PwC's assertions 325



  • Hi guys,
    do you know if correct that all the evidence of contros must be sign and store?
    Control example:
    If i have a mail alert of something that i have to correct do i have to stamp it and sign it? Is enough to record it in a mail server?
    I think that the security level is low. You can cancel the mail during the day for example.
    I think i should stamp it and sign to demostrate that i have done the control.
    Thank for your answer.
    Bye
    Check



  • you can also fake a signature and a stamp
    the only safe thing is to have a video recording of the message, no wait, that can be faked as well



  • You can check out:
    auditnet.org/Guides/AuditNet Monograph Series Electronic Records Management.pdf
    This document addresses electronic records management.
    Milan



  • you can also fake a signature and a stamp
    the only safe thing is to have a video recording of the message, no wait, that can be faked as well
    lmao :lol:



  • Hi,
    I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
    C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
    A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
    V Validity -and-lt;=-and-gt;Valuation
    R Restricted Access -and-lt;=-and-gt; None
    This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
    However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
    If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
    Hope this further helps,
    Milan



  • Hi,
    I’ve seen the following linkage between PwC’s Control Objectives (CAVR) and the standard FS Assertions:
    C Completeness -and-lt;=-and-gt;Completeness, Cutoff, Existence/Occurence,
    A Accuracy -and-lt;=-and-gt;Accuracy, Existence/Occurence,
    V Validity -and-lt;=-and-gt;Valuation
    R Restricted Access -and-lt;=-and-gt; None
    This ‘forced’ linkage does NOT map to Presentation/Disclosure and Rights and Obligations. Additionally, it is at best, fundamentally flawed, since the two concepts are not interrelated.
    However, if you are bent on developing a linkage table, this achieves some correlation. I would not suggest making use of it and instead, propose going with the FS Assertions as observed in COSO or PCAOB.
    If you simply include the PwC CAVR in the control matrix separately, you will avoid confusion or disagreement on the unimportant.
    Hope this further helps,
    Milan
    hello
    so are you saying in the Risk Control Matrix, it is best that we stick to COSO’ financial statement assertions, rather than using PwC’s CAVR?
    thanks,



  • CAVR represents the information processing objectives that are used by PwC in their audit approach. They are useful and worth consideration, but it should be noted that they are not the FS assertions that are typically included in the RCM.
    It is preferable to use the standard FS Assertions and if the control involves an IT component, it might also be helpful to correlate the control to the relevant information processing objective.



  • As Mr. Guest Said:
    Information Processing Objectives area related to controls (COSO, chapter 4 not a PwC creation), and Financial Statement Assertions are related to financial statement lines (accounts). A well done COSO implementation should use CAVR.
    When you map your process and identify a control, it is easer to link to CAVR, and then link to FS assertions. I use to document both on my RCM.
    The correct relation between CAVR and FS Assertions are:
    Completeness - Completeness, Cut-off, Existence/Occurrence, Rights and Obligations
    Accuracy - Accuracy, Classification, Valuation and Allocation
    Validity - Existence/Occurrence, Cut-off, Rights and Obligations
    Restricted Access - Most, except for Rights and Obligations


Log in to reply