Page 255 - COSO Guidance Book
P. 255

books. On investigation, it was discovered that a recently hired employee assisted in the daily count
               and made an error in recording the amount on the daily count sheet. The owner-manager instructed
               supervisors to closely monitor the new employee until the employee could properly perform assigned
               tasks (corrective action).

              Point of focus — Performs using competent personnel
               Competent personnel with sufficient authority perform control activities with diligence and continuing
               focus.

               A well-designed control activity often cannot be performed without competent personnel with
               sufficient authority to perform it.

               An example of the need to have control activities performed by competent employees who exercise
               due diligence and maintain a continuing focus is illustrated by a “rubber-stamp” owner-manager.
               Often, the owner-manager will sign checks provided by the “trusted” bookkeeper without reviewing
               supporting documentation for the disbursement. If the bookkeeper is aware of this rubber-stamp
               approval process, then errors or irregularities could occur and most likely go undetected.
               This point of focus also notes that the individual who performs the control activity should have the
               authority to take corrective action. For example, a consumer might observe that an item that went on
               sale that day has a price that is lower than the price displayed on the sales register. The consumer
               notifies the clerk, who then contacts the store manager to override the system and allow the item to
               be sold at the correct lower price (corrective action). The store manager then contacts the
               appropriate IT or other personnel to review all items placed on sale to provide assurance that the
               correct sales price was entered into the database (corrective action).

              Point of focus — Reassess policies and procedures

               Management periodically reviews control activities to determine their continued relevance and
               refreshes them when necessary.

               Management should reassess policies, procedures, and related control activities periodically for
               continued appropriateness and effectiveness. For example, an entity might elect to change its travel
               policy to allow employees to have meal expenses reimbursed at a per diem amount rather than the
               actual meal cost. In this case, the employee policy manual should be updated to reflect the change.




            Knowledge check

            2.  Which point of focus is associated with the “deploys through policies and procedures” principle of the
               control activities component of internal control?
                   a.  Evaluates a mix of control types.
                   b.  Establishes relevant security management process control activities.
                   c.  Addresses segregation of duties.
                   d.  Performs in a timely manner.









            © 2020 Association of International Certified Professional Accountants. All rights reserved.    5-21
   250   251   252   253   254   255   256   257   258   259   260