PwC's assertions 325
-
Hi guys,
do you know if correct that all the evidence of contros must be sign and store?
Control example:
If i have a mail alert of something that i have to correct do i have to stamp it and sign it? Is enough to record it in a mail server?
I think that the security level is low. You can cancel the mail during the day for example.
I think i should stamp it and sign to demostrate that i have done the control.
Thank for your answer.
Bye
Check
-
you can also fake a signature and a stamp
the only safe thing is to have a video recording of the message, no wait, that can be faked as well
-
You can check out:
auditnet.org/Guides/AuditNet Monograph Series Electronic Records Management.pdf
This document addresses electronic records management.
Milan
-
you can also fake a signature and a stamp
the only safe thing is to have a video recording of the message, no wait, that can be faked as well
lmao :lol:
-
Hi,
I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
V Validity -and-lt;=-and-gt;Valuation
R Restricted Access -and-lt;=-and-gt; None
This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
Hope this further helps,
Milan
-
Hi,
I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
V Validity -and-lt;=-and-gt;Valuation
R Restricted Access -and-lt;=-and-gt; None
This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
Hope this further helps,
Milan
hello
so are you saying in the Risk Control Matrix, it is best that we stick to COSO’ financial statement assertions, rather than using PwC’s CAVR?
thanks,
-
CAVR represents the information processing objectives that are used by PwC in their audit approach. They are useful and worth consideration, but it should be noted that they are not the FS assertions that are typically included in the RCM.
It is preferable to use the standard FS Assertions and if the control involves an IT component, it might also be helpful to correlate the control to the relevant information processing objective.
-
As Mr. Guest Said:
Information Processing Objectives area related to controls (COSO, chapter 4 not a PwC creation), and Financial Statement Assertions are related to financial statement lines (accounts). A well done COSO implementation should use CAVR.
When you map your process and identify a control, it is easer to link to CAVR, and then link to FS assertions. I use to document both on my RCM.
The correct relation between CAVR and FS Assertions are:
Completeness - Completeness, Cut-off, Existence/Occurrence, Rights and Obligations
Accuracy - Accuracy, Classification, Valuation and Allocation
Validity - Existence/Occurrence, Cut-off, Rights and Obligations
Restricted Access - Most, except for Rights and Obligations