Summary
In this chapter, we have described the management testing process, approach, and automation. Management testing is a key component of the governance, risk and compliance programs at many organizations. Management testing can improve audit plan effectiveness, make regulatory compliance more sustainable, and align Enterprise Risk Management with strategic objectives. Managers of a process and related controls can be included in developing the scope of the annual audit plan by asking them to assess the risks and evaluate the internal controls based on their deep knowledge of risks and controls. Employees can be interviewed and surveyed to support many aspects of growing regulatory compliance requirements, such as Sarbanes-Oxley, by asking them to share their perception of management's behavior and attitudes towards company level controls such as tone at the top and code of conduct. Management testing can also help identify risks and provide reasonable assurance that an entity is able...
