Assess your entity level controls against best practice frameworks
Entity-level controls are internal controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a top-down approach to understanding the risks of an organisation.
Entity-level controls, along with all other internal controls should be evaluated by independent auditors according to SAS 109 (AU 314) issued by the AICPA. SAS 109 stipulates that "auditors should obtain an understanding of the five components of internal control sufficient to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
This generally means that management do not get the opporutnity to assess or view the detailed results of these assessment in real-time.
The ELC Toolkit, whilt aimed at assisting auditors with this important tasks, also makes it possible for management to either participate in the process or to perform their own internal self-asessments against published best practice guidance. This helps management identify those areas that may need attention a lot sooner since a self-assessment can be performed at any time.