Internal control
Download
1 / 32

Internal Control - PowerPoint PPT Presentation


  • 204 Views
  • Updated On :

Internal Control. Elements of Internal Control Process. Provide reasonable assurance regarding achievement of objectives in: Reliability of financial reporting Effectiveness and efficiency of operations Compliance with laws and regulations. Why the emphasis on internal control?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Internal Control' - meara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Elements of internal control process
Elements of Internal Control Process

  • Provide reasonable assurance regarding achievement of objectives in:

    • Reliability of financial reporting

    • Effectiveness and efficiency of operations

    • Compliance with laws and regulations


Why the emphasis on internal control
Why the emphasis on internal control?

  • Federal Foreign Corrupt Practices Act of 1977: Section 102

    • Keep books, records and accounts in reasonable detail which accurately and fairly reflect transactions and disposition of assets

    • Devise and maintain system of internal controls to provide reasonable assurance that:

      • Transactions executed and recorded

      • Authorized access to assets

      • Periodic comparison of recorded accountability to existing assets


Sox sarbox soa
SOX/Sarbox/SOA

  • Restriction on nonaudit services

  • Maintain properly funded audit committee

  • Top Management Officer cannot be hired directly from audit firm

  • CEO and CFO must ensure that financial statements fairly present operations and financial conditions

  • Must disclose code of ethics

  • Annual report contains assessment of the effectiveness of internal control structure and procedures for financial reporting


Other features of sox
Other features of SOX

  • Companies will have to issue 8-Ks in real time when something big and unexpected happens. Under Section 409, companies must report material changes in the financial or operating condition of the company "on a rapid and current basis.“


Section 404 auditors must attest to and report on management s assessment of internal controls
Section 404: Auditors must attest to and report on management's assessment of internal controls.


Other features of sox1
Other features of SOX management's assessment of internal controls.

  • Corporate executives have a duty to disclose questionable practices within global operations


Internal control process control environment
Internal Control Process management's assessment of internal controls.Control Environment

Bridge, Mike and Ian Moss. “COSO back in the limelight”http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B


Control environment
Control Environment management's assessment of internal controls.

  • Integrity and ethical values

    • Ethics and corporate culture

  • Commitment to competence

  • Management philosophy and operating style

  • Responsibility and commensurate authority

  • Human resources

    • Segregation of duties

    • Adequate supervision

    • Job rotation and forced vacations

    • Dual control


Internal control process risk assessment
Internal Control Process management's assessment of internal controls.Risk Assessment

Bridge, Mike and Ian Moss. “COSO back in the limelight”http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B


Common exposures
Common Exposures management's assessment of internal controls.

  • What are the common exposures within a computer-based information system?


Common exposures1
Common Exposures management's assessment of internal controls.

  • Excessive Costs

  • Deficient Revenues

  • Loss of Assets (theft, violence, natural disaster)

  • Inaccurate Accounting

  • Business interruption (Denial of service attacks)

  • Fraud and Embezzlement

  • Unintentional human error


Fraud what is auditor s role
Fraud -- What is auditor’s role? management's assessment of internal controls.

  • Three types of white-collar crime

    • Management Fraud: diversion or misrepresentation of assets

    • Fraudulent Financial Report: intentional or reckless conduct that results in materially misleading financial statements

      • By purposeful act or by omission

    • Corporate Crime: benefits company vs individuals who commit the fraud

      • Cost overcharge on defense contract


Coso study on fraud in financial reporting
COSO STUDY ON FRAUD IN FINANCIAL REPORTING management's assessment of internal controls.

  • Corruption involves fraudulent financial reporting

  • Violations generally the result of deficiencies in corporate governance and internal controls


Coso study on fraud in financial reporting1
COSO STUDY ON FRAUD IN FINANCIAL REPORTING management's assessment of internal controls.

  • Findings:

    • Typical financial reporting fraud schemes involved the overstatement of revenues and assets

      • Revenues were recorded prematurely or fictitiously

      • Overstating assets by understating allowances for receivables, overstating the value of tangible assets, and/or recording non-existent assets

    • CEO and/or CFO involved in 83 percent of cases

      • Insiders committed 85% of worst fraud

        • Over 50% were from management level

    • Average misstatement or misappropriation of assets was $25 million


Common exposures2
Common Exposures management's assessment of internal controls.

