Process Elements

The PCAOB standard requires auditors to evaluate all process elements that might be involved in period-end financial reporting: IT services, executive management and business processes. The following table identifies these process elements.

IT SERVICES EXECUTIVE MANAGEMENT BUSINESS PROCESSES
Shared services are those that are required by more than one department or process and are often delivered as a common service. From an IT perspective, services such as security, telecommunications and storage are necessary for any department or business unit and are often managed by a central IT function. Executive management establishes and incorporates strategy into business activities. At the enterprise or entity level, business objectives are set, policies are established, and decisions are made on how to deploy and manage the resources of the organization. From an IT perspective, policies and other enterprise-wide guidelines are set and communicated throughout the organization. Business processes are the organization’s mechanism of creating and delivering value to its stakeholders. Inputs, processing and outputs are functions of business processes. Increasingly, business processes are being automated and integrated with complex and highly efficient IT systems.
General Controls

Controls embedded in IT services form general controls, such as:

Program development

Program changes

Computer operations

Access to programs and data

Company-level Controls

Company-level controls over the IT control environment set the tone for the organization. Examples include:

Operating style

Enterprise policies

Governance

Collaboration

Information sharing

Application Controls

Controls embedded in business process applications, such as large ERP systems and smaller best-of-breed systems, are commonly referred to as application controls. Examples include:

Completeness

Accuracy

Validity

Authorization

Segregation of duties