1.27k likes | 1.47k Views
chapter 10. Section 404 Audits Sarbanes-Oxley Act section 404. Societe Generale. junior trader gambled more than the entire net worth of the bank. National Commission on Fraudulent Financial Reporting the “Treadway Commission” 1987. Committee of Sponsoring Organizations “COSO”. COSO.
E N D
chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404
Societe Generale • junior trader gambled more than the entire net worth of the bank
National Commission on Fraudulent Financial Reportingthe “Treadway Commission” 1987 Committee of Sponsoring Organizations “COSO”
COSO Committee of Sponsoring Organizations organizations that sponsored the Treadway Commission American Institute of Certified Public Accountants American Accounting Association Institute of Internal Auditors Institute of Management Accountants Financial Executives Institute
Rachel how does COSO define internal controls ?
COSO internal controls Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: • reliability of financial reporting • effectiveness and efficiency of operations • compliance with applicable laws and regulations
Foreign Corrupt Practices Act1977 any corporation that has a class of securities registered, or that is required to file reports under the Securities and Exchange Act of 1934
U.S. CodeTITLE 15--COMMERCE AND TRADE CHAPTER 2B--SECURITIES EXCHANGES
(2) Every issuer pursuant to section 78l or … shall– • make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; (B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that– (i) transactions are executed in accordance with management's general or specific authorization; (ii) transactions are recorded as necessary • to prepare financial statements in conformity with GAAP, • to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management's general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences; and
Sarbanes-Oxley Act 2002 § 7262. Management assessment of internal controls (a) Rules required The Commission shall prescribe rules requiring …. an internal control report, which shall— (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure ... (b) Internal control evaluation and reporting …, each registered public accounting firm that …issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer.
Page 48 We have audited internal control over financial reporting as of Dec. 31, 2012, based criteria established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). MMC’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company's internal control over financial reporting based on our audits. We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audits of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinion. A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of managementand directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, MMC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2012, based on COSO criteria.
Eric what is the objective of AU-C section 315?
AU-C 315 Understanding the Entity & Its Environment & Assessing RoMM .03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.
DJ what is the definition of control risk?
Control Risk The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control.
Control Risk Control risk is the probability that the company’s internal controls will fail to prevent or detect material misstatements
Nicole M Discuss reasonable assurance.
Reasonable Assurance Reasonable assurance. In the context of an audit of financial statements, a high, but not absolute, level of assurance.
Spencer Under Sarbanes-Oxley management must report on the effectiveness of the company’s internal controls. With Regard to Internal Controls, what STATEMENTS must MANAGEMENT include in their annual report ?
Section 404 of Sarbanes-Oxley managements’ statements page 253 1 management is responsible for effective internal controls over financial reporting 2 management’s assessment of the effectiveness of the internal controls 3 the framework used to evaluate the effectiveness of the internal controls
Evaluate the Effectiveness • management must evaluate the design of internal controls • management must test the operating effectiveness of those controls
Nicole O what framework will management use to evaluate the effectiveness of internal controls ?
Mariel In the standard unmodified audit report What is management’s responsibility?
Management’s Responsibilty Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
Page 254 (design of internal control) Risks related to all relevant assertions Evaluating Significant classes of transactions Identify points in the transactions where material misstatements could occur Identify how each significant class of transactions • Initiated • Authorized • Recorded • Processed through the accounting system • Reported in the financial statements and disclosures
AU-C 315 page 254/263 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control,
Andrea In the standard unmodified audit report What is the auditor’s responsibility?
Auditor’s Responsibilty Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
AU 314.83 page 254/263 The classes of transactions that are significant Procedures by which those transactions are: initiated, authorized, recorded, processed, and reported in the financial statements. The related accounting records & supporting information How the info system captures other events that are significant to the financial statements Reporting process used to prepare the financial statements, including significant estimates and disclosures.
Candace COSO – 5 components of internal control what are the five components of the internal control framework ?
COSO components of internal controls • Control environment • Risk assessment • Control procedures • Information and communication • Monitoring
COSO components of internal controls • Control environment • Risk assessment • Control procedures • Info & Comm --- Accounting System is part of • Monitoring
1. Control environment • management’sintegrity and ethical values • commitment to competence • board of directors and audit committee • management’s philosophy and operating style • organizational structure • human resource policies and practices page 256-57
1. Control environment – Audit Committee Bd of Directors - Audit Committee – Outside Directors • Appointment of auditors • Resolve differences between management and auditors • Oversight of internal audit • Approval of non-audit services by auditor page 257
COSO components of internal controls • Control environment • Risk Assessment • Control procedures • Information and communication • Monitoring
2. Risk assessmentHow does the audit client manage risk? Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: Focus on risk oversight pages 183 & 259
Matt what can you assume when the Expected Rate of Return for an investment or project exceeds the interest rate on gov’t insured savings accounts ?
business is about managing risk otherwise companies should invest their money in gov’t insured savings accounts companies invest in risky assets and the auditors must understand how the company manages risks to convert those assets into cash receipts
How does the audit client manage risk? the little highlight boxes COSO Enterprise Risk Managementp. 259 Broader focus on Risk Managementp 183
COSO enterprise risk management • Internal Controlenvironment • Objective Setting • Event identification • Risk assessment • Risk response • Control activities procedures • Information and communication • Monitoring
COSO components of internal controls • Control environment • Risk assessment • Control procedures • Information and communication • Monitoring
3. Control Procedures Adequate segregation of duties Proper authorization of transactions & activities Adequate documents & records Physical controls over assets & records Independent checks on performance
3. Control Procedures Must separate p. 260 Custody of Assets from Accounting (Record-Keeping) Authorization of Trx from Custody of related Assets Operational Responsibility from Record-Keeping IT Duties from User Departments
3. Control Procedures Must separate p. 260 Custody of Assets Authorization of Transactions Record-Keeping
3. Control Procedures Adequate documents and records Pre-numbered documents • Checks • Purchase orders • Shipping documents
Kelly if you discover a check that was not recorded to which financial statement assertion does an unrecorded check relate ?