Page 241 - COSO Guidance Book
P. 241
– Verifications — Verifications compare two or more items with each other or compare an item with
a policy and take follow-up action when the two items do not match or the item is not consistent
with policy.
For example, an entity’s IT accounts payables system has a control that any disbursement
greater than $5,000 requires additional approval by the owner-manager before a check can be
processed. Any disbursement that exceeds $5,000 is placed in a suspense file. The owner-
manager accesses the suspense file on a daily basis, reviews supporting documentation for the
disbursement, and then accesses the disbursement system using a password to either authorize
or deny the disbursement.
The previous example shows automated and preventive controls (the system automatically
places any disbursement greater than $5,000 in a suspense file) and detective and manual
controls (the owner-manager reviews all items in the suspense file and then authorizes or denies
the disbursement).
– Physical controls — Equipment, inventories, cash, and other sensitive assets are physically
safeguarded (i.e., kept in locked or guarded storage areas with physical access restricted to
authorized personnel) and periodically counted and compared with the information contained on
the books.
An entity that is a one-location jewelry store, for example, places all high-value jewelry in a locked
safe located in the back of the store. The safe cannot be seen by customers or others in the sales
area of the store. The safe has a time lock, which allows it to be unlocked only during normal
business hours. Jewelry in the sales area of the store is placed in locked glass display cabinets.
Policy requires that only one item of jewelry be displayed at a time to a potential customer. Only
those employees who have annual background and credit checks have keys to the locked glass
display cabinets. The owner-manager and the owner-manager’s close relatives are the only
individuals who have knowledge of the combination of the time lock safe. A security guard is
present during business hours and surveillance cameras are displayed prominently. Signs are
placed at strategic locations within and outside of the store indicating that the store is under
surveillance.
All jewelry is inventoried at the beginning and end of each day. The high-value inventory that is
always stored in the safe is counted by either the owner-manager or the owner-manager’s close
2
relatives. The owner-manager or the owner-manager’s close relatives distribute the inventory to
be placed in the glass display cabinets to the sales clerks at the start of each day. The inventory
in the display cabinets is inventoried by the sales clerks. The sales clerks return all display-cabinet
jewelry to the owner-manager or owner-manager’s close relatives at the end of the day. This
display jewelry is then placed in the safe.
2
Additional controls over high-value jewelry should be implemented should a customer desire to view an item that
is normally kept in the safe. For example, any high-value jewelry item can be viewed by customers only in a separate
room that has additional physical access controls (such as separate locks); the viewing also requires the presence
of an armed guard.
© 2020 Association of International Certified Professional Accountants. All rights reserved. 5-7
