Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Action Plan for Ethical Business

VIEWS: 18 PAGES: 3

Action Plan for Ethical Business document sample

More Info
  • pg 1
									ENTITY-LEVEL CONTROLS- Control Environment

What is the Control Environment?
The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. The control
environment sets the tone of an organization by influencing the control consciousness of its people. It is the foundation for all other components of
internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, and competence of the entity's
people; management's philosophy and operating style; the way management assigns authority and responsibility; the way management organizes and
develops its people; and the attention and direction provided by the audit committee and board of directors.

What is the objective of the Control Environment?
The objective of the control environment is to establish and promote a collective attitude toward achieving effective internal control over the entity's
business.


                                                                                                                                                                                                                                                                      Type of
                                                                                                                                                                                                                                                                    Deficiency
                                                                                                                                                            Controls                      Controls            Describe the basis for                             (Efficiency, Fin.
                                                                                  Does this        Describe specific activities, programs or controls in    properly                      operating         effectiveness conclusion                                Reporting,       Management Action Plan to
 #    COSO Attribute              Point of Focus/ Control Objective             control exist?               place that satisfy the objective              designed?   Test Procedures   effectively?   (including evidence of operation)   Deficiencies Noted     Compliance)         Address Deficiencies
                          A code of conduct and other policies exist
                          regarding acceptable business practices,
    Integrity & Ethical   conflicts of interest, or expected standards of
  1 Values                ethical and moral behavior.
                          Employees clearly understand what behavior is
                          acceptable and unacceptable under the
    Integrity & Ethical   company's code of conduct and know what to
  2 Values                do when they encounter improper behavior.
                          There is an established "tone at the top"
                          including explicit guidance about what is right
                          and wrong. This tone is communicated and
                          practiced by executives and management
                          throughout the organization. Employees are
    Integrity & Ethical   aware of what to do when they encounter
  3 Values                improper behavior.
                          Management follows ethical guidelines in
                          dealing with employees, suppliers, customers,
    Integrity & Ethical   investors, creditors, insurers, competitors,
  4 Values                regulators and auditors.
                          The importance of high ethics and controls is
    Integrity & Ethical   discussed with newly hired employees through
  5 Values                orientations or interviews.
                          Management removes or reduces incentives or
    Integrity & Ethical   temptations that might cause personnel to
  6 Values                engage in dishonest or unethical acts.
                          Management takes appropriate disciplinary
                          action in response to departures from approved
    Integrity & Ethical   policies and procedures or violations of the code
  7 Values                of conduct.
                          Situations involving pressure to meet unrealistic
    Integrity & Ethical   targets do not exist or are properly controlled -
  8 Values                particularly for short-term results.
                          Individual compensation awards are in line with
                          the ethical values of the company, and foster an
                          appropriate ethical tone (e.g., bonuses are not
                          given to those that meet objectives, but in the
    Integrity & Ethical   process circumvent established policies,
  9 Values                procedures or controls).
    Commitment to         Company personnel have the competence and
 10 Competence            training necessary for their assigned duties.
                          Personnel are cross-trained to understand other
    Commitment to         functions and the impact of their specific duties
 11 Competence            on other areas of the company.
                          Management possesses broad functional
                          experience (i.e., management comes from
    Commitment to         several functional areas rather than just a few,
 12 Competence            such as production and sales).
                                                                                                                                                                                                                                                                Type of
                                                                                                                                                                                                                                                              Deficiency
                                                                                                                                                      Controls                      Controls            Describe the basis for                             (Efficiency, Fin.
                                                                              Does this      Describe specific activities, programs or controls in    properly                      operating         effectiveness conclusion                                Reporting,       Management Action Plan to
#   COSO Attribute            Point of Focus/ Control Objective             control exist?             place that satisfy the objective              designed?   Test Procedures   effectively?   (including evidence of operation)   Deficiencies Noted     Compliance)         Address Deficiencies
   Commitment to     Management provides personnel with access to
13 Competence        training programs on relevant topics.
                     Formal job descriptions or other means of
   Commitment to     defining tasks that comprise particular jobs exist
14 Competence        and are effectively used.
                     Adequate staffing levels are maintained to
                     effectively perform required tasks. Employees
                     have the requisite skill levels relative to the size
   Commitment to     of the entity and nature and complexity of
15 Competence        activities and systems.
   Management's
   Philosophy &      Management analyzes the risks and potential
16 Operating Style   benefits of ventures.
   Management's      Turnover in management or supervisory
   Philosophy &      personnel is monitored and the reasons for
17 Operating Style   significant turnover is evaluated.
   Management's      Senior management maintains contact with and
   Philosophy &      consistently emphasizes appropriate behavior to
18 Operating Style   operating personnel.
                     Management exemplifies attitudes and actions
                     reflecting a sound control environment and
                     commitment to ethical values including financial
   Management's      reporting as it relates to appropriate resolution
   Philosophy &      of disputes over application of accounting
19 Operating Style   treatments.
   Management's      Management adopts accounting policies that
   Philosophy &      best reflect the economic realities of the
20 Operating Style   business.
                     Executives clearly understand their
                     responsibility and authority for business
   Organizational    activities and how they relate to the entity as a
21 Structure         whole.
                     The entity establishes appropriate lines of
   Organizational    reporting, giving consideration to its size and the
22 Structure         nature of its activities.
                     The structure of the entity facilitates the flow of
                     information to appropriate people in a timely
                     manner, including reliable and timely disclosure
                     of material information, monitoring the
                     performance of the disclosure infrastructure and
   Organizational    effective flows of material information to the
23 Structure         group responsible.
                     Incompatible duties are segregated (e.g.,
   Organizational    separation of accounting for and access to
24 Structure         assets).

