Consumer Commercial Control Matrix by y3O64hPa

VIEWS: 17 PAGES: 68

									Business Segment:            Consumer / Commercial

I. KEY PROCESS I N F O R M A T I O N                 II. R I S K I N F O R M A T I O N


Key process                  Sub process             Risks




A: Loan Origination          A1: Loan Approval       Rsk 1: Loans are not properly
                                                     approved.
Rsk 2: Loans do not comply with
policy.
A2: Loan Funding       Rsk 1: Loan fundings are not
                       properly processed and accounted
                       for.




A3: Computer Systems   Rsk 1: Access is not restricted to
                       appropriate personnel.
                       Rsk 2: Changes to system
                       configuration and/or critical files are
                       not made with supporting
                       documentation and/or approval.
                       System is updated by unauthorized
                       personnel.




A4: Computer Systems   Rsk 1: Access is not restricted to
                       appropriate personnel.
                                                           Rsk 2: Changes to system
                                                           configuration and/or critical files are
                                                           not made with supporting
                                                           documentation and/or approval.
                                                           System is updated by unauthorized
                                                           personnel.




                             A5: Dealer Approval           Rsk 1: Dealer and dealer
                                                           agreement are not approved by the
                                                           appropriate personnel.




B: Commercial Construction   B1: Commercial Construction   Rsk 1: Builders are not properly
Lending                      Lending                       approved.
              Rsk 2: Draws are not accurate and
              appropriate and advances are not
              properly monitored.




              Rsk 3: Not Used

              Rsk 4: Not Used

              Rsk 5: Not Used

              Rsk 6: Budget shortfall change
              requests and re-allocations are not
              approved.




C: Not Used
D: Loan Servicing   D1: Loan Booking   Rsk 1: Loans are not accurately
                                       recorded on the system in a timely
                                       manner and in the correct period.
D2: Origination Fee/Interest   Rsk 1: Origination income is not
Income                         accurately recorded in a timely
                               manner.




                               Rsk 2: Interest income is not
                               correctly calculated and/or
                               accounted for.




D3: Not Used


D4: Not Used




D5: Transaction Processing     Rsk 1: Transactions to loans are
                               not authorized and processed
                               accurately.
D6: Participations Sold   Rsk 1: Appropriate remittances are
                          not made to investors in an
                          accurate and timely manner as
                          required by participation agreement.




D7: the loan subsystem    Rsk 1: Not Used




                          Rsk2: Changes to critical fields on
                          the system are made without
                          supporting documentation. System
                          is updated by unauthorized
                          personnel.
D8: Reconciliation   Rsk 1: Reconcilement of general
                     ledgers, DDAs are not performed
                     by an independent employee in a
                     timely manner.
D9: Hazard / Flood Insurance   Rsk 1: Unpaid hazard insurance
                               and flood insurance are not
                               monitored.




                               Rsk 2: Flood Insurance is not
                               obtained when required prior to
                               booking loan.




D10: Not Used


D11: Not used.


D12: Not used.


D13: Collateral Release        Rsk 1: Collateral is released
                               without proper approval.
                               D14: Dealer Reserve/Remittance Rsk 1: Dealer reserve balances are
                               Balances                       not monitored for
                                                              delinquency/charge-off.




E: Loan Documentation Review   E1: Collateral Review           Rsk 1: Appropriate liens are not
                                                               placed on collateral and other
                                                               critical loan documentation is
                                                               monitored.




                               E2: Not Used


                               E3: Not used


                               E4: Computer Systems            Rsk 1: User access is not limited to
                                                               authorized employees. Computer
                                                               system access does not support
                                                               segregation of duties.
                       E5: Negotiable Collateral          Rsk 1: Adequate safeguards are
                                                          not in place to protect negotiable
                                                          collateral.




F: Letters of Credit   F1: Letters of Credit Processing   Rsk 1: Letters of credit are not
                                                          properly approved.




                                                          Rsk 2: Letters of credit are not
                                                          properly recorded on the system.
Rsk 3: Funding of letters of credit is
not performed only upon receipt of
proper documentation.
                        F2: Computer Systems-    Rsk 1: Access to computer
                        MicroBanking             systems is not granted to only users
                                                 with valid userids and passwords.




                                                 Rsk 2: User access is not limited to
                                                 authorized employees. Computer
                                                 system does not support
                                                 segregation of duties.




