6.3. EVALUATING THE EFFECTIVENESS OF ENTITY-LEVEL CONTROLS
6.3.1. Making the Assessment
Your evaluation of the effectiveness of entity-level controls is a process that allows you to:
Determine whether entity-level controls alone provide reasonable assurance that material misstatements will be prevented or detected and corrected on a timely basis.
Determine whether entity-level controls create an overall environment that enables the effective operation of activity-level controls.
Identify weaknesses in entity-level controls that affect the design of activity-level tests.
Your tests of entity-level controls are directed at specific control objectives, but your evaluation should consider the controls taken as a whole rather than individual control objectives. For example, weaknesses in one control area may be compensated for by the design and operation of strong controls in other areas.
Evaluating the effectiveness of entity-level controls usually requires a great deal of judgment, due to the subjective nature of the subject matter. To help you make these judgments, it can be useful to consider a range of reliability based on a mix of qualities. A description of one such reliability model follows.
6.3.2. Five Levels of Reliability
Over time, as businesses expand and change, their internal control evolves. What starts out as a relatively informal process can mature and become better defined and reliable. Exhibit 6.5 summarizes this development process. It identifies five distinct ...
Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
