AI Analysis Results

Monitoring & Whistleblower — Entity-Level Controls (COSO ELC)

/ 100

Adequate

Overall Sub-Process Rating

Adequate — Control exists and operates; minor enhancements possible.

1 control evaluated4 strengths identified2 gaps identified

Executive Summary

The Monitoring & Whistleblower process demonstrates adequate controls overall, with most key controls designed and operating as intended. Certain areas require enhanced documentation or monitoring to close identified gaps, but no material weaknesses were noted during the assessment period.

Strengths

Whistleblower reports are investigated and tracked to closure.... is consistently executed
Management review is performed on a regular cadence
Segregation of duties is enforced across critical functions
Key controls are documented in a centralized repository

Gaps

Evidence of review lacks timestamp and reviewer identity
No automated alerting for control threshold breaches

Recommendations

1Conduct an annual control design assessment aligned with framework updates
2Implement a workflow tool that captures reviewer identity and timestamp for all approvals
3Establish a quarterly monitoring schedule with documented results and sign-off

Framework Mapping

COSO 2013

Principle P16Principle P17

SOX 404

ICFR.ELC.MN.01

IIA Standards 2024

IV.8.2IV.9.5

Control-Level Breakdown (1)

ELC-MN-01Needs ImprovementScore: 58/100

Whistleblower reports are investigated and tracked to closure.

Key Finding

The control is partially implemented but operates inconsistently. Whistleblower reports are investigated and tracked to closure. Gaps in execution or evidence retention reduce assurance over this area.

Recommendation

Redesign the control to address inconsistencies. Specifically: whistleblower reports are investigated and tracked to closure. Assign a control owner and establish a testing cadence.

Framework Tags

COSO P16COSO P17ICFR.ELC.MN.01IIA IV.8.2IIA IV.9.5