                        F3: Not used


G: End-User Computing   G1: End-user Computing   Rsk 1: Critical spreadsheets,
                        Controls                 databases, queries within the
                                                 organization have not been
                                                 identified and adequately protected
                                                 from alteration and/or deletion.
H: Written Policy and Procedures   H1: Written Policy and   Rsk 1: Approved policy does not
                                   Procedures               exist regarding loan
                                                            origination/underwriting.




                                                            Rsk 2: Written procedures do not
                                                            exist to document lending functions.
                                                   Sarbanes Oxley - Matrix of Internal Controls
                                                                                    2006



III. C O N T R O L   INFORMATION


Key Control Indicator   Control      Anti-Fraud   Control Owner
                        Importance   Control




           Yes            Medium         Yes




           Yes            Medium         Yes
Yes   Medium   Yes




No




Yes   Medium   Yes




No




Yes   Medium




No
Yes   Medium




Yes   Medium




Yes   Medium




Yes   Medium
Yes   Medium




Yes   Medium




Yes   Medium




Yes   Medium
Yes   Medium




Yes   Medium




Yes    High




No




No




No




No
Yes    High    Yes




Yes   Medium




No




Yes    Low
Yes   Medium   Yes




Yes   Medium   Yes




No




No     Low




No     Low
No




Yes   Low   Yes




No




No




No
Yes    Low     Yes




No




Yes    Low




Yes   Medium




Yes    High    Yes
Yes    High    Yes




No




Yes   Medium   Yes




Yes   Medium   Yes




Yes    Low
Yes   Medium




Yes   Medium




No




Yes    Low
Yes   Medium




No




Yes    High




Yes   Medium




Yes   Medium




No
Yes   Medium




No




Yes    Low     Yes




Yes    Low     Yes




Yes   Medium   Yes




No




Yes    High
No




Yes    High    Yes




Yes    High    Yes




Yes   Medium




No
No




Yes   Medium




Yes   Medium




Yes   Medium
Yes    Low




Yes    Low




Yes   Medium




Yes    Low




Yes    Low
Yes   Low




Yes   Low
arbanes Oxley - Matrix of Internal Controls Over Financial Reporting
                                2006




         Control Description                        Control Frequency       Control Automation
                                                    1. Annual               1. Automated
                                                    2. Quarterly            2. Manual
                                                    3. Monthly
                                                    4. Weekly
                                                    5. Daily
                                                    6. Multiple Times per
                                                    day


         Ctrl 1: Comm/Comm Const: On a                  Daily / Weekly             Manual
         daily basis, Credit Policy verifies that
         every commercial loan booked to
         the loan subsystemv has a properly
         approved LPR. Proper approval of
         LPR is verified based on established
         approval policy. Exceptions are
         reported to management weekly.


         Ctrl 2: Not used.

         Ctrl 3: Cons Dir: A monthly report                 Monthly                Manual
         of loans approved above the
         underwriters’ Board-approved
         approval limits is printed from the
         system and a documented review of
         a sample of the loan applications is
         performed by a Consumer Loan
         Administrator, who is independent of
         the underwriting process. The
         review is documented, kept on file,
         and monitored for completion at the
         end of the month by the SVP
         Consumer Loan Administration or
         designee.
Ctrl 4: Cons Indir: Lending limits for    Per Occurrence   Automated
underwriters are built into the
system. Loans requiring approval by
employee with higher limit are
routed to appropriate user and
approved through the system.


Ctrl 5: Cons Dir, Cons Indir: Loans       Per Occurrence   Automated
can only be approved by
underwriters who are independent
of the servicing function.


Ctrl 1: Comm/Comm Const: Terms Multiple Times per Day       Manual
per LPR are compared to terms per
note. Exceptions are reported to
management.


Ctrl 2: Credit Score exceptions to           Monthly        Manual
policy are reviewed on a sample
basis monthly by Consumer Loan
Administration to ensure the reason
for the override is documented in the
system.

Ctrl 3: Cons Dir and Indir: Override      Per Occurrence   Automated
capability within the system is limited
to underwriters and those with full
system access.


Ctrl 4: Not used.

