COBIT 2019

COSO Integrated Framework

ISO 31000 Risk Management

SOX Section 404

Control Activities, Objective Setting, Event Identification, Information and Communication, Monitoring Activities

Control Activities, Risk Response, Control Environment, Information and Communication, Monitoring Activities

Control Environment, Risk Assessment, Control Activities, Information and Communication, Monitoring Activities

Control Environment, Control Activities, Risk Assessment, Information and Communication, Monitoring Activities

Hires external auditors

Assess effectiveness and efficiency of business process on regular basis

Performs financial audit to provide assurance on the financial statements

Evaluates whether the organization has implemented controls that will achieve the objective of ICFR

Number of internal audit projects conducted by Internal Auditors in the previous year.

Materiality set at the group level and at discrete levels

The consideration of COSO principle coverage

Diversity and change in the business environment

Monthly review on bank reconciliations

Dual signatures on all disbursements over a specific amount

Accountant – GL Financial Closing inputs of accrual journal entry during financial closing

Procurement policy which govern that purchases should be made from vendor who has been approved by Management and registered in Vendor Master List

Directive controls that cause or encourage the occurrence of desirable events

Detective controls that monitor the results of operations and relate to an estimate or the accounting for an infrequent transaction or event

Preventive controls that deter the occurrence of unwanted events

Corrective controls that correct the negative effects of unwanted events

Materiality on account balance level

Susceptibility to misstatement due to errors or fraud

Existence of related party transactions in the account

Accounting and reporting complexities

To ensure the internal processing produces the expected results.

To ensure the input data is complete, accurate and valid.

To ensure the processing accomplishes the desired tasks.

To ensure the proper development and implementation of applications