Transcript Chapter 5

Chapter 5
Flowcharting
•
•
•
•
Systems flowcharts
Program flowcharts
Document flowcharts
Hardware flowcharts
•
•
•
•
•
Title
Top to Bottom
Left to Right
Columns indicate areas of responsibility
Documents need origin and termination
White space
Symbols for a manual process
Document
Collection
Of
Documents
Manual
Operation
Decision
Data
Trigger/Interruption/Termination
Document, Data or Process Flow
On-Page
Connector
Information Flow
File
BUS 429
Off-Page
Connector
4
Risk Control Matrix
• Page 84
Risk Control Matrix
Control
Objective
WCGW
Risk
Level EO
"Critical" Effective
Key
Design
COSO
Tests
VA RO PD Pre Det Man Auto yes no yes no Env RA CA I&C Mon
Assertion
C
Type
Freq
By
Risk Control Matrix
Assertions
Control
Objective
WCGW
Risk
Level EO
Assertion
C
VA RO
Type
PD
Existence or
Occurrence
Completeness
Valuation &
Allocation’
Control Objectives and
“What Could Go Wrong?”
Look to the Assertions
Risk Level
( Hi, Med or Lo )
Rights &
Obligations
Presentation &
Disclosure
Are there controls in place?
"Critical" Effective
Type
Key
Design
Pre Det Man Auto yes no yes no
Do the controls
COSO
Prevent or Detect
Are the controls
manual or automated
Is it a KEY control
critically important
Evaluate the Design of the Control
If the control is properly implemented
Would it achieve the objective?
Would it “prevent” or “detect” the WCGW?
maybe it is redundant
COSO Internal Control Framework
chapter 4
"Critical" Effective
Type
Key
Design
COSO
Pre Det Man Auto yes no yes no Env RA CA I&C Mon
Control environment
Risk assessment
Control activities
Information &
communication
Monitoring
Has the Control been Implemented
"Critical" Effective
Type
Key
Design
COSO
Tests
D M A yes no yes no E R C I M
150
Freq
By
yes no
month
TAD
If you believe a control is well designed …. you must
occasionally test to see if the control
•is actually being utilized,
•is operating as designed and
•is “in fact” effective
Operating