1 / 63

AUDIT and INTERNAL CONTROL

AUDIT and INTERNAL CONTROL. Conf. univ . dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010. Detailed requirements:. Study materials: Brink’s Modern Internal Auditing , R. Moeller, ed. Wiley, ediţia 6, 2005

carlow
Download Presentation

AUDIT and INTERNAL CONTROL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010

  2. Detailed requirements: • Study materials: • Brink’s Modern Internal Auditing, R. Moeller, ed. Wiley, ediţia 6, 2005 • Sawyer’s Internal Auditing, L. B. Sawyer et. al, IIA, ediţia 5, 2005 • Managing the audit function: a corporate audit department procedures guide, M.P. Cangemi, T. Singleton, Ed. Wiley, ediţia 3, 2003 • Audit Intern, C. L. Dobroţeanu, L. Dobroţeanu, ed. InfoMega, 2007 • Audit: concepteşipractici. O abordarenaţionalăşiinternaţională, L. Dobroţeanu, C. L. Dobroţeanu, Ed. Economică, 2002 • Teoriaşipracticaauditului intern, J. Renard, MinisterulFinanţelor, 2002 • Marking: • Workshop 30% • Written examination 70%

  3. Syllabus: • The system of internal control: conceptual framework, principles, models (2 lectures) • Risk management (1 lecture) • Fraud: detection and prevention (1 lecture) • Audit - internal control relationships (1.5 lectures) • Audit – internal control – corporate governance (0.5 lectures)

  4. I. Internal Control System Lecture overview: • Importance of IC • Fundamentals of IC • Essential IC techniques • COSO framework • IC assessment: SOX

  5. I.1. Importance of IC • Definition: “IC reflects any action taken by the board, management etc. to improve the risk management and to increase the likelihood that the organization meets its objectives” • Can we define a good IC?

  6. I.1. Importanţa CI • Good IC if: • Accomplishes its stated mission; • Produces accurate and reliable data; • Complies with applicable laws and organization policies; • Provides for economical and efficient use of resources; • Provides for appropriate safeguarding of assets.

  7. I.2. Fundamentals of IC driver accelerator steering wheel brake

  8. I.2. Fundamentals of IC 4. Transmits messages 3. Signals departures 2. Benchmark 1. Performance Indicator

  9. I.2. Fundamentals of IC NO YES

  10. I.3. Essential IC techniques

  11. I.3. Essential IC techniques e.g. macro-economic trends e.g. Authorization, approval e.g.after dismissal of an employee

  12. Case study: ................ Workshop

  13. I.4. COSO Framework COSO:

  14. I.4. COSO Framework Internal Control: Integrated Framework • IC – a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives of the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations

  15. I.4. COSO Framework ICS Communication

  16. I.4. COSO Framework • Control environment: • Integrity and ethical values • Professional competence • Board and audit committee • Management philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resources policies and practices: • Recruitment • New employee orientation • Evaluation, promotion, compensation • Disciplinary actions

  17. I.4. COSO Framework b. Risk assessment: • 3-step process: • Identification of significant risks • Assess the risk likelihood or frequency • Consider the appropriate actions to manage the risk

  18. I.4. COSO Framework b. Risk assessment (cont.): • Types of risks: • Organizational risks from external factors • Organizational risks from internal factors • Specific activity-level risks

  19. I.4. COSO Framework c. Control activities • Types of control activities: • top-level reviews • direct functional or activity management • information processing • physical controls • performance indicators • segregation of duties

  20. I.4. COSO Framework c. Control activities (cont.) • Integration of control activities with risk assessment • Controls over information systems • general controls – applied to overall information systems • application controls – applied to specific sections of the system

  21. I.4. COSO Framework d. Communication • Relationship of information and IC • Means and methods of communication

  22. I.4. COSO Framework e. Monitoring • Ongoing monitor activities: • operating management normal functions • communications from external parties • organizational structures and supervisory activities • physical inventories and asset reconciliation

  23. I.4. COSO Framework e. Monitoring (cont.) • Separate evaluation of IC • Reviews • Internal audit: compliance, peer review • Self-assessment • External evaluation • Action plan • Reporting IC deficiencies • To whom? • How?

  24. I.5. IC Assessment: SOX- to be prepared by students -

  25. Case study: Pam-Pam or Keos workshop

  26. II. Risk Management II.1. ERM framework II.2. COSO: IC framework – ERM framework

  27. II.1. ERM framework • 2001 – PWC: developed a framework for ERM assessment – completed in 2004

  28. II.1. ERM framework ERM: A process implemented by the board, management and other staff at enterprise strategic level with a view: • To identify events that could adversely affect the organization; • To manage the risks within the risk appetite limits • To obtain a reasonable assurance that the organization’s objectives are achievable.

