Laserfiche WebLink
Chapter 1: AUDIT PLAN <br />Audit Criteria: The Internal Control Integrated Framework published by the <br />Committee of Sponsoring Organizations (COSO) is the recognized <br />Internal Control standard for establishing internal controls. Under the COSO model, <br />a system of internal controls is a process that is made up of five <br />interrelated components. <br />Control "Tone at the Top" is a term that is used to define management's <br />leadership and commitment toward openness, honesty, integrity, <br />Environment and ethical behavior. It is the most important component of the <br />control environment. The "Tone at the Top" is set by all levels of <br />management and has a trickle -down effect on all employees. Other <br />factors that affect the control environment are organizational <br />structure; clear assignment of authorities, duties, and <br />responsibilities; industry and business environment in which the <br />organization operates; economic and regulatory events; and the <br />attentiveness of governing bodies. <br />Risk Assessment All organizations and levels within an organization face a myriad of <br />operating risks. Risks affect the organization's ability to survive, <br />successfully compete, maintain financial strength and positive <br />public image, and maintain quality of services and products. <br />Therefore, risk assessment deals with the organization's ability to <br />set clear operating goals and objectives, identify risks that could <br />impede achievement of those objectives, and mitigate exposure to <br />those risks to acceptable levels. <br />Control Activities Internal controls are the systems, policies, procedures, and <br />processes put in place by management to provide reasonable <br />assurance for the achievement of management objectives, <br />including effectiveness and efficiency of operations; reliability of <br />financial reporting; and compliance with applicable laws, <br />regulations, and policies. Examples of control activities include <br />performance reports and reviews, segregation of duties, <br />documentation to support financial transactions and contractual <br />agreements, physical security controls, and IT access controls. <br />Information and Communication of information through the organization is essential <br />to achieving management objectives. This component examines <br />Communication the way in which information is communicated throughout the <br />organization and whether there is continuous feedback. <br />3 <br />