                     There is an appropriate assignment of
                     responsibility and delegation of authority to deal
   Organizational    with organizational goals and objectives,
25 Structure         operating functions and regulatory requirements.
   Assignment of     Employees throughout the entity are assigned
   Authority &       authority and responsibility related to their
26 Responsibility    specific job functions.
   Assignment of
   Authority &       Job descriptions contain specific references to
27 Responsibility    control-related responsibilities.
   Assignment of
   Authority &       Employees are empowered, when appropriate,
28 Responsibility    to correct problems or implement improvements.
   Assignment of     There is a structure for assigning ownership of
   Authority &       information including who is authorized to
29 Responsibility    initiate or change transactions.
                                                                                                                                                                                                                                                               Type of
                                                                                                                                                                                                                                                             Deficiency
                                                                                                                                                     Controls                      Controls            Describe the basis for                             (Efficiency, Fin.
                                                                             Does this      Describe specific activities, programs or controls in    properly                      operating         effectiveness conclusion                                Reporting,       Management Action Plan to
#   COSO Attribute            Point of Focus/ Control Objective            control exist?             place that satisfy the objective              designed?   Test Procedures   effectively?   (including evidence of operation)   Deficiencies Noted     Compliance)         Address Deficiencies
   Assignment of
   Authority &     There are policies and procedures for
30 Responsibility  authorization and approval of transactions.
                   The board of directors and/or audit committee
                   gives adequate consideration to understanding
                   how management identifies, monitors and
   Assignment of   controls business risks affecting the
   Authority &     organization (i.e., strategic, operational, financial
31 Responsibility  and disclosure risk).
                   Management establishes and enforces
                   standards for hiring the most qualified
                   individuals, with emphasis on educational
   Human Resources background, prior work experience, past
   Policies &      accomplishments, and evidence of integrity and
32 Procedures      ethical behavior.
                   Screening procedures, including background
   Human Resources checks, are employed for job applicants,
   Policies &      particularly for employees with access to assets
33 Procedures      susceptible to misappropriation.
                   Recruiting practices include formal, in-depth
   Human Resources employment interviews and informative,
   Policies &      insightful presentations on the entity's history,
34 Procedures      culture, and operating style.

   Human Resources Training policies communicate prospective roles
   Policies &      and responsibilities and illustrate expected
35 Procedures      levels of performance and behavior.

   Human Resources
   Policies &      Job performance is periodically evaluated and
36 Procedures      reviewed with each employee.

   Human Resources Disciplinary actions send a message that
   Policies &      violations of expected behavior will not be
37 Procedures      tolerated.

   Human Resources An ongoing education process enables people
   Policies &      to deal effectively with evolving business
38 Procedures      environments.

								
To top