430 likes | 454 Views
PART I - I. OVERVIEW. “ There is Nothing Permanent Except Change”. - Heraclitus, a Greek Philosopher 500 BC. Today’s business environment only underscores the truth of Heraclitus’ view. Change seems even present and constant.
E N D
PART I - I OVERVIEW
“There is Nothing Permanent Except Change” - Heraclitus, a Greek Philosopher 500 BC. Today’s business environment only underscores the truth of Heraclitus’ view. Change seems even present and constant. The profession of internal auditing is taking advantage of these changing times by becoming more relevant to management and providing greater value to achieving management’s business objectives This course provides basic perspective and tools, utilized by internal auditors today as they address the changing needs of their management.
An Ancient Responsibility For centuries, merchants and businessmen have employed auditors to verify the effectiveness and profitability of their marketing efforts and to protect themselves against loss from error and fraud. THE NATURE OF INTERNAL AUDITING
The profession of auditing in general and internal auditing in particular is ancient. • It had its genesis with the development of political and commercial organizations and the growth of auditing followed that of economic institutions. • To control wealth, owners established overseers- the first auditors- to protect and ensure accountability for their assets.
A DYNAMIC PROFESSION • The role of internal auditors remained essentially the same. That of detecting and determining fraud until the early 1990’s. • At that time, there was an emergence of “professional” and “scientific” management techniques and a new focus on efficiency and effectiveness of business operations.
US Securities Act of 1933 and 1934 increased the responsibility of management to provide accurate financial information and increased the emphasis on the review of financial and accounting processes and information.
Resetting of Priorities From : Preventing and detecting fraud and work to improve business operations. To : Reviewing the controls over the accuracy of accounting and financial information
1941- Institute of Internal Auditors was formed in New York. 1977- Foreign Corrupt Practices Act (FCPA)
The result of the FCPA for many internal auditors was to force a revision in their focus. Internal auditors are now asked to address the process or system of internal control rather than directly assessing the accuracy of account balances. The external auditor, on the other hand, primarily is responsible for determining if the levels of the various pools of assets are accurately measured and reported.
1992 - Committee of Sponsoring Organizations (COSO) of the Treadway Commission (Commission on Fraudulent Financial Reporting) Report Internal Control – Integrated Framework, September 1992. Integrated Guidance on Internal Control as a common reference point for the evaluation of internal control systems.
Today, the internal auditing profession functions to assist management in achieving the objectives of the enterprise. The primary focus is to provide assurance to management that there is an effective system of internal control established to help ensure achievement of enterprise/ agency objectives.
PART I - II INTERNAL CONTROL FUNDAMENTAL CONCEPTS
INTERNAL CONTROL Evolution of Management Theory
Beginning in the 1970s, a series of activities began to focus greater attention on the internal control structure of organizations. The preponderance of activity concerning internal control occurred in the fields of systems design and auditing, focusing on the ways to improve internal control systems and to best consider them in audits. Evolution of Management Theory
a.Watergate As a result of the 1973-1976 Watergate investigations, legislative and regulatory bodies began to give significant attention to internal control. Separate investigations by the Office of the Watergate Special Prosecutor and the SEC revealed that a number of major US corporations had been making illegal domestic political contributions and questionable or illegal payments, including bribes, to foreign government officials. Evolution of Management Theory
In response to these investigations, a bill was introduced and ultimately became enacted as the Foreign Corrupt Practices Act of 1977 (FCPA). b.Foreign Corrupt Practices Act of 1977 (FCPA) In addition to the anti-bribery provisions, the FCPA contains provisions pertaining to accounting and internal control. Provisions required corporations to devise and maintain a system of internal accounting control adequate to accomplish certain objectives.
c. Cohen Commission The Commission on Auditor’s Responsibilities recommended in 1978 that management present a report along with the financial statements that disclosed the condition of the organization’s internal control system.
d. Securities and Exchange Commission In 1979, the SEC took the Cohen Commission and Financial Executives Institute (FEI) actions a step further and proposed rules for mandatory management reports on an entity’s internal accounting controls.
e. Minahan Committee The AICPA in 1979 formed the Special Advisory Committee on Internal Control to provide guidance about establishing and evaluating internal control. This “Minahan Committee” formed just prior to the enactment of the FCPA, was created to address a perceived void in internal control guidance. Existing guidance was contained mainly in the professional auditing literature and had been developed especially for auditors. Additional guidance was deemed necessary to assist management in meeting its internal control responsibilities.
f. Financial Executives Research Foundation In response to the FCPA, the Financial Executives Research Foundation (FERF) engaged a research team to study the state of the art of internal control in U.S. corporations. One major contribution of the study, published in 1980, was the cataloging of the internal control characteristics, conditions, practices and procedures, and the identification of wide diversity of views concerning definition, nature and purpose of internal control and how effective internal control should achieve.
f. Financial Executives Research Foundation A second report, related FERF research study, published in 1981, identified broad, conceptual criteria for evaluating internal control.
g. Treadway Commission The National Commission on Fraudulent Financial Reporting, known as Treadway Commission, was created in 1985 by the joint sponsorship of the AICPA, American Accounting Association, FEI, IIA, and IMA. The Commission’s Report issued in 1987, made several recommendations directly addressing internal control.
g. Treadway Commission The Commission’s Report Recommendations: It emphasized the importance of the control environment, codes of conduct, competent and involved audit committees and an active and objective internal audit function. It renewed the call for management reports on the effectiveness of internal control.
h. COSO As a direct response to the Treadway Commission recommendation on the development of a consensus definition, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission published Internal Control - Integrated Framework in 1992.
COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) OF THE TREADWAY COMMISSION AMERICAN INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS (AICPA) AMERICAN ACCOUNTING ASSOCIATION THE INSTITUTE OF INTERNAL AUDITORS (IIA) INSTITUTE OF MANAGEMENT ACCOUNTANTS FINANCIAL EXECUTIVES INSTITUTE (FEI)
Significance of the COSO Framework: • It represents the first concensus definition for internal control. • Defined internal control broadly rather than restricting it to financial or accounting terms only. • Suggested guidelines for evaluating the effectiveness of an entity’s system of internal control.
INTERNAL CONTROL Definition: • “ A process, effected by an entity’s board of directors, management and other personnel,” designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations. • Reliability of Financial and Operational Reporting. • Compliance with applicable laws and regulations. • Safeguarding of assets and information. COSO Internal Control –Integrated Framework Definition
INTERNAL CONTROL Definition: • “ An integral process, effected by an entity’s board of directors, management and other personnel,” designed to address risks and to provide reasonable assurance that in the pursuit of the entity’s mission, the following general objectives are achieved: • Executing orderly, ethical, economic, effective and efficient operations. • Fulfilling accountability obligations. • Complying with applicable laws and regulations. • Safeguarding resources against loss, misuse and damage. INTOSAI Guidelines for Internal Control Standards for Public Sector - Definition
The COSO definition reflects certain fundamental concepts: • Internal control is a process. It is a means to an end, not • an end in itself. • Internal control is effected by people. It is not merely policy manuals and forms, but people at every level of an organization. • Internal control can be expected to provide only a reasonableassurance, not absolute assurance, to an entity’s management and board. • Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
1 A Process Internal Control is not one event or circumstance, but a series of actions that permeate an entity’s activities. These actions are pervasive, and are inherent in the way management runs the business. 1 Although referred to as “ a process”, internal control may be viewed as a multiplicity of processes.
A Process Business processes, which are conducted within or across organization units or functions, are managed through the basic management process of planning, executing and monitoring. Internal Control is part of these processes and is integrated with them. It enables them to function and monitors their conduct and continued relevancy. It is a tool used by management, not a substitute for management.
People Internal Control is effected by a board of directors, management and other personnel in an entity. It is accomplished by the people of an organization, by what they do and say. People establish the entity’s objectives and put control mechanisms in place.
People Similarly, internal control affects people’s actions. Internal control recognizes that people do not always understand, communicate and perform consistently. Each individual brings to the workplace a unique background and technical ability, and has different needs and priorities. These realities affect, and are affected by, internal control. People must know their responsibilities and limits of authority.
Reasonable Assurance Internal control, no matter how well designed and operated, can provide only reasonable assurance to management and the board of directors regarding achievement of an entity’s objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems.
Reasonable Assurance These include the realities that human judgment in decision-making can be faulty, persons responsible for establishing controls need to consider their relative costs and benefits, and breakdowns can occur because of human failures such as simple error or mistake. Additionally, controls can be circumvented by collusion of two or more people. Finally, management has the ability to override the internal control system.
Objectives Every entity sets out on a mission, establishing objectives it wants to achieve and strategies for achieving them. Objectives may be set for an entity as whole, or be targeted to specific activities within an entity. Though many objectives are specific to a particular entity, some are widely shared. Achievement of objectives, which are based largely on standards imposed by external parties, depends on how activities within the entity’s control are performed.
Internal Control Components • Control environment, including the integrity and competence of employees, the style of management and the methods of oversight applied by the board of directors. • Risk assessment, which includes the setting of business objectives and the means of evaluating relevant risk to achieving these objectives.
Internal Control Components • Control activities, which are the specific actions, policies, procedures, etc., put in place to ensure business objectives are achieved. • Information and communication, which includes identifying and communicating information necessary to enable employees and managers to carry out their jobs. • Monitoring or evaluating the effectiveness of the overall control system.
CHARACTERISTICS OF A STRONG CONTROL ENVIRONMENT Well defined hierarchical management structure effective and efficient; Clear written functions and tasks that are specifically assigned to organization segments and positions; Competent personnel well selected and motivated; Responsibility communicated and understood;
CHARACTERISTICS OF A STRONG CONTROL ENVIRONMENT Specific delegation of authority; Soundly prepared budgets and timely budget controls; Timely and useful management reports; Commitment of management to adequate controls;
CHARACTERISTICS OF A STRONG CONTROL ENVIRONMENT Security of computerized information and effective computer installation; Establishment of control methods for monitoring and following up on performance, including internal auditing; and Clear government laws and regulations relating to the organization’s operations and practices including examinations/inspection by regulatory agencies.