Reviewing Effectiveness Testing 2137

  • Hi
    I have just relocated to a sister company in another country and for the first time will be involved with SOA. My role is one of review of the financial reporting controls and as I havent been involved to a large extent with SOA before I was hoping I could get some advice on the main areas and pitfalls to look out for from your collective vast experiences? eg. test sizes too small, existing control sets not large enough, documentation not thorough enough…
    Basically the process has been done in 2006 and so the controls are again being tested and documented for 07, the results of which I have to review.
    Thanks in advance for your advice and assistance

  • Make certain that what is being tested is something that really matters. For example, you probably don’t need to spend too much time, if any, on looking at routine transactions. You will likely have higher-level review controls that will cover off on potential material errors. Focus your review efforts on access security, segregation of duties, spreadsheet controls, judgmental reserves, income tax controls, account reconciliations and the financial close and reporting process.

  • Also, I would perform a risk assessment on the controls identified. The degree of risk associated with any given key control can have a direct effect on sample sizes, frequency of testing, evidence required, and type of testing necessary to verify the operating effectiveness of the controls. Consider risk from two perspectives: the risk that a control will fail and the risk of material misstatement in your financial statements.
    Consider entity level controls when performing the risk assessment as these types of controls, if strong enough, can reduce the amount of testing required to satisfy your 404 objectives.
    Hope this helps.

  • Thanks guys, both responses are great and really help.
    Best regards,

Log in to reply