 |
- All accounting units and business processes that can materially impact financial reporting to be identified
- All “what can go wrongs” (ie: risks of error or fraud) relating to the identified accounting units and business processes to be comprehensively documented
- All controls for the remediation of the identified risks to be determined. These controls in turn to be classified into Manual, IT enabled or IT configured
- Owners for each control to be identified
- All critical or key controls which can materially impact financial reporting to be identified from the controls documented above.
- All changes in key controls arising from changes within processes or from control initiatives to be tracked and reported to the auditors and audit committee on a real- time basis.
- A self-assessment process to be put in place for updating the controls and reporting on their effectiveness
- A testing strategy to be put in place which involves an independent function like internal audit to reassure the management on the operating effectiveness of the key controls
- Reporting framework would have to be put in place to highlight to the Audit Committee any gaps in key controls and the remediation plans for these.