  29. II.1. ERM framework Organization’s objectives: • Strategic • Operational • Reporting • Compliance

  30. II.1. ERM framework Components of ERM framework: • Internal environment • Setting the objectives • Identification of events • Risk assessment • Risk response: AARS (avoid, accept, reduce, share) • Control activities • Information and communication • Monitoring

  31. II.1. ERM framework Objectives – components relationships: Strategic Raporting Compliance Operational Branch Business unit Division Organization Internal Environment Identification of events Risk assessment Risk response Control activities Inf.&Communic. Monitoring

  32. II.1. ERM framework ERM effectiveness: a. Effective functioning of the 8 components: • There are no material deficiencies and • Risks managed within the risk appetite limits

  33. II.1. ERM framework Effectiveness of ERM (cont.) b. Objectives: • governance structures know whether the objectives are achievable

  34. II.1. ERM framework Governance structures’ role: • Supervision of ERM • Understand the risks and risk response • Know to what extent the management has implemented an effective ERM • Review the risk portfolio against the risk appetite • Monitor the revision of material risk indicators

  35. II.1. ERM framework COSO responses related ERM – current financial crises: • Reconsideration of current ERM and assessment of risk appetite ERM is an integral component of internal control!

  36. II.2. COSO: IC – ERM frameworks • Are there any differences? • ERM: risk based assessment • COSO-CI: IC framework • ERM – IC framework components: similar (environment, monitoring, communication and information, etc.) • Is ERM an improved version of IC framework? • The controversial role of internal auditors: • ERM seem to provide assurance that risks are managed!

  37. III. Fraud: detection and prevention

  38. Lecture outlines: • The concept of fraud • Responsibilities for fraud prevention&detection - DPF 2.1. Risk of fraud assessment - EFR 2.2. “Audit of fraud” and IIA requirements

  39. 1. The concept of fraud • Illegal actions – deception, betrayal • Does not necessarily imply the use of force or force threats • Actions done purposely: • to obtain financial benefits • to avoid the payment for or the opportunity lost of a financial/personal benefit

  40. 1. The concept of fraud Benefits: • direct – e.g.: money • indirect – e.g.: promotion, power, influence.

  41. 1. The concept of fraud Frauds committed in the organization’s benefit: • Sale of fictitious assets; • Forbidden payments: illegal financing of political campaigns, bribery, etc.; • False statement/misuses of transactions; • Incorrect assessment of transfer prices (for assets exchanged between members of the same group).

  42. 1. The concept of fraud Frauds committed in the organization’s benefit (cont.): • misrecording or misreporting of transactions to mislead users of financial reports; • Illegal commercial activities; • Tax frauds.

  43. 1. The concept of fraud Frauds committed in the organization’s detriment: • Acceptance of bribery; • Unlawful seizure of profitable transactions by an employee; • Invoicing goods or services which were actually not provided to the company.

  44. 1. The concept of fraud Frauds committed in the organization’s detriment(cont.): • Misuse of resources or falsification of accounting records; • Intentional omission or misleading interpretation of events or transactions.

  45. 1. The concept of fraud Indications of fraud (Simmons): Injury Victim trust Action intentionally

  46. 1. The concept of fraud Frauds (Simmons): • Bribery: offering, acceptance, requesting; • Theft; • Conflict of interest; • False statements; • Swindle; • Mail and internet frauds; • Conspiracy; • Brake of financial obligations provided by agreements; • Embezzlement.

  47. 2. Responsibilities for DPF AC- supervising EM – antifraud IA- MDPF

  48. 2. Responsibilities for DPF Board + AC – supervise: • antifraud programmes and controls, including identification of fraud risk and implementation of antifraud actions; • the risk of controls avoidance and inappropriate management influence; • whistle-blowing mechanisms;

  49. 2. Responsibilities for DPF Board + AC – supervise (cont.): • regular reporting: nature, stage and actions taken for detected frauds; • IA plan: risk of fraud and whistle-blowing channels for IA; • involvement of independent experts in investigations of frauds.

  50. 2. Responsibilities for DPF IA role – to answer to questions like: • What is the risk of fraud within the organization? • What are the programs and internal controls that have been implemented to face these risks? • What is IA doing to PDRF before it leads to corporate scandals?

More Related