290 likes | 816 Views
Entity Level Controls - General. Tone from the top Risk appetite Organizational environment/atmosphere Usually soft in nature
E N D
Entity Level Controls - General • Tone from the top • Risk appetite • Organizational environment/atmosphere • Usually soft in nature • Soft control: influence how people think/act, but do not directly result in evidence of risk mitigation (e.g. ethical climate, active BOD/Audit Committee, employee handbook, etc.)
Entity Level Control - Defined • Per Institute of Internal Auditors Research Foundation: “Control activities that operate pervasively across and throughout the organization to mitigate risk threatening the organization as a whole and to provide assurance that organizational objectives are achieved.”
Entity Level Controls - Overview Mitigate risks that exist at company-wide level Both internally and externally Pervasive effect Impact how effective control activities at the process and transaction levels can operate Work in unison with process/transaction controls against risks that threaten the achievement of strategic and business objectives
Entity Level Controls – Specific examples Code of ethics Risk management policies/procedures Fraud prevention/detection program HR Hiring policies/procedures Management control deficiency process Variance analysis IT general controls
Entity Level Controls - example Weakness: Management not committed to attracting, training and developing competent employees Impact: Less reliance can be placed on control activities performed by employees requiring complex or highly judgmental tasks
SHR Corporation Case – Entity Level Controls Question: What are strengths of ELC over SHR’s ethics program? Where there any ELC weaknesses in SHR’s ethics program? If weakness, recommendation to strengthen? Overall conclusion?
ELC weaknesses: Recommendations: