1. Evaluating internal control risk, divided into two parts;
1.1 COSO–ICIF (in accordance with The SEC internal control sufficiency assessment form)
1.2 Evaluate internal control system on each process as follows
Purchasing, sale, payment, safeguard of assets, IT and HR. Including the specific process for some business i.e. production, warehouse, branch offices management, etc.EN
1. Evaluating internal control risk, divided into two parts
2. Auditing internal control system (Assurance services)
2.1 Entirely performing substantive testing.
2.2 Following up the remaining risks.