Ctrl 5: Cons Dir, Cons Indir: A              Monthly        Manual
monthly reports of interest rates
approved at greater than a -2%
deviation from established rates and
debt to income approved at greater
than 50% are printed from the
system. A documented review of a
sample of the loan applications is
performed by a Consumer Loan
Administrator, who is independent of
the underwriting process.




Ctrl 6: Not used
Ctrl 7: Cons Dir: Loan Operations     Multiple Times per day   Manual
employee compares approved terms
(per the system) to note terms for
specific items such as interest rate,
amount, term. Items out of range
are not booked to the loan
subsystem and are returned to Loan
Officer/Underwriting.


Ctrl 8: Cons Indir: Indirect Lending Multiple Times per day    Manual
employee compares approved terms
(per the system) to note terms for
specific items such as interest rate,
amount, term. Items out of range
are not booked to system and are
returned to loan officer/underwriting.




Ctrl 1: Not used.



Ctrl 2: Comm/CommConst, Cons                 Weekly            Manual
Dir, Cons Indir: At least weekly, the
Loan Operations Reconciliation
Department reviews the loan funding
g/l account to verify that loans
funded were booked to the LDT.
Outstanding loan proceeds (loans
not booked) are reported as
exceptions to management on a
weekly basis.

Ctrl 1: Access to system is granted     Two Times Per Year     Manual
only with valid userids and
passwords. User IDs can be either
specific to the user or generic
allowing for multiple users. Generic
IDs are granted for inquiry access
only. An e-mail is sent semi-annually
requiring users to change their
passwords.


Ctrl 2: Not used
Ctrl 3: All requests for system         Per Occurrence    Manual
access to system must be approved
by Consumer Lending Management.
The SVP Consumer Loan
Administration or one of the two
Consumer Loan Administrators
perform all security administration.


Ctrl 4: On an annual basis,                Annual         Manual
Consumer Lending Management
reviews user access rights.


Ctrl 1: Not Used




Ctrl 2: On a monthly basis, the SVP        Monthly        Manual
Consumer Lending prints a channel
change log (which lists
additions/deletions of branches
and/or dealers with a channel to the
system), an ACH change log (which
lists changes to ACH data), and a
personnel change log (which lists
additions/deletions of user ids) from
the system. She reviews 100% of
the changes to verify that the
appropriate documentation supports
the change. Beginning with the July
2006 changes, the Sales Finance
Department, who is independent of
inputting changes into the system,
will perform the review of changes
and the SVP Consumer Lending will
verify that the review was
performed.
Ctrl 1: Access to system is granted     Per Occurrence   Automated
only with valid userids and
passwords. The system enforces
password composition rules which
require passwords to change on a
90 day basis.
Ctrl 2: All requests for system          Per Occurrence   Manual
access must be approved by Loan
Ops Management.

Ctrl 3: On a quarterly basis, Loan         Quarterly      Manual
Operations Application Support
reviews systemuser access rights.


Ctrl 1: System configuration             Per Occurrence   Manual
changes are QAd by a Loan Ops
Application Support employee
independent of inputting the change.




Ctrl 2: Major system configuration       Per Occurrence   Manual
changes are run in a test
environment prior to being put into
production.

Ctrl3: For critical field changes, the   Per Occurrence   Manual
requester must complete an LRW
and submit it to Loan Operations
Application Support to make the
change.


Ctrl 1: When a dealer relationship is    Per Occurrence   Manual
established, a Dealer Agreement is
completed and approved by the
Regional Sales Finance Manager.
Any modifications or additions to the
approved Dealer Agreement
(including dealer reserves) after
initial dealer setup requires the
approval of the Regional Sales
Finance Manager.



Ctrl 1: Builders are approved as part    Per Occurrence   Manual
of the commercial construction
underwriting process.
Ctrl 1: Calculations of all draws are        Daily        Manual
supported by Draw Spreadsheet and
Draw Review Sheet. The calculation
of the final draw is supported by the
certificate of substantial completion,
when applicable; otherwise, a final
inspection report by the inspector is
required. Inspections and final
inspections are performed by an
independent 3rd party inspector who
has been approved by the CCLA
Manager.




Ctrl 1: If the budget shortfall is       Per Occurrence   Manual
resolved by increasing the line of
credit to the borrower, the loan
officer must complete an LMR. The
LMR must be approved based on
TCE in accordance with lending
authorities established by the BOD.


