ü SOX CONSULTING

Sox Section 302 Services 

Entity Level Controls Development 

Section 404: Implementation 

Section 404: Management Testing

Remediation Services

IT and Systems Services

Control Rationalization Services

Project Management Services

Section 407 Services

Executive Training Services 

 

 

 

 

 

 

 
Search:  
GTS - Financial Services
 

Entity Level Controls Development

 

As you may recall from our Sarbanes / Oxley Section 404 discussions, the Council of Sponsoring Organizations (COSO) of the Treadway Commission recommended eight distinct control areas that need to be present in order for an adequate  system of internal controls to exist in any organization.  While the last area of controls (Business process controls) is the most labor and time intensive, the first seven areas pertain to what is generally referred to as “Entity Level Controls”.  These seven entity level controls are:

  1. Internal Environment Controls

  2. Objective Setting Controls

  3. Event Identification Controls

  4. Risk  Response Controls

  5. Risk Assessment Controls

  6. Monitoring Controls

  7. Information & Communication Controls

The first four control areas represent the overall control environment, which generally functions at a higher level within the organization.  Understanding the company’s internal operating / financial  environment, setting clear objectives for the organization, establishing parameters  that trigger event identification and risk response scenarios all represent control areas where management   generally oversees the controls through high level evaluation. Associated controls in these   areas tend to be more analytic in nature and require professional level individuals to develop and monitor.  While most companies have a “mish-mash” assortment of controls which serve similar purposes, these are generally not all in place nor are  they monitored properly to accomplish the goal of giving management advance warnings on issues  or events which could materially affect the company.  Conversely, the last three of these   “entity level controls” (Risk assessment, monitoring and information  and communications) are direct lines of control which are essential to preventing or eliminating risk / harm to the company.  They must be evaluated on a more timely basis such as daily, weekly, monthly or quarterly versus the first four control areas modified or evaluated on a less frequent basis.

In general, the latter three areas are more sensitive to environmental change and  day-to-day risks than “overall control environment” controls.  Thus these controls    deal primarily with organizational and environmental risks versus business process  controls, which monitor the daily operations of the organization’s financial processes and systems.  While requiring less time to design, develop, implement and audit,    they are no less critical to an effective system of internal control than their counter-part.

GTS can assist you in: 1) Designing; 2) Developing; 3) Implementing; 4) Auditing and   5) Monitoring these “Entity Level Controls”.

 

Global Technology Solutions, LLC (Your One-Stop SOX Consultants)         

Copyright © 2006 Global Technology Solutions LLC. All rights reserved.