Control Activities(Internal controlのComponents) -リスク緩和の統制活動- USCPA
Internal control 、内部統制。
その国際的な標準フレームワークが COSO の Framework 。
・Internal control の Risk を Acceptable level にまで下げるために、Control activities の Selection や Development を行う
Control Activities
統制活動。Internal control の Framework である COSO の Components のひとつ。
Define
Internal control の The achievement of objective の Risk に Address するために、Policies と Procedures を Establish し、Control activities を Develop する。
Principles
Internal control の 17 principles のうち10から12が Control activities の Principles。
- The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
- The organization selects and develops general control activities over technology to support the achievement of objectives.
- The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
10. Selection and development of control activities
Internal control の The achievement of objective の Risk を、 Acceptable levels に下げるために、Control activities の Selection と Development を行う。
- Risk assessment との Integrate
- Entity specific factors を Consider
- Relevant business processes を Determine
- Control activity types の Mix を Evaluate
- Activity level を Consider
- Segregation of duty の Address
11. Selection and development of general control over technology
Internal control の The achievement of objective を Support する Technology の General control activities の Selection と Development を行う。
- Technology の General control と Business process での利用との Dependency を Determine
- Technology infrastructure に関する Control activities を Establish
- Security management process に関する Control activities を Establish
- Relevant technology の Acquisition、Development、Maintenance process に関する Control activities を Establish
12. Development through policies and procedures
Policies と Procedures を通じて Control activities の Deployment(配備) を行う。
- Management の Directives を Deploy させるために Policies と Procedures を Establish
- Policies と Procedures を Execute させるために Responsibility と Accountability を Establish
- Timely manner に Perform
- Corrective action
- Competent personnel による Perform
- Policies と Procedures を Reassess
Control activities
主な Control activities
- Supervisory controls
- Physical controls
- Verifications
- Segregation of duties
- Performance reviews
- Information processing
- Authorization and approval
- Reconciliation
Business processes と Transactions の Routine controls が含まれる。