The 5 components of ICS
1. Control Environment (Tone at the top)
- Clear ethics and integrity expectations (code of conduct)
- Competent staff and defined organisational structure
- Board/management oversight and accountability
2. Risk Assessment
- Identifying key risks (fraud, error, compliance, IT, operational risks)
- Assessing likelihood/impact and prioritising risks
- Updating risk assessment when changes happen (new system, new branch, new product)
3. Control Activities
- Segregation of duties (authorise–record–custody separated)
- Approvals and authorisation limits
- Reconciliations (bank, inventory, debtor/creditor)
- Physical controls (locks, access control, stock counts)
- IT controls (access rights, change controls, backups)
4. Information & Communication
- Reliable systems for capturing and processing transactions
- Proper documentation, audit trails, and timely reporting
- Clear internal communication of policies and procedures
5. Monitoring Activities
- Ongoing supervisory reviews and exception reporting
- Periodic internal audits or control self-assessments
- Follow-up and corrective actions when weaknesses are found
Practical implication for audit
- Auditors evaluate whether these components exist and operate effectively.
- Weakness in any component increases control risk, so auditors rely less on controls and do more substantive testing.
Tiada ulasan:
Catat Ulasan