1 / 32

Internal Control

Internal Control. Elements of Internal Control Process. Provide reasonable assurance regarding achievement of objectives in: Reliability of financial reporting Effectiveness and efficiency of operations Compliance with laws and regulations. Why the emphasis on internal control?.

meara
Download Presentation

Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Control

  2. Elements of Internal Control Process • Provide reasonable assurance regarding achievement of objectives in: • Reliability of financial reporting • Effectiveness and efficiency of operations • Compliance with laws and regulations

  3. Why the emphasis on internal control? • Federal Foreign Corrupt Practices Act of 1977: Section 102 • Keep books, records and accounts in reasonable detail which accurately and fairly reflect transactions and disposition of assets • Devise and maintain system of internal controls to provide reasonable assurance that: • Transactions executed and recorded • Authorized access to assets • Periodic comparison of recorded accountability to existing assets

  4. SOX/Sarbox/SOA • Restriction on nonaudit services • Maintain properly funded audit committee • Top Management Officer cannot be hired directly from audit firm • CEO and CFO must ensure that financial statements fairly present operations and financial conditions • Must disclose code of ethics • Annual report contains assessment of the effectiveness of internal control structure and procedures for financial reporting

  5. Other features of SOX • Companies will have to issue 8-Ks in real time when something big and unexpected happens. Under Section 409, companies must report material changes in the financial or operating condition of the company "on a rapid and current basis.“

  6. Section 404: Auditors must attest to and report on management's assessment of internal controls.

  7. Other features of SOX • Corporate executives have a duty to disclose questionable practices within global operations

  8. Internal Control Process Control Environment Bridge, Mike and Ian Moss. “COSO back in the limelight”http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

  9. Control Environment • Integrity and ethical values • Ethics and corporate culture • Commitment to competence • Management philosophy and operating style • Responsibility and commensurate authority • Human resources • Segregation of duties • Adequate supervision • Job rotation and forced vacations • Dual control

  10. Internal Control Process Risk Assessment Bridge, Mike and Ian Moss. “COSO back in the limelight”http://www.pwc.com/extweb/indissue.nsf/docid/41D0EC9E16678147CA256D030038030B

  11. Common Exposures • What are the common exposures within a computer-based information system?

  12. Common Exposures • Excessive Costs • Deficient Revenues • Loss of Assets (theft, violence, natural disaster) • Inaccurate Accounting • Business interruption (Denial of service attacks) • Fraud and Embezzlement • Unintentional human error

  13. Fraud -- What is auditor’s role? • Three types of white-collar crime • Management Fraud: diversion or misrepresentation of assets • Fraudulent Financial Report: intentional or reckless conduct that results in materially misleading financial statements • By purposeful act or by omission • Corporate Crime: benefits company vs individuals who commit the fraud • Cost overcharge on defense contract

  14. COSO STUDY ON FRAUD IN FINANCIAL REPORTING • Corruption involves fraudulent financial reporting • Violations generally the result of deficiencies in corporate governance and internal controls

  15. COSO STUDY ON FRAUD IN FINANCIAL REPORTING • Findings: • Typical financial reporting fraud schemes involved the overstatement of revenues and assets • Revenues were recorded prematurely or fictitiously • Overstating assets by understating allowances for receivables, overstating the value of tangible assets, and/or recording non-existent assets • CEO and/or CFO involved in 83 percent of cases • Insiders committed 85% of worst fraud • Over 50% were from management level • Average misstatement or misappropriation of assets was $25 million

  16. Common Exposures • How would you ascertain the likelihood that a given exposure will exist?

  17. Security Concerns • Reasonable Assurance Framework • What are the threats? • What is likelihood that a threat will occur? • What is potential damage from threat?(Exposure = risk * consequence) • What controls can be used to minimize damage? • What is the cost of implementing the control?

  18. Control Activities • What controls provide reasonable assurance that reduce exposure • Preventative • Detective • Corrective

  19. Segregation of duties Authorization Recording Custody Reliability of personnel Competence of personnel Training of personnel Definition of responsibilities Rotation of duties Preventative Controls Automated systems tend tointegrate these areas

  20. Preventative Controls – cont’d • Adequate documents and records to ensure proper recording of transactions • Pre-numbered documents (prevent or detect) • Pre-coded forms • Appropriate authorization • Designed for easy use • Restricted access to assets • Physical controls • Depends on effectiveness of processes • Do you safeguard keys, combinations, passwords, etc.? • Close supervision

  21. Preventative Controls – cont’d • Application Controls – Input • Authorization • General – automatic recorder point in inventory • Specific – request is routed through person with authority • Formatted input – prevents errors • Format check – data entered in proper mode • Reasonableness check – compare with expected range of values • Validity check – matched to acceptable set of values • Restrict access • Passwords/biometrics/etc. • Key verification – re-enter data

  22. Detective Controls • Accountability of input (anticipation) • Completeness of input • Various forms of “totals” • Visual verification • Turnaround document • Correctness of input • Format (detects if invalid date) • Limit and validity checks (prevent and detect) • Approval (subsequent to authorization)

  23. Detective Controls – cont’d • Completeness of Processing • Reconciliation • Aging • Suspense files • Periodic Audit • Activity Log • Correctness of Processing • Summaries • Overflow • Sequence checks

  24. Detective Controls – cont’d • Physical inventory • Management review • Transaction trail

  25. Corrective Controls • Backup and recovery • How do you recover to the last transaction? • Transaction trail? • Automatic error correction

  26. How do you evaluate internal controls? • Internal Control Checklist • Institute of Internal Auditors

  27. Discussion Question 24, pg 25 • Are these examples of good internal control? • Purchase requisitions made verbally by departments to purchasing agent • Clerk responsible for raw material inventory records does not have access to storeroom where materials are kept • Receiving operation related to shipments handled by clerks responsible for managing storeroom where material are kept • Purchase orders prepared by clerks responsible for managing storeroom where materials are kept

  28. Discussion Question 24, pg 25 • Are these examples of good internal control? • Employees who count goods received do not know how many were ordered • Periodic physical inventory conducted by clerks responsible for managing storeroom where materials are kept • Purchase orders compared to receiving reports before vendors are paid

  29. Question 52, pg 144 • Identify controls that would detect: • Clerks steal percentage of cash sent as donation to non-profit • Employees mail personal letters at company expense • Clerk posts payment as 53 instead of 35 • Unintentional • Intentional (to friends account) • Bill customer for item never shipped • Duplicate payment of invoice • Customer not billed for item shipped

  30. Question 54, pg 146

  31. Assignment, Question 65, pp 150-2 • Identify all of the controls in place • Classify the controls using the Application Controls Matrix, Fig 4.9, pg 133

More Related