3.5. APPENDIX 3B EXAMPLE CONTROL OBJECTIVES

Business ObjectiveExample Control Objectives
Corporate Culture Establish a culture and a tone at the top that fosters integrity, shared values, and teamwork in pursuit of the entity's objectives.

  • Articulate and communicate codes of conduct and other policies regarding acceptable business practice, conflicts of interest, and expected standards of ethical and moral behavior.

  • Reduce incentives and temptations that can motivate employees to act in a manner that is unethical, opposed to the entity's objectives, or both.

  • Reinforce written policies about ethical behavior through action and leadership by example.

Personnel Policies The entity's personnel have been provided with the information, resources, and support necessary to effectively carry out their responsibilities.

  • Identify, articulate, and communicate to entity personnel the information and skills needed to perform their jobs effectively.

  • Provide entity personnel with the resources needed to perform their jobs effectively.

  • Supervise and monitor individuals with internal control responsibilities.

  • Delegate authority and responsibility to appropriate individuals within the organization.

IT General Controls The entity's general IT policies enable the effective functioning of computer applications related to the financial reporting process.

  • Logical access control restricted to the following, which are used in the financial reporting process:

    • Systems

    • Data

    • Application, utility, and other programs

    • Spreadsheets ...

Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial