Please enable JavaScript.
Coggle requires JavaScript to display documents.
11.1 (CONTROL SELF-ASSESSMENT (Benefits of CSA (• Early detection of risk,…
11.1
CONTROL SELF-ASSESSMENT
-
management technique that assures stakeholders, customers and other parties that the internal control system of the organization is reliable.
Ensures that employees are aware of the risk to
the business and they conduct periodic, proactive reviews of controls.
-
ROLE OF IS AUDITOR
value in this role is evident when management takes responsibility and ownership for internal control systems under their authority through process improvements in their control structures, including an active monitoring component.
An IS auditor acts in the role of facilitator to the business process owners to help them define and assess appropriate controls
and helps the process owners understand the need for controls, based on risk to the business processes.
IS auditor will lead and guide the auditees in assessing their environment by providing insight about the objectives of controls based on risk assessment
The managers, with a focus on improving the productivity of the process, might suggest replacement of preventive controls.
In this case, the IS auditor is better positioned to explain the risk associated with such changes
-
Implementation
For small business units within organizations, it can be implemented by facilitated workshops in which functional management and IS auditors come together and deliberate how best to evolve a control structure for the business unit
What the facilitator do?
A Facilitator
creates a supportive environment to help participants explore their own experiences and those of others;
-
and share their knowledge, ideas and concerns.
-
Objectives of CSA
The primary objective of a CSA program is It is not intended to replace audit’s responsibilities but to enhance them.
to leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas.
Who is responsible ?
Auditees such as line managers are responsible for controls in their environment; the managers should also be responsible for monitoring the controls.
CSA programs must also educate management about control design and monitoring, particularly concentrating on areas of high risk.
How to employ?
When employing a CSA program, measures of success for each phase (planning, implementation and monitoring) should be developed to determine the value derived from CSA and its future use.
One critical success factor (CSF) is to conduct a meeting with the business unit representatives (including appropriate and relevant staff and management) to identify the business unit’s primary objective—to determine the reliability of the internal control system.
In addition, actions that increase the likelihood of achieving the primary objective should be identified.
Benefits of CSA
-
-
-
• Development of a sense of ownership of the controls in the employees and process owners and reduction of their resistance to control improvement initiatives
• Increased employee awareness of organizational objectives, and knowledge of risk and internal controls
-
-
-
-
-
• Necessary assurance given to top management about the adequacy of internal controls as required by the various regulatory agencies and laws
Disadvantages of CSA
-
• It may be regarded as an additional workload (e.g., one more report to be submitted to management).
-
-
INTEGRATED AUDITING
integrated auditing can be defined as the process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity and focuses on risk.
-
-
-
-
Benefits
-
An additional benefit is that this approach assists in staff development and retention by providing greater variety and the ability to see how all of the elements (functional and IT) mesh together to form the complete picture.
The integrated audit concept has also radically changed the way audits are accepted and valued by different stakeholders. For example:
• Employees or process owners better understand the objectives of an audit because they can see the linkage between controls and audit procedures.
• Top management better understands the linkage between increased control effectiveness and corresponding improvements in the allocation and utilization of IT resources.
• Shareholders better understand the linkage between the push for a greater degree of corporate governance and its impact on the generation of financial statements that can be relied on.
-