XML Feeds
| « Data Protection Responsibility - CISM 2006 Exam Wuestions | Multi Disciplinary Audit Teams for Sarbanes Oxley Audit » |
How to Evaluate Design Effectiveness of Controls
How to Evaluate Design Effectiveness of Controls
My topic of discussion today is evaluating the design effectiveness of controls. Sarbanes Oxley requires auditors to evalute management's assessment and obtain sufficient evidence about whether the company's
internal control is designed properly and operating effectively. Design effectiveness involves evaluating whether internal control is suitably designed to prevent or detect material mis-statement on a timely basis. So when an auditor or management is evaluating the design effectiveness of controls, they should document such evaluation. Documentation should include documenting governance and activities level controls. Some factors that management can consider while evaluating the design effectiveness of controls are as under:
1. Missing Controls - There might be a case that controls are totally absent from the process. Question of evaluating their design does not even arise. Infact in cases of missing controls, controls need to be designed first.
2. Missing Control Objectives - In some cases, even though controls are designed, they fail to meet the control objectives. Such controls do not serve the purpose and need to be tweaked so that they meet the control objectives.
3. Incompatible Duties - Controls also fail to meet control objectives, in case of incompatible duties. Management should ensure that a single person should not be able to execute a process fully. Such excess duties can be missued resulting in controls becoming ineffective.
4. Inappropriate Control Attributes - Management should also ensure that controls such as monitoring controls, supervisory reviews etc are properly incorporated in the controls design process. Governance controls should be taken into account in the design process.
Success of the controls design process depends a lot on management's outlook. Management should view the entire internal controls process and not just one or two areas to ensure successful compliance.
Related Posts
Reporting Material Weakness to Management
Application Level Controls for SOX
Training Workshops for Sarbanes Oxley
Analyzing the COSO Cube - Internal Control Dimensions
Feedback awaiting moderation
This post has 40 feedbacks awaiting moderation...