Rick Aselage also pointed out that not-for-profits will want to note the new risk assessment standards that SAS 112 implements. Risk is assessed on entity level internal controls and business process level internal controls.
Entity level controls include financial reporting, IT environment, and management override practices as well as intangibles such as the "tone at the top." Business process level controls include activities such as bank reconcilations and purchase order approvals.
The key point to the new risk assessment is that "inquiry alone is not sufficient to evaluate internal control design...transaction or system walkthroughs need to be documented as evidence of internal control existence and design." Rick advises that we evaluate internal controls and address any concerns before our next audits.
Posts
NEW SLPL website/NEW SLPL catalog/NEW GFC blog!
7 years ago
No comments:
Post a Comment