PwC's assertions 325



  • The community of ext. Auditors more or less has adopted the COBIT and COSO Framework to their own audit approach. That implies that the assertions of each of the big 4 companies are almost the same.



  • The community of ext. Auditors more or less has adopted the COBIT and COSO Framework to their own audit approach. That implies that the assertions of each of the big 4 companies are almost the same.
    That’s true. I’ve worked for two of them and have due diligenced the others at various times. They all have slightly different assertions but they all amount to the same thing.



  • Hi folks
    I have had PwC as my clients’ auditors on several engagements, and they are insistent on using their CAVR (completeness, accuracy, validity, and restricted access) set of assertions in assessing the design of controls. My other clients use the PCAOB/COSO financial statement assertions. The PwC assertions look familiar from an information systems point of view, but does anyone know how they came up with this method and how they square it with PCAOB’s preference for the COSO framework?
    Mitch
    CAVR are control assertions, they are a high level indication of what kind of control a control is.
    The financial statement assertions say something about the control objectives what a control tries to achieve.
    Hopes this Helps



  • Hi all,
    Just left Pwc after 5 years… yes, that’s correct… you are confusing PwC controls objectives with assertions…two completely different things. PwC has adopted the COSO framework…which talks about information processing objectives in chapter 4. As information passess through the accounting cycle you want it to pass through each part completely and accurately, you want it to be valid ( authorized etc. ) and you want the access to it to be restricted. If you have these types of controls over the information in each of your subprocess, then you have met your assertions, which are over FINANCIAL STATEMENT LINE ITEMS ( the accumulation of your transactions), not over individual controls. Hope that expands on it a little bit further



  • It was developed in-house at PwC. And believe me, every firm is different in their approach.
    Jeff Cunningham



  • Every firm is different in their approach. E-and-Y is the only one that is identical to COSO



  • Hi guys,
    do you know if correct that all the evidence of contros must be sign and store?
    Control example:
    If i have a mail alert of something that i have to correct do i have to stamp it and sign it? Is enough to record it in a mail server?
    I think that the security level is low. You can cancel the mail during the day for example.
    I think i should stamp it and sign to demostrate that i have done the control.
    Thank for your answer.
    Bye
    Check



  • you can also fake a signature and a stamp
    the only safe thing is to have a video recording of the message, no wait, that can be faked as well



  • You can check out:
    auditnet.org/Guides/AuditNet Monograph Series Electronic Records Management.pdf
    This document addresses electronic records management.
    Milan



  • you can also fake a signature and a stamp
    the only safe thing is to have a video recording of the message, no wait, that can be faked as well
    lmao :lol:



  • Hi,
    I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
    C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
    A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
    V Validity -and-lt;=-and-gt;Valuation
    R Restricted Access -and-lt;=-and-gt; None
    This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
    However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
    If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
    Hope this further helps,
    Milan



  • Hi,
    I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
    C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
    A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
    V Validity -and-lt;=-and-gt;Valuation
    R Restricted Access -and-lt;=-and-gt; None
    This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
    However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
    If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
    Hope this further helps,
    Milan
    hello
    so are you saying in the Risk Control Matrix, it is best that we stick to COSO’ financial statement assertions, rather than using PwC’s CAVR?
    thanks,



  • CAVR represents the information processing objectives that are used by PwC in their audit approach. They are useful and worth consideration, but it should be noted that they are not the FS assertions that are typically included in the RCM.
    It is preferable to use the standard FS Assertions and if the control involves an IT component, it might also be helpful to correlate the control to the relevant information processing objective.



  • As Mr. Guest Said:
    Information Processing Objectives area related to controls (COSO, chapter 4 not a PwC creation), and Financial Statement Assertions are related to financial statement lines (accounts). A well done COSO implementation should use CAVR.
    When you map your process and identify a control, it is easer to link to CAVR, and then link to FS assertions. I use to document both on my RCM.
    The correct relation between CAVR and FS Assertions are:
    Completeness - Completeness, Cut-off, Existence/Occurrence, Rights and Obligations
    Accuracy - Accuracy, Classification, Valuation and Allocation
    Validity - Existence/Occurrence, Cut-off, Rights and Obligations
    Restricted Access - Most, except for Rights and Obligations


Log in to reply