Ctrl 2: Loan administrators can only     Per Occurrence   Manual
perform re-allocations up to a
certain dollar-value in accordance
with CRE Policy.


Ctrl 3: The CCLA Manager reviews            Monthly       Manual
a monthly construction report and
compares % of completion to % of
funding to verify that all budget
shortfall situations have been
addressed. Exceptions to the report
are resolved.
Ctrl 1: Processors QA their own         Multiple Times per Day      Manual
work and a secondary QA is
completed by a peer employee
independent of the initial input to the
loan subsystem.



Ctrl 2: Cons Indir: Quality               Multiple Times per Day    Manual
assurance review is performed by
employee independent of input to
the loan subsystem. Data Entry
personnel swap and QA each
other’s work daily. This QA review
is documented.

Ctrl 3: Not used.


Ctrl 4: Not used.


Ctrl 5: Comm, Cons Dir, Cons Indir:               Daily            Automated
Loan subsystem is interfaced with
general ledger nightly. Therefore,
entries to g/l are automatically made
by system when loan is booked.


Ctrl 6: LDT system automatically                  Daily            Automated
prevents backdating and/or
postdating the effective date for
more than 15 days prior to or after
current date. Information from LDT
is utilized to book to the loan
subsystem.

Ctrl 7: The loan subsystem has an                 Daily            Automated
automated edit which will not allow
the effective date to be dated prior to
the note date.


Ctrl 8: To be implemented.
Ctrl 1: Comm, Cons Dir, Cons Indir: Multiple Times Per Day   Automated
Origination fees are booked to the
loan. Loan subsystem is interfaced
with general ledger. Therefore,
entries to g/l to record income are
automatically made by the system.




Ctrl 1: Interest income is                  Daily            Automated
automatically calculated by the loan
subsystem based on preset
parameters defined during loan
setup. The general ledger entries to
record interest income are
automatically generated by the loan
subsystem based on interfaces set
at the product level.




Ctrl 1: Comm: Customers receive            Monthly            Manual
bills that detail transaction activity.
Bills are generated by Technology
Center staff who do not have access
to the loan subsystem.


Ctrl 2: Cons Dir: Customers                Monthly            Manual
receive monthly statements for
home equity credit lines that detail
transactions to the account.
Statements are generated by
Technology Center staff who do not
have access to the loan subsystem.



Ctrl 3: Cons Dir, Cons Indir:              Monthly            Manual
Monitoring of delinquent loans is
performed by an independent
department.
Ctrl 4: Funds from transactions             Daily        Manual
rejected by the system are posted to
a clearing account. Items posted to
this account are reconciled and
researched by a Loan Ops
Reconciliations employee
independent of new account input.


Ctrl 1: Booking of participation to       Quarterly      Manual
the system is independent of
authorizing the sale, receipt of loan
sale proceeds, remittance to
investors and reconciliation of
general ledger.

Ctrl 2: the loan subsystem creates      Per Occurrence   Manual
automated entries to the g/l clearing
account and g/l remittance account
when the loan is booked and
payments are posted to the host
loan.




Ctrl 1: Not used.




Ctrl 2: For critical changes to loan    Per Occurrence   Manual
information, quality assurance
function is performed to verify the
accuracy of the change made to the
system. Quality assurance function
is performed by persons
independent of making changes to
the system.

Ctrl 3: Amendments to the original      Per Occurrence   Manual
customer note that change critical
data such as maturity date, interest
rate, terms, payment amounts, and
due date, require a properly
approved Loan Modification Request
Form (LMR) .
Ctrl 1: Reconciliation of loan                Daily         Manual
proceeds clearing account is
performed to identify differences
between amount of loan proceeds
and amount booked to the system
as well as unbooked
loans/advances.

Ctrl 2: Reconcilement of principal            Daily        Automated
and interest receivable is automated
on the loan subsystem. Reports are
reviewed daily that identify
differences between system and
general ledger.


Ctrl 3: Automated reconcilement of           Monthly        Manual
principal and interest is verified on a
monthly basis by obtaining
independent totals of system and
general ledger information.
Differences on report are
researched. Reconcilement is
reviewed by management.

