|
|
|
| COSO
|
|
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission
(COSO) issued Internal Control - Integrated Framework (the Framework) to help
businesses and other entities assess and enhance their internal control systems. Since that time, the Framework has been recognized by regulatory standard setters and others as a comprehensive framework for evaluating internal control, including internal control over financial reporting.
COSO encompasses five key components of effective control. The following briefly describes each component and its relevance to our initial assessment.
- Control Environment
COSO considers the Control Environment as the foundation for effective internal control. The Control Environment includes the integrity, ethical values and competence of a company's employees, management's philosophy and operating style, the way management assigns authority and responsibility and the attention and direction provided by the board of directors. In a centralized technology environment the components of the IT Control Environment apply across the enterprise. Our assessment will thus encompass the review of existing Atlantis Plastics prepared documentation of the overall IT control environment.
- Risk Assessment
Risk assessment encompasses the identification and analysis of relevant risks that should be addressed by the company's IT internal controls. Our assessment will encompass interviews with selected Atlantis Plastics IT personnel, and the review of existing Atlantis Plastics IT documentation. Our goal will be to identify and document the risks that must be addressed with effective IT general controls.
- Control Activities
IT Control activities include the policies, procedures and practices that ensure the achievement of business objectives and the risk mitigation plans. Control activities should be defined to specifically address each control objective to mitigate the risks identified. Our assessment will include a review of existing Atlantis Plastics IT policy, procedure and process documentation, to identify current IT control activities in place.
- Information and Communication
COSO emphasizes that information is needed at all levels of a corporation to ensure that the business' control objectives are achieved. This encompasses the identification of the information required, and the form and timeliness with which it is communicated to management. Our assessment will include the identification of financial reporting processes supported by the Atlantis Plastics systems (MfgPro).
- Monitoring
The monitoring of the performance and effectiveness of IT processes and controls is critical. The goal is to ensure that underlying controls within the operational systems are being sustained effectively. Our assessment will be based on interviews and the review of existing documentation of IT monitoring processes and controls.
|
|
|
|
| Control Environment |
- Sets the "tone at the top"
- Integrity, ethical values, and behavior of key executives
- Management's control consciousness and operating style
- Board of Directors' and Audit Committee participation in governance and oversight
- Assignment of authority and responsibility
|
| Risk Assessment |
- Identify and analyze relevant risks to achieving the entity's objectives
- Mechanisms are in place to anticipate, identify, and react to changes
- Established process to identify changes in GAAP, business practices and internal control
|
| Information & Communication |
- Information systems provided management with necessary reports in sufficient detail to take action
- Management has established communication channels to report potential improprieties
|
| Control Activities |
- Policies that ensure management directives are carried out
- Approval and authorizations, verifications, evaluations, safeguarding of assets, security and segregation of duties
|
| Monitoring |
- Periodic evaluations of internal controls are made
- Management implements internal control recommendations of the external and internal auditors
|
|
|
|
 |
|
|
