Page 275 - COSO Guidance Book
P. 275

Monitoring activities principle 16: Conducts ongoing or
            separate evaluations


            With respect to this principle, the framework states that the organizations selects, develops, and
            performs ongoing or separate evaluations (or both) to ascertain whether the components of internal
            control are present and functioning.

            The framework provides the following seven points of focus for this principle:

              Point of focus — Considers a mix of ongoing and separate evaluations
               Management includes a balance of ongoing and separate evaluations.

               For example, for a small entity, the owner-manager might perform an ongoing monitoring activity of
               observing sales at a retail business and comparing that observation for reasonableness with the total
               amount of all transactions recorded on the sales registers and with the amount that made up the
               bank deposit. A separate evaluation could be for the owner-manager to engage a CPA firm to review
               the current sales transaction-processing system for any design or other flaws that might have
               adversely affect internal control.

              Point of focus — Considers rate of change
               Management considers the rate of change in business and business processes when selecting and
               developing ongoing and separate evaluations.
               For example, a for-profit entity might implement a new revenue stream by establishing an electronic
               storefront that is developed and managed internally. New ongoing monitoring controls would need to
               be established to, for example, provide assurance that daily cash revenue received was actually
               deposited into the bank account. A separate evaluation could be conducted to provide assurance that
               the system has adequate controls to prevent or detect both internal and external access threats
               (such as a disgruntled employee or external hacker).

              Point of focus — Establishes baseline understanding

               The design and current state of an internal control system are used to establish a baseline for
               ongoing and separate evaluations.

               Management must understand how the current internal control system works in order to perform
               monitoring activities.

              Point of focus — Uses knowledgeable personnel
               Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand
               what is being evaluated.

               The framework states that the evaluator (such as independent managers, employees, and external
               reviewers) should be knowledgeable about the entity’s activities and how the monitoring activities
               function and understand what is being evaluated.
               As an example, consider a local community bank with 10 branches. Each branch manager should be
               trained sufficiently in the community bank’s policies and procedures to both perform ongoing
               monitoring at his or her respective branch and to be competent to perform separate evaluations at
               other branches.



            © 2020 Association of International Certified Professional Accountants. All rights reserved.    7-5
   270   271   272   273   274   275   276   277   278   279   280