Ctrl 4: Reconciliations of other          Per Occurrence    Manual
general ledger and DDAs are
performed by independent
personnel and reviewed by a
supervisor.
Ctrl 5: The general ledger accounts          Monthly        Manual
related to the dealer reserve are
reconciled by Consumer Loan
Administrator, who is independent of
underwriting and maintaining dealer
relationships.
Ctrl 1: Comm/Cons: AFR Services         Per Occurrence   Manual
monitors customer flood and hazard
insurance, providing updates as
coverage changes. Whether
notified by AFR exception reports or
the borrower’s insurance company,
when is made aware of the
upcoming hazard/flood insurance
expiration/cancellation, the bank
sends to the customer a letter
requesting new insurance
information. If insurance information
is not received in the specified time
period, force placed insurance is
obtained.



Ctrl 1: Consumer direct loans and           Daily        Manual
commercial loans are booked with
evidence of Flood and/or Hazard
Insurance when required.




Ctrl 1: For home equity lines, a           Monthly       Manual
report is generated on a monthly
frequency to list all payments made
to equity lines. Research is
performed to identify payoffs and
close paid off lines. Collateral
release is performed for appropriate
loans.


Ctrl 2: For collateral releases not     Per Occurrence   Manual
associated with a loan appearing on
the paid out loan the loan subsystem
report, the release must be
approved by a Credit Policy Officer.
Ctrl 3: For all collateral releases, the Multiple Times Per Day    Manual
the loan subsystem status is
reviewed prior to actual release to
determine that loan balance is zero
and loan status is correct (if
applicable) and to verify that
collateral being released is accurate.


Ctrl 1: Deficit reserve/remittance            Monthly              Manual
balances are monitored for
delinquency at least monthly by the
Sales Finance Department


Ctrl 1: Comm, Cons Dir, Cons Indir:            Weekly              Manual
New loans are reviewed by
independent personnel to determine
if all critical documentation to perfect
lien has been obtained. Exceptions
are reported to management.




Ctrl 1: Write access to system is          Per Occurrence         Automated
granted only with valid userids and
passwords.



Ctrl 2: The system enforces                Per Occurrence         Automated
password composition rules which
require at least 4 characters and
passwords to change on an annual
basis. After 3 unsuccessful log-on
attempts, the system automatically
locks out the user.


Ctrl 3: All requests for write access      Per Occurrence          Manual
must be approved by Loan Ops
Application Support.
Ctrl 4: At least annually, the SVP         Annual        Manual
Loan Operations reviews user
access rights.




Ctrl 1: Negotiable collateral is        Per Occurrence   Manual
received by Loan Operations
separate from the loan package and
signed stock powers.


Ctrl 2: Negotiable collateral is        Per Occurrence   Manual
maintained in a dual control, fire-
proof cabinet.


Ctrl 3: All entrances to the            Per Occurrence   Manual
negotiable collateral dual control
cabinet are logged and require two
signatures.


Ctrl 4: An inventory of collateral is      Annual        Manual
performed on a semi-annual basis to
compare the actual collateral to the
records of collateral (gold cards).


Ctrl 5: All negotiable collateral is    Per Occurrence   Manual
delivered to customer (or customer
agent) via FedEx certified/return
receipt.


Ctrl 1: International Department        Per Occurrence   Manual
verifies that approved LPR is
submitted prior to booking letter of
credit to system. Additionally, LPR
approval is verified by Loan
Operations in the same manner as
any other commercial loan.


Ctrl 1: Not used.


Ctrl 2: Not used.

Ctrl 3: Not used.
Ctrl 4: For expired letters of credit       Monthly       Manual
that are closed prior to the expiry
date, a manual request is sent to the
Maintenance Log for updating. The
commercial loan system
automatically changes the status to
closed on its expiry/maturity date. If
the L/C is renewing or being
modified (for example, an increase
in amount), International must key
an LDT to reflect the change. The
International Department receives
confirmation when the request has
been completed.



Ctrl 5: Letters of credit per              Quarterly      Manual
subsidiary records are reconciled to
the loan subsystem on a quarterly
basis by Loan Operations /
International Operations.
Reconciliations are reviewed by
International Operations
Management.


Ctrl 6: Letters of credit per            Per Occurrence   Manual
subsidiary records are reconciled to
general ledger. Additionally,
reconciliations of other general
ledger accounts, such as suspense
accounts, are reconciled.
Reconciliations are reviewed by a
supervisor.


Ctrl 1: Standby: Notifications of non-      Monthly       Manual
compliance are reviewed by
International personnel for
compliance with L/C.



