Monday, June 3, 2019
Internal Auditing Information Technology Case Study
Internal analyseing Information Technology Case StudyYue Sun (Leah)Activity 1. Key entity-level controlsCOSO ComponentEntity-level ControlsControl environsOrganization wide rightfulness code of conductRaising aw areness and application of the codeGranting restricted accesses to managers based on their department and responsibility orbitRisk AssessmentOrganization wide risk assessmentRisk appetites designed by department managersHaving senior concerns or control groups review and O.K. risk appetiteControl ActivitiesOrganization wide policy protocolIndependent internal audit committee everywheresightInformation technology popular controlInformation CommunicationUtilizing secured and monitored communication system for employees supervise ActivitiesPerformance management systemRegularly perform internal auditing processesActivity 2.Audit effect for information technology general controlDetermining whether the managements hold a positive attitude and approach toward integrity an d ethics.Determining whether policies exists to define acceptable IT practices, engagement of interest, and or other expected standards of ethical behavior within the organization.Determining whether management take proper precaution and disciplinary action in wad where dishonor the policies.Determining whether practitioners and management receive complete necessary training to efficiently perform their duties.Determining whether the integrity code of conduct is being apply throughout daily operations.Determining whether the role of each employee is well defined, enter, and understood by all parties in the organization.Determining whether all procedures are properly documented by designated employee and the documentation is securely managed with restricted access.Determining whether there are processes in place to monitor the integrity and the ethical value within the department.Audit procedures and evidence that indicate operating long suitAudit procedures to determine operati onal efficiencyDetermining whether the tasks and goals are performed and achieved. It implies that the controls are operating efficiently when management and employees fill up the expectations associated with their responsibilities.Evaluating the commitment of the management and employees when executing the internal controls set as higher level commitments from management and employees lead to higher level operating efficiency.Determining whether management is promoting and trying to enforce the internal controls in the organization.Observing the efficiency and effectiveness of communication amid management and employees. It indicates that the controls are operating efficiently when management and employees halt an open and transparent communication channel.Observing the attitude of both management and employees towards integrity and ethics in the internal controls.Evidence that indicate operating effectivenessThe operation should be considered effective when management holds a p ositive tone throughout the organization and the communication between management and employees is effective and transparent. Having an ethics and integrity program that is honored by both management and employees is another indicator for effective operation.Activity 4. SHR Corporations entity-level controls are mostly soft in nature and therefore, apprise impact the corporations employees in terms of how they approach issues. Such entity-level controls do operate across the organization to mitigate risks that threaten the company while provide authority that the objectives of the organization would be achieved. In addition, the entity-level controls have both internal and external effect. For instance, such control would impact on the effectiveness at transaction and affect level which could minimize the risks that would prevent the company from achieving its objectives.Weakness in SHR Corporations entity-level controls include incidents where management is not dedicated to trai n and mentor employees. Lacking communication between management and employees could impact the operating effectiveness greatly. Another weakness would be when less reliance is placed on control activities that are performed by employees who desire highly judgmental or complex tasks. In order to amend the listed weaknesses, management should be assessing the quality of the internal control performance across the organization. Monitoring activities are necessary and SHR should also acquire fencesitter evaluation by internal auditors to minimize risks.Management and employees behavior could be affected by the entity-level controls that are carried out across the entire organization. Based on the risks that the organization is currently facing, the entity-level controls would require managements to assess and report on the effectiveness of the internal control of the organization. The independent internal auditors should confirm and evaluate such reports concerning the effectiveness of the corporations internal control.Management and employees behavior at business processing level could be positively wedge since entity-level controls could improve their accountability. Having an effective entity-level controls would help both management and employees comply with organizations policies and code of conducts. Because entity-level controls provide assurance to the board and management that the established procedures and policies are performed throughout the organizations operation.When auditing controls over the companys purchases and accounts payable, SHRs entity-level controls could affect professional skepticism since effective controls could minimize potential risks and misappropriation. Meanwhile, the entity-level controls would facilitate the assessment of process-level risks that could affect the operation of the organization. In addition, process-level controls could assist when conducting direct testes of transactions in order to ensure the financial stat ements are accurately presented.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.