Adequacy and Effectiveness

Cards (3)

What does a competent evaluation of the effectiveness of controls entail?
Assessing the controls in the context of risks to objectives
What should be considered to evaluate the controls?
Were significant discrepancies or weaknesses discovered from the audit work performed and other assessment information gathered?
If so, were corrections or improvements made after the discoveries?
Do the discoveries and their consequences lead to the conclusion that a pervasive condition exists resulting in an unacceptable level of business risk?
Factors to consider when determining whether the control is effective and unacceptable risks exist?
The pattern of discoveries.
The degree of intrusion.
The level of consequences and exposures.