It is essential that systems are tested to provide management with assurance that effective internal controls are in place and working, and as a means of supporting the corporate governance process. In local government’s case, there is a further need to provide evidence for completion of the required annual Statement on Internal Control.
The fifth in the perennially popular series of Systems Based Auditing (SBA) Control Matrices features the following critical non-financial systems:
- Enterprise Risk Management
- Health & Safety
- Data Protection
- Freedom of Information
- Records Management
Once again, these new control matrices have been written by Exeter City Council’s expert team of practitioners using the ‘risk based’ SBA approach they devised. The starting point is identifying hazards and possible consequences (using a Hazard Identification Document) so that risks can be considered and properly evaluated.
The purpose of these new matrices is to enable internal auditors to embrace and deliver with confidence their remit to audit beyond the traditional finance systems. It is very important that the terms ‘finance systems based auditing’ and ‘systems based auditing’ are not confused. The former refers to the type of systems being audited (ie creditors, payroll, debtors and the like), whilst the latter refers to the audit methodology used (ie identifying possible hazards and expected mitigating controls/countermeasures, and testing that the controls/countermeasures are in place and effective).
The control matrices are non-sector specific (with the exception of freedom of information that only applies to the public sector) and are therefore suitable for use in the private as well as the public sector. Particular mention should be made of the risk management matrix that has been written with reference to, and with the AICPA’s kind permission uses some of the main and sub-headings in, the COSO Enterprise Risk Management – Integrated Framework.
Systems Based Auditing Control Matrices: Series 5 are available as a combined pack, comprising loose-leaf sheets in a robust binder, plus CD-ROM. The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie HIDs, ICQs and CTPs.
Ultimately, these control matrices are unrivalled in the practical support they lend to the provision of assurance to management, internal audit and external audit alike that crucial systems of internal control are not just adequate, but effective too.
Download contents:
£595.00 (excl. VAT) per copy
The H&S control matrix is now available to purchase as a stand alone product. Please click here for further details. |
|
