The purposes of self-assessment by a service enterprise of its internal control system is to implement a self-monitoring mechanism and adapt to changes in the environment in a timely manner, so as to adjust the design of the internal control system and enhance the internal audit department's audit quality and efficiency. The assessment scope shall include the design and operation of all aspects of the enterprise's internal control system.
Before carrying out the assessment referred to in the preceding paragraph, a service enterprise shall set out in its internal control system the procedures and methods for self-assessment operations.
A service enterprise shall pay close attention to matters relating to compliance with applicable laws, regulations, and bylaws, and shall, based on the results of the risk assessment, determine the procedures and methods for self-assessment operations referred to in the preceding paragraph, which shall at least include the following:
- Determining which controls should be tested.
- Determining the business units to include in the self-assessment.
- Evaluating the design effectiveness of controls.
- Evaluating the operating effectiveness of controls.