Process Elements
The PCAOB standard requires auditors to evaluate all process elements that might be involved in period-end financial reporting: IT services, executive management and business processes. The following table identifies these process elements.
IT SERVICES | EXECUTIVE MANAGEMENT | BUSINESS PROCESSES |
Shared services are those that are required by more than one department or process and are often delivered as a common service. From an IT perspective, services such as security, telecommunications and storage are necessary for any department or business unit and are often managed by a central IT function. | Executive management establishes and incorporates strategy into business activities. At the enterprise or entity level, business objectives are set, policies are established, and decisions are made on how to deploy and manage the resources of the organization. From an IT perspective, policies and other enterprise-wide guidelines are set and communicated throughout the organization. | Business processes are the organization’s mechanism of creating and delivering value to its stakeholders. Inputs, processing and outputs are functions of business processes. Increasingly, business processes are being automated and integrated with complex and highly efficient IT systems. |
General Controls
Controls embedded in IT services form general controls, such as: Program development Program changes Computer operations Access to programs and data |
Company-level Controls
Company-level controls over the IT control environment set the tone for the organization. Examples include: Operating style Enterprise policies Governance Collaboration Information sharing |
Application Controls
Controls embedded in business process applications, such as large ERP systems and smaller best-of-breed systems, are commonly referred to as application controls. Examples include: Completeness Accuracy Validity Authorization Segregation of duties |