Nguyen, Silvestre, Vu 1
Thinh Nguyen, Kimberly Silvestre, Thuy Vu
Professor Li
ACCT 422-Internal Auditing
November 2, 2016
SHR Corporation Case Study
ENTITY LEVEL CONTROLS
Management asserts that entity level controls are designed adequately and operating
effectively to reduce risks to an acceptable level. In order for management’s assertions to be
true, entity level controls must be applied to the five components of The Committee of
Sponsoring Organizations of the Treadway Commission’s (COSO) “Cube”: Control
Environment, Risk Assessment, Controls, Information and Communication, and Monitoring.
Within the Control Environment, one should find that there is a strong ethical corporate
climate. This is illustrated through the corporation’s business objective, “To demonstrate sound
ethical conduct in everything we do.” In order to foster an ethical environment, the following
should be implemented: background checks prior to
hiring, policies, slogans to promote
togetherness, management leading by example by behaving ethically, periodic training/meetings
regarding fraud and ethics, performance evaluations, providing a whistleblower hotline,
conducting exit interviews, and having a code of conduct for the organization.
For the Risk Assessment component, risk appetite and risk tolerance levels should be
communicated to all employees regarding risks. The organization should communicate tolerance
levels to all employees througho
ut the organization. For instance, if the organization has a zero
tolerance for drug abuse, the organization should make all employees aware of the zero-tolerance
policy regarding the use of illegal drugs. If any unethical behavior or violation of the
o
rganization’s code of conduct has occurred, policies regarding the violation or unethical
behavior should indicate the tolerance level as well as the consequences for violating the code of
conduct or behaving unethically.
Control Activities can be set in
place to ensure that the organization’s
business objective
is achieved.
SHR can also
ensure that employees are following the organization’s code of
conduct by facilitating periodic training and retraining. These training programs can include
exercises that test
the employee’s knowledge or awareness of the organization’s policies and
code of conduct. After the training has been completed, it is best to ensure that the employees
understand the organization’s policies by having them sign an acknowledgement
form, indicating
that they have received the necessary information, training, as well as understand and agree to
abide to the policies and code of conduct of the organization. The signed acknowledgement form
should be securely maintained by the Human Res
ources department in the employee’s master
file.
