Return to Article: GAO debates new auditing rules for agencies
-
6996
We have been commenting on management controls within government audits since the CFO Act of 1990. It has been a requirement since that time that if auditors did not assess management controls as a part of an audit (whether financial or compliance), a reason had to be specifically stated in the audit report. We perform risk assessments which ultimately must focus on management controls, so that vulnerabilities can be assessed and areas of potential fraud may be determined. When we found problems with failed actions, improper/illegal activities, and instances of non-compliance with laws and regulations we typically work backward to the root cause. And in most instances the root cause was deficiencies in management controls. So by default we've been doing what SOX requires for about 14 years that I know of, and it seems to be working okay. Thanks.
PROMO RIGHT: EVENTS
UPCOMING WEBINARS
NOVEMBER 18
Speed bumps for Teleworking: What are they and how to avoid them?
DECEMBER 3
Achieve Program Success: Unlock the Management Information in Your Data
DECEMBER 10
Practical Transparency: Applying Exchange Networks for Mission Results
PROMO RIGHT: DIRECTORIES
Post a Comment
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.