Ctrl 2: Import: Documentation               Monthly       Manual
review is performed by International
personnel prior to disbursement to
ensure compliance with agreement.
Ctrl 1: Access to MicroBanking             Quarterly      Automated
system is granted only with valid
userids and passwords. The
MicroBanking system enforces
password composition rules which
require at least 5 characters.

Ctrl 1: Not used




Ctrl 2: Critical field changes made to      Weekly         Manual
L/C data must be QAd by a person
independent of inputting changes
prior to the change being released
into the system



Ctrl 3: Control to be implemented




Ctrl 1: Two sets of consumer                Monthly       Automated
delinquency queries are run
independently of each other.
Access to change the query
parameters is restricted to the user.
The results are balanced to one
another and discrepancies are
resolved.

Ctrl 2: The Consumer Delinquency         Per Occurrence   Automated
Report is on a network drive
restricted to Consumer Loan
Adminisatration and the spreadsheet
is password protected (only 2
Consumer Loan Administrators have
the password). Naming conventions
are used to ensure that only current
versions of the report are used.
Ctrl 3: The "copied" standby L/C           Monthly       Automated
Subsidiary records are on a secure
network drive restricted to
International Operations. The
master records are located on a
secure network drive that is
restricted to the International
Operations Manager only. Monthly,
she updates the master files on her
personal network drive and pushes
the "copies" out to the International
Ops shared drive.


Ctrl 4: "Funded Loans not on LDT"       Per Occurrence   Automated
report is on a secure network drive
that is restricted to Loan Ops
Application Support and the
spreadsheet is password protected.




Ctrl 5: The funding account             Per Occurrence   Automated
reconciliation is on a secure network
drive that is restricted to Loan Ops
Application Support and the
spreadsheet is password protected.




Ctrl 6: Loan Ops G/L reconciliations    Per Occurrence   Automated
(see Inventory for list) are on a
secure network drive that is
restricted to Loan Ops Application
Support and the spreadsheets are
password protected.



Ctrl 7: The Weekly Exception Trend      Per Occurrence   Automated
Report is on a secure network drive
that is restricted to Credit
Administration.
Ctrl 1: Comm, Cons Dir, Cons Indir:   Annual   Manual
Origination/underwriting policies
exist and clearly document the
Banks’ objectives and decision
making process. Policies are
approved by the appropriate Boards
on an annual basis.


Ctrl 1: Written operational           Annual   Manual
procedures exist for lending
functions and are reviewed/updated
annually.
Reporting




        Control Classification   Financial Statement              Information            COSO
        1. Prevent               Assertion                        Processing             Component
        2. Detect                1. Completeness                  Objective              1. Control
                                 2. Existence                     1. Completeness        Environment
                                                                  2. Accuracy            2. Risk Assessment
                                 3. Valuation                                            3. Control Activities
                                                                  3. Validity
                                 4. Rights and Obligations        4. Restricted Access   4. Information &
                                 5. Presentation and Disclosure                          Communication
                                                                                         5. Monitoring



                 Detect              Existence, Rights and                               Control Activities
                                          Obligations




                 Detect              Existence, Rights and                                Information &
                                          Obligations                                    Communication
Prevent   Existence, Rights and   Restricted Access    Information &
               Obligations                            Communication




Prevent   Existence, Rights and   Restricted Access   Control Activities
               Obligations




Detect    Existence, Rights and                       Control Activities
               Obligations




Detect    Existence, Rights and                       Control Activities
               Obligations




Prevent   Existence, Rights and   Restricted Access       Control
               Obligations                              Environment




Detect         Valuation                                 Monitoring
Detect       Existence, Rights and                            Control Activities
                  Obligations




Detect       Existence, Rights and                            Control Activities
                  Obligations




Detect     Completeness, Existence,                              Monitoring
            Rights and Obligations




Prevent    Completeness, Existence,       Restricted Access       Control
              Valuation, Rights and                             Environment
          Obligations, Presentation and
                    Disclosure
Prevent    Completeness, Existence,                           Control Activities
              Valuation, Rights and
          Obligations, Presentation and
                    Disclosure




Detect     Completeness, Existence,                           Control Activities
              Valuation, Rights and
          Obligations, Presentation and
                    Disclosure




Detect             Valuation                                      Control
                                                                Environment




