Monitoring Entity-Level Controls Audit Work Program
Subscriber Content
How to Audit Entity-Level Controls: Sample Work Programs and Best Practices
In this document, we provide three sample work programs for monitoring entity-level controls. Each section of these work programs focuses on a specific attribute and the documentation that evidences the operating effectiveness of entity-level controls.
Risks addressed in these samples include: internal and/or external audit comments and management responses are not provided to the audit committee or board of directors; internal audit is not independent of the activity’s IT audits; personnel with the requisite skills do not conduct evaluations of appropriate portions of the internal control system; and the frequency and scope of supervision and monitoring activities are not appropriate to the size and nature of the entity.