Nguyen, Silvestre, Vu 1 Thinh Nguyen, Kimberly Silvestre, Thuy Vu Professor Li ACCT 422-Internal Auditing November 2, 2016 SHR Corporation Case Study ENTITY LEVEL CONTROLS Management asserts that entity level controls are designed adequately and operating effectively to reduce risks to an acceptable level. In order for management’s assertions to be true, entity level controls must be applied to the five components of The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) “Cube”: Control Environment, Risk Assessment, Controls, Information and Communication, and Monitoring. Within the Control Environment, one should find that there is a strong ethical corporate climate. This is illustrated through the corporation’s business objective, “To demonstrate sound ethical conduct in everything we do.” In order to foster an ethical environment, the following should be implemented: background checks prior to hiring, policies, slogans to promote togetherness, management leading by example by behaving ethically, periodic training/meetings regarding fraud and ethics, performance evaluations, providing a whistleblower hotline, conducting exit interviews, and having a code of conduct for the organization. For the Risk Assessment component, risk appetite and risk tolerance levels should be communicated to all employees regarding risks. The organization should communicate tolerance levels to all employees througho ut the organization. For instance, if the organization has a zero tolerance for drug abuse, the organization should make all employees aware of the zero-tolerance policy regarding the use of illegal drugs. If any unethical behavior or violation of the o rganization’s code of conduct has occurred, policies regarding the violation or unethical behavior should indicate the tolerance level as well as the consequences for violating the code of conduct or behaving unethically. Control Activities can be set in place to ensure that the organization’s business objective is achieved. SHR can also ensure that employees are following the organization’s code of conduct by facilitating periodic training and retraining. These training programs can include exercises that test the employee’s knowledge or awareness of the organization’s policies and code of conduct. After the training has been completed, it is best to ensure that the employees understand the organization’s policies by having them sign an acknowledgement form, indicating that they have received the necessary information, training, as well as understand and agree to abide to the policies and code of conduct of the organization. The signed acknowledgement form should be securely maintained by the Human Res ources department in the employee’s master file.