Beruflich Dokumente
Kultur Dokumente
2. Objectivity
To evaluate how well risks are being managed the internal auditor will
assess the quality of risk management processes, systems of internal control and
corporate governance processes, across all parts of an organization and report
this directly and independently to the most senior level of executive management
and to the board’s audit committee.
4. Segregation of duties
5. Empty shell
The empty shell or cold site plan is an arrangement wherein the company
buys or leases a building that will serve as a data center. In the event of a
[Type text]
disaster, the shell is available and ready to receive whatever hardware the
temporary user needs to run essential systems. This approach, however, has a
fundamental weakness. Recovery depends on the timely availability of the
necessary computer hardware to restore the data processing function.
Internal Verification
It is to make sure that employees are following the rules and regulation
and not shortcutting internal controls. It analyzes internal accounting control. The
goals of these are to audit and, when necessary, modify and improve the
effectiveness of internal accounting controls and standard operating procedures.
The objective is to make sure accounting procedures support goals in your
financial risk management plan. The two-step process typically starts by
observing, reviewing and analyzing current standard operation procedures.
3. Control Activities
These are policies and procedures, which are the actions of people to
implement the policies, to help ensure that management directives identified
as necessary to address risks are carried out. They help ensure that
necessary actions are taken to address risks to achievement of the entity’s
objectives. They includes a range of activities as diverse as approvals,
authorizations, verifications, reconciliations, reviews of operating
performance, security of assets and segregation of duties.
5. Monitoring of Controls
It is a process to assess the quality of internal control performance over
time. It involves assessing the design and operation of controls on a timely
basis and taking necessary corrective actions. Monitoring is done to ensure
that controls continue to operate effectively. For example, if the timeliness
and accuracy of bank reconciliations are not monitored, personnel are likely
to stop preparing them.
Preventive Controls
It reduces the frequency of occurrence of undesirable events. It forces
compliance with prescribed or desired actions and thus screen out abnormal
events. Preventing errors and fraud is far more cost-effective than detecting
and correcting problems after they occur. The vast majority of undesirable
events can be locked at this first level.
Detective Controls
It forms the second line of defense. The devices, techniques, and
procedures designed to identify and expose undesirable events that dodge
preventive controls. It reveals specific types of errors by comparing actual
occurrences to pre-established standards. When the detective control
identifies a departure from standard, it sounds an alarm to attract attention to
the problem.
Corrective Controls
These are actions taken to reverse the effects of errors detected in the
previous step. There is an important distinction between detective controls
and corrective controls. Detective controls identify anomalies and draw
attention to them; corrective controls actually fix the problem. For any
detected error, however, there may be more than one feasible corrective
action, but the best course of action may not always be obvious.