369 paragraphs found
When considering the acceptance of a limited assurance engagement on controls, ASAE 3000 requires the assurance practitioner to determine whether a meaningful level of assurance is expected to be able to be obtained, [50] which may include whether a …
The controls which are the subject matter of the engagement may be defined by: the component/s of control which they address, which are determined by the control framework applied, but may include: the control environment; risk assessment; control …
Control objectives ordinarily comprise the main criteria for evaluation of the design of controls. In assessing the suitability of the criteria for evaluating the design of controls, the assurance practitioner considers whether the control objectives: …
Additional criteria for assessing the suitability of the design may be derived from the risks that threaten achievement of the control objectives …
In a direct engagement, the assurance practitioner may not be provided with control objectives and so will need to identify, select or develop the control objectives to apply as the criteria for evaluating the design of controls. The assurance …
The responsible party implicitly or explicitly makes assertions regarding the recognition, measurement, presentation, disclosure or compliance of the subject matter, which reflect the overall objectives of the system. These overall objectives can be …
The materiality matrix in Appendix 4 plots these overall objectives to provide a frame of reference for assessing materiality. …
The way in which the overall objectives, described above, are expressed will vary widely depending on the control framework applied or developed. For example COBIT 5 categorises “goals” for Enterprise IT as: intrinsic quality, contextual quality and …