Читать книгу Internal Control Audit and Compliance - Graham Lynford - Страница 19

It does not hurt to think longer term. The first year of documentation requires a significant commitment of time and effort. You may prioritize the core that needs to be included in year 1. However, in subsequent years, you should consider whether to expand the documentation process into a few other less significant areas. Additionally you should consider if your experience has offered a better way to document the core areas for more efficient update and assessment in the future. Once you have the internal experience in doing the documentation and assessment, you will find these procedures do not take long to perform, and you may conclude that unexpected benefits and efficiencies can be gained from digging into the business at this level. Many entities are today following the same documentation paths in some core areas that were established early on when first documenting processes and controls.

A frequent opportunity that is missed to reduce costs and attain some benefits of the controls focus is to adopt an attitude of “continuous improvement” in the process and testing. Taking good ideas back from conferences or even examining best practices from within the organization can result in significant benefits. Auditors sometimes fall into the trap called SALY (same as last year), which creates a false sense of efficiency when changes occur in the business.

Also frequently encountered and a contributor to higher-than-necessary costs is the lack of training and learning on the part of today's assessment teams. It might be shocking, but many new college accounting major graduates have not had significant exposure to COSO or any of the issues discussed in this book. In the early days of increased attention to internal controls, one could understand this. Today, more than a decade later, not all of the professors and the texts they use have caught up with this important and durable topic. Some professors claim there is no room for the subject in their curriculum. Also shocking are the number of company employees who are expected to learn on the job by following their predecessors' practices. Without some global understanding of this whole COSO process, how could one expect to figure it out from just following specific procedures? Since the approach is conceptual and not prescriptive, some level of conceptual understanding is essential to effective implementation. We are all familiar with the parlor game where a thought is shared around the room and morphs in meaning as the message is passed. Such is the nature of some on-the-job training unless supplemented by consistent, effective structured training.