ENTITY-LEVEL CONTROLS- Control Environment What is the Control Environment? The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. The control environment sets the tone of an organization by influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility; the way management organizes and develops its people; and the attention and direction provided by the audit committee and board of directors. What is the objective of the Control Environment? The objective of the control environment is to establish and promote a collective attitude toward achieving effective internal control over the entity's business. Type of Deficiency Controls Controls Describe the basis for (Efficiency, Fin. Does this Describe specific activities, programs or controls in properly operating effectiveness conclusion Reporting, Management Action Plan to # COSO Attribute Point of Focus/ Control Objective control exist? place that satisfy the objective designed? Test Procedures effectively? (including evidence of operation) Deficiencies Noted Compliance) Address Deficiencies A code of conduct and other policies exist regarding acceptable business practices, Integrity & Ethical conflicts of interest, or expected standards of 1 Values ethical and moral behavior. Employees clearly understand what behavior is acceptable and unacceptable under the Integrity & Ethical company's code of conduct and know what to 2 Values do when they encounter improper behavior. There is an established "tone at the top" including explicit guidance about what is right and wrong. This tone is communicated and practiced by executives and management throughout the organization. Employees are Integrity & Ethical aware of what to do when they encounter 3 Values improper behavior. Management follows ethical guidelines in dealing with employees, suppliers, customers, Integrity & Ethical investors, creditors, insurers, competitors, 4 Values regulators and auditors. The importance of high ethics and controls is Integrity & Ethical discussed with newly hired employees through 5 Values orientations or interviews. Management removes or reduces incentives or Integrity & Ethical temptations that might cause personnel to 6 Values engage in dishonest or unethical acts. Management takes appropriate disciplinary action in response to departures from approved Integrity & Ethical policies and procedures or violations of the code 7 Values of conduct. Situations involving pressure to meet unrealistic Integrity & Ethical targets do not exist or are properly controlled - 8 Values particularly for short-term results. Individual compensation awards are in line with the ethical values of the company, and foster an appropriate ethical tone (e.g., bonuses are not given to those that meet objectives, but in the Integrity & Ethical process circumvent established policies, 9 Values procedures or controls). Commitment to Company personnel have the competence and 10 Competence training necessary for their assigned duties. Personnel are cross-trained to understand other Commitment to functions and the impact of their specific duties 11 Competence on other areas of the company. Management possesses broad functional experience (i.e., management comes from Commitment to several functional areas rather than just a few, 12 Competence such as production and sales). Type of Deficiency Controls Controls Describe the basis for (Efficiency, Fin. Does this Describe specific activities, programs or controls in properly operating effectiveness conclusion Reporting, Management Action Plan to # COSO Attribute Point of Focus/ Control Objective control exist? place that satisfy the objective designed? Test Procedures effectively? (including evidence of operation) Deficiencies Noted Compliance) Address Deficiencies Commitment to Management provides personnel with access to 13 Competence training programs on relevant topics. Formal job descriptions or other means of Commitment to defining tasks that comprise particular jobs exist 14 Competence and are effectively used. Adequate staffing levels are maintained to effectively perform required tasks. Employees have the requisite skill levels relative to the size Commitment to of the entity and nature and complexity of 15 Competence activities and systems. Management's Philosophy & Management analyzes the risks and potential 16 Operating Style benefits of ventures. Management's Turnover in management or supervisory Philosophy & personnel is monitored and the reasons for 17 Operating Style significant turnover is evaluated. Management's Senior management maintains contact with and Philosophy & consistently emphasizes appropriate behavior to 18 Operating Style operating personnel. Management exemplifies attitudes and actions reflecting a sound control environment and commitment to ethical values including financial Management's reporting as it relates to appropriate resolution Philosophy & of disputes over application of accounting 19 Operating Style treatments. Management's Management adopts accounting policies that Philosophy & best reflect the economic realities of the 20 Operating Style business. Executives clearly understand their responsibility and authority for business Organizational activities and how they relate to the entity as a 21 Structure whole. The entity establishes appropriate lines of Organizational reporting, giving consideration to its size and the 22 Structure nature of its activities. The structure of the entity facilitates the flow of information to appropriate people in a timely manner, including reliable and timely disclosure of material information, monitoring the performance of the disclosure infrastructure and Organizational effective flows of material information to the 23 Structure group responsible. Incompatible duties are segregated (e.g., Organizational separation of accounting for and access to 24 Structure assets). There is an appropriate assignment of responsibility and delegation of authority to deal Organizational with organizational goals and objectives, 25 Structure operating functions and regulatory requirements. Assignment of Employees throughout the entity are assigned Authority & authority and responsibility related to their 26 Responsibility specific job functions. Assignment of Authority & Job descriptions contain specific references to 27 Responsibility control-related responsibilities. Assignment of Authority & Employees are empowered, when appropriate, 28 Responsibility to correct problems or implement improvements. Assignment of There is a structure for assigning ownership of Authority & information including who is authorized to 29 Responsibility initiate or change transactions. Type of Deficiency Controls Controls Describe the basis for (Efficiency, Fin. Does this Describe specific activities, programs or controls in properly operating effectiveness conclusion Reporting, Management Action Plan to # COSO Attribute Point of Focus/ Control Objective control exist? place that satisfy the objective designed? Test Procedures effectively? (including evidence of operation) Deficiencies Noted Compliance) Address Deficiencies Assignment of Authority & There are policies and procedures for 30 Responsibility authorization and approval of transactions. The board of directors and/or audit committee gives adequate consideration to understanding how management identifies, monitors and Assignment of controls business risks affecting the Authority & organization (i.e., strategic, operational, financial 31 Responsibility and disclosure risk). Management establishes and enforces standards for hiring the most qualified individuals, with emphasis on educational Human Resources background, prior work experience, past Policies & accomplishments, and evidence of integrity and 32 Procedures ethical behavior. Screening procedures, including background Human Resources checks, are employed for job applicants, Policies & particularly for employees with access to assets 33 Procedures susceptible to misappropriation. Recruiting practices include formal, in-depth Human Resources employment interviews and informative, Policies & insightful presentations on the entity's history, 34 Procedures culture, and operating style. Human Resources Training policies communicate prospective roles Policies & and responsibilities and illustrate expected 35 Procedures levels of performance and behavior. Human Resources Policies & Job performance is periodically evaluated and 36 Procedures reviewed with each employee. Human Resources Disciplinary actions send a message that Policies & violations of expected behavior will not be 37 Procedures tolerated. Human Resources An ongoing education process enables people Policies & to deal effectively with evolving business 38 Procedures environments.
Pages to are hidden for
"Action Plan for Ethical Business"Please download to view full document