Identifying Company-Level Controls
|
|
SEC & PCAOB > PCAOB > Auditing Standard No. 2 > Identifying Company Level Controls
Source:
PCAOB Release 2004-001
March 9, 2004
Page A–30 – Standard
52. Identifying Company-Level Controls. Controls that exist at the company-level
often have a pervasive impact on controls at the process, transaction, or application level. For that reason, as a practical consideration, it may be appropriate for the auditor to test and evaluate the design effectiveness of company-level controls first, because the results of that work might affect the way the auditor evaluates the other aspects of internal control over financial reporting.
53. Company-level controls are controls such as the following:
• Controls within the control environment, including tone at the top, the
assignment of authority and responsibility, consistent policies and procedures, and company-wide programs, such as codes of conduct and fraud prevention, that apply to all locations and business units (See paragraphs 113 through 115 for further discussion);
• Management's risk assessment process;
• Centralized processing and controls, including shared service environments;
• Controls to monitor results of operations;
• Controls to monitor other controls, including activities of the internal audit
function, the audit committee, and self-assessment programs;
• The period-end financial reporting process; and
• Board-approved policies that address significant business control and risk
management practices.
Note: The controls listed above are not intended to be a complete list of
company-level controls nor is a company required to have all the controls in the
list to support its assessment of effective company-level controls. However,
ineffective company-level controls are a deficiency that will affect the scope of work performed, particularly when a company has multiple locations or business
units, as described in Appendix B.
54. Testing company-level controls alone is not sufficient for the purpose of
expressing an opinion on the effectiveness of a company's internal control over financial reporting.
|
|
|
|
|
|
|
|