerized systems is achieved; and (f) <br />contingency planning for information systems provides <br />essential back -up to prevent unwarranted disruption of the <br />activities and functions that the systems support." <br />Government Auditina Standards. Section 7.20. Internal <br />Control: "... Controls over the safeguarding of assets <br />and resources include policies and procedures that the <br />audited entity has implemented to reasonably prevent or <br />promptly detect unauthorized acquisition, use, or <br />disposition of assets and resources. " <br />Government Auditing Standards, Section 7.21, Internal <br />Control: "In performance audits, a deficiency in internal <br />control exists when the design or operation of a control <br />does not allow management or employees, in the normal <br />course of performing their assigned functions, to prevent, <br />detect, or correct (1) impairments of effectiveness or <br />efficiency of operations, (2) misstatements in financial or <br />performance information, or (3) violations of laws and <br />regulations, on a timely basis. A deficiency in design exists <br />when (a) a control necessary to meet the control objective is <br />missing or (b) an existing control is not properly designed so <br />that, even if the control operates as designed, the control <br />objective is not met. A deficiency in operation exists when a <br />properly designed control does not operate as designed, or <br />when the person performing the control does not possess the <br />D <br />