Content-type: text/html P-11 Internal Control Principle

P-11 Internal Control Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


Check all that apply:



Information security forms the core of an organization's information internal control system.
As an internal control system, information security organizations and safeguards meet the standards applied to other internal control systems.
The organization's internal control standards define the minimum level of quality acceptable for internal control systems in operation and constitute the criteria against which systems are to be evaluated.
Internal control standards apply to all operations and administrative functions but do not limit or interfere with duly granted authority related to development of legislation, rulemaking, or other discretionary policymaking in the organization.
Internal control systems provide reasonable assurance that the objectives of the systems will be accomplished.
Managers and employees maintain and demonstrate a positive and supportive attitude toward internal controls at all times.
Managers and employees have personal and professional integrity and maintain a level of competence that allows them to accomplish their assigned duties, as well as understand the importance of developing and implementing good internal controls.
Internal control objectives are identified or developed for each organizational activity and are logical, applicable, and reasonably complete.
Internal control techniques are effective and efficient in accomplishing their internal control objectives.
Internal control systems and all transactions and other significant events are clearly documented, and the documentation is readily available for examination.
Transactions and other significant events are promptly recorded and properly classified.
Transactions and other significant events are authorized and executed only by persons acting within the scope of their authority.
Key duties and responsibilities in authorizing, processing, recording, and reviewing transactions are separated among individuals.
Qualified and continuous supervision is provided to ensure that internal control objectives are achieved.
Access to resources and records is limited to authorized individuals, and accountability for the custody and use of resources is to be assigned and maintained.
Periodic comparison is made of the resources with the recorded accountability to determine whether the two agree. The frequency of the comparison is a function of the vulnerability of the asset.
Managers promptly evaluate findings and recommendations reported by auditors.
Managers determine proper actions in response to audit findings and recommendations.
Managers complete, within established time frames, all actions that correct or otherwise resolve the matters brought to management's attention.

With maximum value of