Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 Internal Controls McGraw-Hill/Irwin

Similar presentations

Presentation on theme: "Chapter 4 Internal Controls McGraw-Hill/Irwin"— Presentation transcript:

1 Chapter 4 Internal Controls McGraw-Hill/Irwin
Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.

2 Outline Objectives Definition of internal control
Internal control purposes Risk exposures COSO frameworks Examples 4-2

3 Objectives When you finish this chapter, you should be able to:
Define “internal control” and explain its importance in the accounting information system Explain the basic purposes of internal control Describe and give examples of various kinds of risk exposures Conduct a comprehensive risk assessment Summarize and explain the importance of the COSO documents on internal control Critique existing internal control systems and design effective internal controls 4-3

4 Definition of internal control
Most definitions of internal control contain four common elements: Internal control is a process Internal controls are designed to provide reasonable assurance Internal control necessarily involves people in the organization Internal controls provide that reasonable assurance in a few common areas 4-4

5 Internal control purposes
Broadly speaking, internal controls should help organizations: Safeguard their assets Ensure the reliability of financial statements Promote operating efficiency Encourage compliance with management’s directives 4-5

6 Risk exposures One good way to start designing internal controls is to think about an organization’s risks. Among the many good ways to think about risk is Brown’s taxonomy. 4-6

7 Risk exposures Operational risk Financial risk
Systems risk: related to information technology Human error risk: people in the organization might make mistakes Financial risk Market risk: changes in stock prices, investment values, interest rates Credit risk: customers’ unwillingness or inability to pay their debts Liquidity risk: insufficient cash to pay debts 4-7

8 Risk exposures Hazard risk Strategic risks
Officers’ and directors’ liability: people might break laws, resulting in personal penalties Strategic risks Legal and regulatory risk: people might break laws, resulting in penalties for the organization Business strategy risk: poor decision making related to market competition 4-8

9 COSO frameworks The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed frameworks related to internal control (1985) and enterprise risk management (2004). 4-9

10 COSO frameworks Internal Control: Integrated Framework
Control environment: the tone at the top Risk assessment: using a taxonomy to identify organizational risks Control activities: actual responses to risk. Preventive, detective, corrective General, application Information and communication: keeping people informed Monitoring: periodic reviews and updates In 2006, COSO published “Internal Control over Financial Reporting—Guidance for Smaller Public Companies” to provide suggestions for implementing Internal Control: Integrated Framework. 4-10

11 COSO frameworks Enterprise Risk Management: Integrated Framework
Internal environment: tone at the top Objective setting: organizational goals Strategic Reporting Operations Compliance Event identification: what can happen that may impede goals Internal External Risk assessment: likelihood and impact Inherent Residual 4-11

12 COSO frameworks Enterprise Risk Management: Integrated Framework (continued) Risk response: generic ways to deal with risk Avoid Accept Reduce Share Control activities: specific procedures for responding to risk Information and communication: keep people informed about what’s happening with risk and the plan Monitoring: Ongoing activities and / or separate evaluations that ensure the plan is updated as needed 4-12

13 Examples Although every organization’s approach to internal control is slightly different, certain controls are common in many organizations. The following slides contain some examples. 4-13

14 Examples Adequate documentation Background checks
Back-up computer files Back-up power supplies Bank reconciliation Batch control totals Data encryption Document matching Edit checks 4-14

15 Examples Firewalls Insurance and bonding Internal audits Limit checks
Lockbox systems Physical security Preformatted data entry screens Prenumbered documents Restrictive endorsements of checks 4-15

16 Examples Daily deposit of cash receipts Segregation of duties
User training All internal controls have associated costs—financial, operational and behavioral. The key is ensuring that the benefits outweigh the costs. 4-16

17 4-17

Download ppt "Chapter 4 Internal Controls McGraw-Hill/Irwin"

Similar presentations

Ads by Google