15–9. Create a Control Standards Manual
Auditors are trained to have a good idea of which control standards should be attached to a business process. However, the managers who supervise those processes typically have no idea of which controls are involved. This can result in inadvertent changes to processes by managers who are simply trying to devise more efficient systems, which in turn results in adverse findings by auditors when they conduct reviews.
A reasonable solution is to create a control standards manual for use by process managers. The manual should note the internal control objectives to be met for each business process, as well as the specific procedures used to meet those objectives. The manual can also note how different control points support each other, and what happens when specific controls are removed from the process. The manual can include flowcharts of the processes, noting each control point, as well as forms used in the process. Any reports arising from a process should be noted, describing what information managers should review that can bolster the control objectives. Clearly, this can be an exceedingly dry document (except to internal auditors!), so an audit staff person should walk managers through the manual to highlight its key points. Also, whenever an audit team arrives for any type of review, they should always bring with them the latest version of the control standards manual, making a point of highlighting key changes to it. Only by this constant ...
Get Accounting Best Practices, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
