Control Activities(Internal controlのComponents) -リスク緩和の統制活動- USCPA

Internal control 、内部統制。

その国際的な標準フレームワークが COSO の Framework 。

POINT

・Internal control の Risk を Acceptable level にまで下げるために、Control activities の Selection や Development を行う

Control Activities

統制活動。Internal control の Framework である COSO の Components のひとつ。  

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

Define

Internal control の The achievement of objective の Risk に Address するために、Policies と Procedures を Establish し、Control activities を Develop する。

Principles

Internal control の 17 principles のうち10から12が Control activities の Principles。

  • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
  • The organization selects and develops general control activities over technology to support the achievement of objectives.
  • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.

10. Selection and development of control activities

Internal control の The achievement of objective の Risk を、 Acceptable levels に下げるために、Control activities の Selection と Development を行う。

  • Risk assessment との Integrate
  • Entity specific factors を Consider
  • Relevant business processes を Determine
  • Control activity types の Mix を Evaluate
  • Activity level を Consider
  • Segregation of duty の Address

11. Selection and development of general control over technology

Internal control の The achievement of objective を Support する Technology の General control activities の Selection と Development を行う。

  • Technology の General control と Business process での利用との Dependency を Determine
  • Technology infrastructure に関する Control activities を Establish
  • Security management process に関する Control activities を Establish
  • Relevant technology の Acquisition、Development、Maintenance process に関する Control activities を Establish

12. Development through policies and procedures

Policies と Procedures を通じて Control activities の Deployment(配備) を行う。

  • Management の Directives を Deploy させるために Policies と Procedures を Establish
  • Policies と Procedures を Execute させるために Responsibility と Accountability を Establish
  • Timely manner に Perform
  • Corrective action
  • Competent personnel による Perform
  • Policies と Procedures を Reassess

Control activities

主な Control activities

  • Supervisory controls
  • Physical controls
  • Verifications
  • Segregation of duties
  • Performance reviews
  • Information processing
  • Authorization and approval
  • Reconciliation

Business processes と Transactions の Routine controls が含まれる。