1. E&Y Top-down, Risk-based Approach to assessing Key Control Summary of the E&Y’s Framework Materiality Controls SAP Control Risk Heat Map Yue Yong Carolyn Tsai BADM 559

2. Framework Components Financial statements and Business Risk: to identify, understand and evaluate if company- level controls designs are effective in the financial perspective Significant Accounts: identify the accounts where materiality will affect the fairness of f/s Has qualitative and quantitative characteristics

3. Framework Components Management Financial Statements (F/S) Assertions: explicit and implicit management’s values in the f/s in for the significant accounts Divided into broad categories: existence, occurrence, completeness, valuation, measurement, rights and obligations, presentation and disclosure Significant process E&Y defined as the point in the business process where transactions post to significant accounts represents a point where key control will most likely be defined for an assertion. Assess the key performance indicators for internal business process

4. Framework Components “What Can Go Wrong?” The procedure of identifying the risk that would challenge the financial statements assertions on these significant accounts and processes. Controls Identify controls in place Assess the effectiveness of the controls, if it provides reasonable assurance

5. Materiality Planned materiality (PM)-the overall materiality level for the F/S as a whole Tolerable Error (TE)-a % of PM, materiality for individual accounts. Goal: provide reasonable assurance that the summary of audit difference is immaterial

6. Specifics of Controls Company level: Indirect, monitoring, direct controls Transaction level: manual, IT-dependent, application, end-user computing controls Control testing Test of Design-design of the controls meets the control design requirement, the objective of the controls and if the design can effectively prevent or detect errors Test of Operational effectiveness-does the control really works Walk through: combination of inquiry, observation, inspection, re-performance for testing one or a sample

7. SAP Control Using ERP to increase efficiency Utilizing the key settings to acquire the specific document and inspect controls Setting Tolerance: setting threshold level to flag possible material misstatements.

8. Risk Heat Map Define risks as likelihood X level of impact Heat maps are divided into 3 zones: green, yellow, red Risks in the red zone are the ones with greatest importance, follow by yellow then green Risk heat maps provide a visual representation on the risks that auditors should prioritize