  • How would you ascertain the likelihood that a given exposure will exist?


Security concerns
Security Concerns management's assessment of internal controls.

  • Reasonable Assurance Framework

  • What are the threats?

  • What is likelihood that a threat will occur?

  • What is potential damage from threat?(Exposure = risk * consequence)

  • What controls can be used to minimize damage?

  • What is the cost of implementing the control?


Control activities
Control Activities management's assessment of internal controls.

  • What controls provide reasonable assurance that reduce exposure

    • Preventative

    • Detective

    • Corrective


Preventative controls

Segregation of duties management's assessment of internal controls.

Authorization

Recording

Custody

Reliability of personnel

Competence of personnel

Training of personnel

Definition of responsibilities

Rotation of duties

Preventative Controls

Automated systems tend tointegrate these areas


Preventative controls cont d
Preventative Controls – cont’d management's assessment of internal controls.

  • Adequate documents and records to ensure proper recording of transactions

    • Pre-numbered documents (prevent or detect)

    • Pre-coded forms

    • Appropriate authorization

    • Designed for easy use

  • Restricted access to assets

    • Physical controls

      • Depends on effectiveness of processes

      • Do you safeguard keys, combinations, passwords, etc.?

    • Close supervision


Preventative controls cont d1
Preventative Controls – cont’d management's assessment of internal controls.

  • Application Controls – Input

    • Authorization

      • General – automatic recorder point in inventory

      • Specific – request is routed through person with authority

    • Formatted input – prevents errors

    • Format check – data entered in proper mode

    • Reasonableness check – compare with expected range of values

    • Validity check – matched to acceptable set of values

    • Restrict access

      • Passwords/biometrics/etc.

      • Key verification – re-enter data


Detective controls
Detective Controls management's assessment of internal controls.

  • Accountability of input (anticipation)

  • Completeness of input

    • Various forms of “totals”

    • Visual verification

    • Turnaround document

  • Correctness of input

    • Format (detects if invalid date)

    • Limit and validity checks (prevent and detect)

    • Approval (subsequent to authorization)


Detective controls cont d
Detective Controls – cont’d management's assessment of internal controls.

  • Completeness of Processing

    • Reconciliation

    • Aging

    • Suspense files

    • Periodic Audit

    • Activity Log

  • Correctness of Processing

    • Summaries

    • Overflow

    • Sequence checks


Detective controls cont d1
Detective Controls – cont’d management's assessment of internal controls.

  • Physical inventory

  • Management review

  • Transaction trail


Corrective controls
Corrective Controls management's assessment of internal controls.

  • Backup and recovery

    • How do you recover to the last transaction?

  • Transaction trail?

  • Automatic error correction


How do you evaluate internal controls
How do you evaluate internal controls? management's assessment of internal controls.

  • Internal Control Checklist

    • Institute of Internal Auditors


Discussion question 24 pg 25
Discussion Question 24, pg 25 management's assessment of internal controls.

  • Are these examples of good internal control?

    • Purchase requisitions made verbally by departments to purchasing agent

    • Clerk responsible for raw material inventory records does not have access to storeroom where materials are kept

    • Receiving operation related to shipments handled by clerks responsible for managing storeroom where material are kept

    • Purchase orders prepared by clerks responsible for managing storeroom where materials are kept


Discussion question 24 pg 251
Discussion Question 24, pg 25 management's assessment of internal controls.

  • Are these examples of good internal control?

    • Employees who count goods received do not know how many were ordered

    • Periodic physical inventory conducted by clerks responsible for managing storeroom where materials are kept

    • Purchase orders compared to receiving reports before vendors are paid


Question 52 pg 144
Question 52, pg 144 management's assessment of internal controls.

  • Identify controls that would detect:

    • Clerks steal percentage of cash sent as donation to non-profit

    • Employees mail personal letters at company expense

    • Clerk posts payment as 53 instead of 35

      • Unintentional

      • Intentional (to friends account)

    • Bill customer for item never shipped

    • Duplicate payment of invoice

    • Customer not billed for item shipped


Question 54 pg 146
Question 54, pg 146 management's assessment of internal controls.


Assignment question 65 pp 150 2
Assignment, Question 65, pp 150-2 management's assessment of internal controls.

  • Identify all of the controls in place

    • Classify the controls using the Application Controls Matrix, Fig 4.9, pg 133


ad