300 likes | 419 Views
Chapter 13. Control and Accounting Information Systems. Introduction. Control - the process of exercising a restraining or directing influence over the activities of an object, organism, or system The goal is to prevent losses from the many possible hazards that businesses face.
E N D
Chapter 13 Control and Accounting Information Systems
Introduction • Control - the process of exercising a restraining or directing influence over the activities of an object, organism, or system • The goal is to prevent losses from the many possible hazards that businesses face. • The accountant’s job is to take a proactive approach to eliminating threats and detect, correct, and recover from threats if they occur.
Introduction • Threat - any potential adverse occurrence or unwanted event that could injure either the AIS or the organization • Exposure - the potential dollar loss of a particular threat if that threat occurs • Risk - the likelihood that the threat will actually come to pass
Overview of Control Concepts • Historical developments • 1949 - AIA • 1958 - SAP No. 29 • 1972 - SAP NO. 54 • 1977 - Foreign Corrupt Practices Act • 1981 - Research Foundation of the FEI • 1988 - SAS No. 55 • 1992 Committee of Sponsoring Organizations (COSO)
Overview of Control Concepts • Internal control - the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed management policies • Management control - designed to reduce errors and irregularities and help employees achieve goals by following policies
Overview of Control Concepts • Administrative controls - help ensure operational efficiency and adherence to managerial policies • Accounting controls - safeguard assets and ensure the reliability of accounting records • Internal control structure - policies and procedures established to provide reasonable assurance that objectives will be achieved
Overview of Control Concepts • Internal control classifications • Preventive, Detective, and Corrective • Feedback and Feedforward • General and Application • Input, Processing, and Output
Internal Control Classifications • Preventive - designed to stop problems before they arise • Detective - designed to find problems if they arise • Corrective - designed to fix problems once they are found • Find the cause of the problems • Correct the results of the problem • Modify the system to keep problem from happening again
Internal Control Classifications • Feedback controls - measure a process and correct it when deviations from normal occur • Feedforward controls - monitor a process and inputs to that process and try to predict potential problems
Internal Control Classifications • General controls - ensure that the control environment is stable and well managed to enhance the effectiveness of application controls • Application controls - used to prevent, detect, and correct errors and irregularities during processing
Internal Control Classifications • Input controls - ensure that only accurate, valid, and authorized data are entered into the system • Processing controls - ensure that all data are processed completely and accurately and all applicable files are updated correctly • Output controls - ensure that output is properly controlled
The Foreign CorruptPractices Act • Passed by Congress in 1977 in response to a bribery scandal • Primary purpose was to prevent the bribery of foreign officials in order to obtain business • Significant effect was to require all publicly traded companies to have a good system of internal controls
The Foreign CorruptPractices Act • Requires all SEC registrants to have a system that provides reasonable assurance that: • Transactions are executed with management’s authorization • Transactions are recorded to permit preparation of financial statements and maintain accountability for assets • Access to assets is permitted only with authorization • Recorded assets are compared to existing assets and action taken with respect to differences
Committee on Sponsoring Organizations (COSO) • Defined internal control as the process implemented to provide reasonable assurance that control objectives are achieved with regard to: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations
Committee on Sponsoring Organizations (COSO) • Five interrelated components of internal control: • Control environment • Control activities • Risk assessment • Information and communication • Monitoring
The Control Environment • Management philosophy and operating style • Employees follow the lead of management. • Assessing management’s philosophy: • Does management take undue risks to achieve objectives? • Does management attempt to manipulate performance measures to make the company look better? • Does management pressure employees to achieve results regardless of the methods required?
The Control Environment • Organizational structure - defines the lines of authority and responsibility and provides the overall framework for how things are done • Audit Committee of the Board of Directors - composed of entirely outside directors (directors who are not employees of the company) - provides an independent review of management
The Control Environment • Methods of assigning authority and responsibility - job descriptions, employee training, and operating plans, schedules, and budgets • Formal code of conduct addresses issues such as ethics, acceptable business practices, and conflicts of interest. • Written policy and procedures manuals spell out exactly what is expected of employees.
The Control Environment • Human resources policies and procedures - rules for hiring, evaluating, compensating, and promoting employees • Hire and promote employees based on performance. • Background checks on applicants are very important. • External influences - FASB or SEC requirements and government regulations
Control Activities • Control activities - rules that provide reasonable assurance that management’s control objectives are achieved. • Five categories: • Proper authorization of transactions and activities • Separation of duties • Design and use of adequate documents and records • Adequate safeguards over assets and records • Independent checks on performance
Control Activities • Proper authorization • General authorization - authorize employees to handle routine transactions without explicit approval from management (daily sales) • Specific authorization - require employees to obtain approval for unusual or large transactions (sale in excess of a certain amount, write off of an A/R over a certain amount)
Control Activities • Separation of duties - no single employee should have too much responsibility - must separate the authorization, recording and custody of assets involved in a transaction • Documents and records - help to ensure accurate and complete recording of all relevant data about transactions and events • Keep forms simple and include room for authorization
Control Activities • Safeguarding of assets - both physical assets and information • Supervise and separate duties • Maintain accurate records • Restrict physical access to assets • Restrict access to certain critical locations • Physically protect documents and records • Control the environment • Restrict access to systems with passwords
Control Activities • Independent checks • Reconciliation of two independent sets of records • Comparison of actual quantities to recorded amounts • Double-entry accounting • Batch totals (financial total, hash total, record count, line count, cross-footing balance test) • Independent review for authorization, supporting documentation, and accuracy
Risk Assessment • Steps in assessing risk: • Identify threats - natural or manmade • Estimate the risk - likelihood that a threat will happen • Estimate exposure - potential dollar loss • Identify controls - consider effectiveness and timing • Estimate costs and benefits - design to provide reasonable assurance • Determine cost/benefit effectiveness
Risk Assessment • Compliance with the Foreign Corrupt Practices Act • Document existing control system • Evaluate the quality of the internal control system - within bounds of reasonable assurance • Evaluate the costs and benefits of instituting controls • Weigh the costs and benefits to determine whether more control is needed
Information and Communication • The primary purpose of an AIS is to record, process, store, and communicate information about an organization; therefore, accountants must understand: • how transactions are initiated • how data are captured • how computer files are accessed and updated • how data are processed to prepare information • how information is reported to internal users and external parties
Information and Communication • According to the AICPA, an AIS has 5 primary objectives • Identify and record all valid transactions • Properly classify transactions • Record transactions at their proper value • Record transactions in the proper period • Properly present transactions and related disclosures in the financial statements
Monitoring Performance • Effective supervision - training and assisting employees, monitoring performance, correcting errors, and safeguarding assets by overseeing employees who have access to them • Responsibility reporting - use of budgets, quotas, standard costs, and investigation of variances
Monitoring Performance • Internal auditing - reviewing the reliability of financial and operating information and providing and appraisal of internal control effectiveness • Also involves assessing employee compliance with policies and procedures and applicable laws and regulations and assessing the efficiency and effectiveness of management • Internal audit must be separate from accounting and operating functions of the organization