Prevent    Completeness, Existence,        Completeness,      Control Activities
          Valuation, Presentation and     Accuracy, Validity,
            Disclosure, Rights and        Restricted Access
                  Obligations
Prevent    Completeness, Existence,     Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations
Detect     Completeness, Existence,        Monitoring
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations

Prevent    Completeness, Existence,     Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations

Prevent    Completeness, Existence,         Control
          Valuation, Presentation and     Environment
            Disclosure, Rights and
                  Obligations



Prevent           Valuation             Control Activities




Prevent    Existence, Completeness      Control Activities
Prevent   Valuation, Presentation and   Control Activities
                  Disclosure




Prevent    Completeness, Existence      Control Activities




Prevent    Completeness, Existence      Control Activities




Prevent   Valuation, Presentation and   Control Activities
                  Disclosure
Prevent   Completeness, Existence,                           Control Activities
           Rights and Obligations




Prevent   Completeness, Existence,                           Control Activities
           Rights and Obligations




Prevent   Valuation, Presentation and                         Information &
                  Disclosure                                 Communication




Prevent     Rights and Obligations,     Validity, Accuracy   Control Activities
          Valuation, Presentation and
                  Disclosure




Prevent     Rights and Obligations,     Validity, Accuracy   Control Activities
          Valuation, Presentation and
                  Disclosure
Prevent     Rights and Obligations,     Completeness,   Control Activities
          Valuation, Presentation and     Accuracy
                  Disclosure




Prevent           Valuation             Completeness,    Information &
                                          Accuracy      Communication




Detect      Existence, Rights and                       Control Activities
                 Obligations




Detect      Existence, Rights and                       Control Activities
                 Obligations




Prevent     Existence, Rights and                       Control Activities
                 Obligations
Detect         Existence, Rights and         Control Activities
                    Obligations




Prevent        Existence, Rights and         Control Activities
                    Obligations




Detect      Completeness, Existence,         Control Activities
          Valuation, Valuation, Rights and
           Obligations, Presentation and
                     Disclosure




Detect         Existence, Rights and         Control Activities
                    Obligations




Prevent        Existence, Rights and         Control Activities
                    Obligations
Detect   Completeness, Valuation                   Control Activities




Detect   Completeness, Valuation   Completeness,   Control Activities
                                     Accuracy




Detect          Valuation                             Monitoring




Detect   Completeness, Valuation                   Control Activities




Detect   Completeness, Valuation                   Control Activities
Prevent        Valuation             Monitoring




Prevent        Existence          Control Activities




Detect    Existence, Rights and   Control Activities
               Obligations




Prevent   Existence, Rights and   Control Activities
               Obligations
Prevent      Existence, Rights and                            Control Activities
                  Obligations




Detect       Existence, Rights and                            Control Activities
                  Obligations




Prevent       Existence, Rights and                           Control Activities
          Obligations, Presentation and
                    Disclosure




Prevent            Valuation              Restricted Access       Control
                                                                Environment




Prevent            Valuation              Restricted Access       Control
                                                                Environment




Prevent    Completeness, Existence                            Control Activities
Detect    Completeness, Existence      Monitoring




Prevent          Existence              Control
                                      Environment




Prevent          Existence              Control
                                      Environment



Prevent          Existence          Control Activities




Detect           Existence          Control Activities




Prevent          Existence              Control
                                      Environment




Prevent    Existence, Rights and    Control Activities
                Obligations
Prevent    Existence, Rights and    Control Activities
                Obligations




Detect    Existence, Completeness   Control Activities




Detect    Existence, Completeness   Control Activities




Prevent    Existence, Rights and    Control Activities
                Obligations




Prevent    Existence, Rights and    Control Activities
                Obligations
Prevent           Valuation             Restricted Access       Control
                                                              Environment




Detect            Valuation                                     Control
                                                              Environment




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations
Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations




Prevent    Completeness, Existence,     Restricted Access   Control Activities
          Valuation, Presentation and
            Disclosure, Rights and
                  Obligations
Prevent    Completeness, Existence,        Information &
              Valuation, Rights and       Communication
          Obligations, Presentation and
                    Disclousre




Prevent    Completeness, Existence,        Information &
              Valuation, Rights and       Communication
          Obligations, Presentation and
                    Disclousre

								
To top