Presentation on theme: "Internal Control Basic Concepts 2 Why do stores use cash registers? zTo safeguard assets zTo insure accuracy and reliability of accounting data zTo provide."— Presentation transcript:
Internal Control Basic Concepts
2 Why do stores use cash registers? zTo safeguard assets zTo insure accuracy and reliability of accounting data zTo provide efficiency in operations zTo encourage adherence to prescribed policies & procedures
3 Why Consider Internal Controls? zThe second standard of fieldwork: yA sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed. zTo ensure that the companys objectives are being met.
4 Internal Control Basics The Auditing Standards Board (ASB) has defined the internal control structure as the policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved. SAS No. 55 and No. 78 relate to the internal control structure.
5 Internal Control Basics zRecently, the Information Systems Audit and Control Foundation (ISACF) developed the Control Objectives for Information and related Technology (COBIT) yBusiness aspects yIT resources yIT processes
6 Internal Control Basics The Committee of Sponsoring Organizations (COSO) defines internal control as the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to the following: 1.Effectiveness and efficiency of operations 2.Reliability of financial reporting 3.Compliance with applicable laws and regulations
7 COSO Integrated Framework
8 Internal Control Components zControl Environment - The collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. yIntegrity and Ethical Values yManagements Philosophy and Operating Style yOrganizational Structure yThe Board of Directors and the Audit Committee yMethods of Assigning Authority and Responsibility yHuman Resources Policies and Practices yExternal Influences
9 Internal Control Components zRisk Assessment - This is the entitys identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed. yIdentify Threats yEstimate Risk yEstimate Exposure yIdentify Controls yEstimate Costs and Benefits
10 Internal Control Components zControl Activities - Policies and procedures in addition to the control environment and risk assessment that provide reasonable assurance that entity objectives will be achieved. yS egregation of duties yC omparisons and compliance monitoring yA dequate documents and records yL imited access to and use of assets and records yP roper authorization of transactions and activities
11 Internal Control Basics zClassifications yPreventive, Detective, Corrective yGeneral and Application yInput, Processing, and Output
12 Internal Control Components zInformation and Communication - This area deals with the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. yIdentify and record all valid transactions (existence & completeness) yProperly classify transactions (presentation) yRecord transactions at their proper monetary value (valuation) yRecord transactions in the proper accounting period (allocation) yProperly present transactions and related disclosures in the financial statements. (presentation & disclosure)
13 Internal Control Components zMonitoring - The process that assesses the quality of the internal control performance over time. yEffective supervision yResponsibility accounting yInternal auditing
14 Document Your Understanding zNarrative zFlowchart zQuestionnaire
15 Internal Control Risk zRt = IR x CR x DR zSAS No. 47 requires the auditor to asses control risk. Maximum control risk is 100%
16 Assessing Control Risk zStart with the assertions yExistence or Occurrence yCompleteness yRights and Obligations yValuation or Allocation yPresentation and Disclosure
17 Assessing Control Risk zMatch the documented control procedures with the assertions zThree considerations: yAre there adequate controls in place? yAre the controls in place designed adequately? yAre the controls in place operating effectively?
18 Tests of Controls zInquiry zInspection zObservation zRe-performance
19 Additional Issues zSAS No. 55 requires documentation of the assessed level of control risk zSAS No. 60 requires the auditor to communicate any reportable conditions to the audit committee