Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007"— Presentation transcript:

1 CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Introduction to Internal Control What is it Why is it so important? Limitations of Internal Control Responsibilities of involved parties Components of Internal Control (COSO)

2 What is Internal Control?
COSO Definition: The processes implemented by the BOD and management to help ensure: Reliability of financial reporting. Compliance with applicable laws and regulations. Effectiveness and efficiency of operations.* * This is not included in the SOX definition of IC

3 Why is internal control SO important?
The businesses we audit rely on numerous reports and analyses to control operations. Good system reduces the possibility that errors or fraud will occur. Audit more efficiently and effectively if rely on the client’s internal controls. Professional standards and laws require that the auditors’ consider it. Expectations of f/s users!

4 Limitations of Internal Controls
Mistakes in judgment Breakdowns Collusion Management Fraud

5 Responsibilities Regarding Internal Controls in F/S Audit
Management Establish, set tone at top BOD and Audit Committee Oversee Internal Auditors Part of system External Auditor: 1. Review & document understanding 2. Test control where think are reliable Determine audit strategy Communicate problems to AC of BOD

6 External Auditor Responsibilities
Review & document understanding of system to form preliminary CR assessment. Prior experience w/ client Inquiry & client documentation Walkthroughs Understand process flow of transactions Confirm design of controls for all I/C components Evaluate the design of controls Determine if controls were placed in operation

7 External Auditor Responsibilities
Auditor documentation of Controls The form and extent of documentation is influenced by the size and complexity of the entity, and the nature of the entity’s IC. Questionnaires Flowcharts Narrative Memos Will also need to document the results of any testing of the system

8 External Auditor Responsibilities
2. Test controls where CR < max. Is preliminary CR assessment supported? Chapter 11 covers in more detail Audit procedures Review previous experience with the client Inquire of appropriate client personnel Inspect documents and records Observe entity activities and operations CAATs

9 External Auditor Responsibilities
3. Determine audit strategy Communicate with audit committee (SAS 112) Effective for calendar year 2006 audits Terminology to conform with 404 Significant deficiency Material weakness Increase reasons for issuing management letters

10 COSO Components

11 Control Environment Sets tone of organization, influencing control consciousness of its people Is part of organizational culture Factors include: Management’s philosophy and operating style Integrity and ethical values Competence of employees Authority appropriately delegated BOD and AC governance and monitoring mgmt

12 Illustration of Poor Control Environments
Miami childcare Worldcom testimony

13 Risk Assessment Process
Management has a process for considering how their business could be adversely impacted by: Business risks Fraud risks Legal risks Technology risks Financial reporting risks Forms the basis for determining control activities

14 Control Activities Policies and procedures to ensure reliable financial reporting. Should link with risk assessment Cost benefit: preventive vs. detective (compensating) controls

15 Control Activities: Categories
Authorization Segregation of Duties Information processing Computer general controls Computer application controls Controls over financial reporting Physical controls Performance reviews Controls over management discretion in financial reporting

16 Control Activities: Authorization
Are transactions approved? Ways to approve General policy vs. specific authorization Manual vs. computerized Relates to primarily to transaction objective of occurrence

17 Control Activities: Segregation of Duties

18 Control Activities: Information Processing Controls
General Controls Relate to the overall system rather than a specific software package Examples: Physical and password control over IT access Backup and processing controls Systems development and documentation Segregation of duties within IT department (user vs. development) Internal hardware controls to detect malfunctioning

19 Control Activities: Information Processing Controls
Computer Application Controls Controls within a particular software application that make sure transactions done right! Categories of computer application controls Input: “beep” if info in wrong format or content Processing: make sure nothing lost, duplicated, calculated wrong, or wrong files used internally Output: Make sure what went in is what came out, and that only the right folks get the information

20 Control Activities: Controls Over the Financial Reporting Process
General Journal Sales Journal Spread-sheets or Consolidation Software Cash Receipts Journal Trial Balance G/L F/S Cash Disb Journal How is this process controlled? Purchases Journal

21 Control Activities Continued
Physical Controls Limit access to assets directly and through documents Ex: Lock inventory in warehouse and lock up unused checks or authorizations Performance Reviews Someone who didn’t prepare info periodically looks at details Ex: Production mgr reviews payroll details, Dept managers review budget to actual

22 Control Activities: Controls Over Mgmt Discretion in Financial Reporting
Controls over judgmental areas in accounting Selection of GAAP where there is choice Disclosures Estimates or judgmental application of standards Tools Documentation of logic/support Review process Disclosure committee Accounting & operational members Review issues with Audit committee

23 Information and Communication
Pertinent information identified, captured and communicated in a timely manner. IT Systems and Management Reporting Transactions Audit Trail Documents & Records Management communications with employees & customers, suppliers, regulators and owners

24 Monitoring Assessment of a control system’s performance over time
Combination of ongoing and separate evaluation Management and supervisory activities Examples: Internal audit department System for customer complaints Whistleblower process to audit committee

25 Antifraud Programs and Controls

Download ppt "CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007"

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Internal Control.

Internal Control.
The Islamic University of Gaza

The Islamic University of Gaza
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Review of Introduction to Auditing

Review of Introduction to Auditing
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.

Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.
Chapter 10 Internal control and Control Risk.

Chapter 10 Internal control and Control Risk.

Similar presentations

Ads by Google