2.

7 Entity Level-Control (ELC) and Transaction Level-Control (TLC)

Entity level control (also known as enterprise level control) is a process designed by or
under the control of management control to implement an environment that has a pervasive
impact on effectiveness on processes, transactions or application levels.

Entity level control type:

a. Indirect entity level control (indirect)

Control is important but not directly related to the possibility of a timely detection or
detection of material misstatements. Examples: codeofconduct, governance, policies and
procedures, employee recruitment process.
b. Monitoring entity level control (monitoring)
Control performed to monitor the effectiveness of other controls, but the level of
accuracy of this control is not enough to mitigate the risk of financial reporting. Example:
periodic monitoring of the implementation of reconciliation to ensure the timeliness of
reconciliation, reconciliation of items and follow-up of reconciliation.
c. Direct entity level control (direct)
Controls are designed and implemented with sufficient levels of accuracy to prevent or
detect in a timely manner. Example: controls performed by controllers who re-evaluate
transaction-level controls.

2.7.1 Transactional Level Controls (TLC)

It is in process with the aim of preventing or detecting misstatements, by fault or fraud,

authorization, safeguarding and asset liability. In general, transactional level control deals with
elements of control activities within the COSO framework and focuses on significant accounts,
as well as processes / transactions that have the possibility of error / fraud resulting in material
misstatement. Example: comparing data, performing reconciliation, review, independent,
evaluation and confirmation.

Entity-level control relationship and transactional level control in internal control testing:

1. Identify the risk level (high, medium, low) based on the risk assessment process.
 2. Direct ELC that mitigates the risk of financial reporting with adequate and timely
precision, can reduce more detailed testing at the transactional level.
3. What's left is high risks that require more attention.

2.8 Cycles in ICoFR Design and Implementation

Stages in designing and implementing internal control over financial reporting.

1. Risk Assessment

a. Identify and analyze risks to achieve financial reporting objectives.

b. Determine which risks can lead to material misstatement of financial reporting.

c. Determine how each component can support reliable financial reporting

2. Control environment: implement and run the control environment, develop

thetoneofthecompany.

3. Control activities: implementing and running a control environment using activities that
can reduce risks in achieving goals.

4. Information and communication: Implement and execute information and communication

to support internal control.

5. Monitoring: Implementing and running monitoring activities that help ensure that controls
operate correctly from time to time.

6. To revise the financial reporting objectives if there are any changes that have a potential
impact on the business.

2.9 How to design entity-level control over financial reporting:

1. The establishment of a team responsible for identifying, analyzing and proposing entity-
level control designs.

2. Understand the basic principles and attributes of COSO's internal control over financial
reporting.
 3. Conducting discussions with related personnel on understanding relevant entity-level
controls, such as audit committees, boards of directors, senior management, human
resources departments, internal audits.

4. Reviewing entity-level control documentation, such as internal control policies, human

resources, codeofconduct.

5. Identify the existing entity level control attributes.

6. Identify gaps and propose entity-level control designs to minimize gaps.

7. Confirm the proposed entity-level control design with relevant personnel.

8. Obtain approval of the proposed entity-level control design.

2.10 How to Design Transactional Level Control

1. Gain an understanding of the process from the owner of the business process by:

a. Review the process flow documentation, including the relevant IT.

b. Conducting discussions with client personnel.

c. Observe the methods and procedures used, including system input and functionality.

d. Conduct walkthrough (transaction search from start to end of process)

2. Document the process into the flowchart (flowchart)

3. Identify risks for each process reviewed.

4. Designing controls for identified risks.

5. Confirm the flowchart, including risk and control in a process to the owner of the
business process.

6. Obtained approval of the proposed transactional rate control design.

2.11 Challenges encountered in developing internal control over financial reporting:

1. The development of internal control over financial reporting

a. Technical barriers: reliability and adequacy of the methodology, the approach used
does not focus on significant processes and risks so it can not quickly and accurately
identify remedial efforts, the design of internal control is not optimal in determining
the division of tasks and responsibilities.

b. Non-technical barriers: human and organizational aspects such as management

commitment in the development of internal controls, personnel readiness to accept
change, availability and inadequate personnel competence.

2. Potential problems in the preparation of financial statements

That comes from the operational business process and the closing process of the book of
financial statements.