6.6. Appendix 6A Action Plan: Testing and Evaluating Entity-Level Controls
This action plan is intended to help you implement the suggestions contained in this chapter for testing and evaluating entity-level controls.
6.6.1. Design Tests
Plan the nature, timing, and extent of tests necessary to draw a conclusion about the operating effectiveness of internal control as of year-end. For example:
Consider and describe the framework that will be used to measure effectiveness (e.g., the Internal Control Reliability Model or a similar framework used by the independent auditors).
Determine whether you will test entity-level controls directly or indirectly through the testing of activity-level controls.
Determine the combination of testing techniques that will be used to assess the operating effectiveness of each significant entity-level control. Consider:
Employee surveys
Inquiries
IT general controls review
Document review
Direct observation
6.6.2. Perform and Document Tests
Perform the planned tests. Update as necessary to support a conclusion about operating effectiveness as of year-end. Document the procedures performed and test results.
6.6.3. Assess Test Results
Evaluate the effectiveness of entity-level controls based on the results of your test work. For example:
Determine whether entity-level controls create an overall environment that enables the effective operation of activity-level controls.
Identify weaknesses in entity-level controls.
Respond to identified weaknesses in one or ...
Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
