Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9: Introduction to Internal Control Systems

Published byAshlynn Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9: Introduction to Internal Control Systems"— Presentation transcript:

1

2 Chapter 9: Introduction to Internal Control Systems
1992 COSO Report Updates on Risk Assessment & 2013 Update Examples of Control Activities 2011 COBIT, Version 5 Types of Controls Evaluating Controls

3 Introduction – Fraud (Ch 11) & Errors
Errors may be the result of many factors Distractions – Concurrent tasks, work environment, personal situations, Complexity – It’s easier to complete a simple task than a hard one. Limitations – Fatigue, cognitive limitations, etc. Errors

4 Internal Control Systems
Definition Policies, plans, and procedures Implemented to protect a firms assets People Involved Board of directors Management Other key personnel

5 Internal Control Systems
Provides reasonable assurance Effectiveness and efficiency of operations Reliability of financial reporting Protection of Assets Compliance with applicable laws and regulations Important Guidance Statement on Auditing Standard No. 94 Sarbanes-Oxley Act of 2002

6 Risk Control Strategies
Avoidance- Policy, Training and Education, or Technology Transference – shifting the risk to other assets, processes, or organizations (insurance, outsourcing, etc.) Mitigation – reducing the impact through planning and preparation Acceptance – doing nothing if the cost of protection does not justify the expense of the control

7 Internal Control System Objectives
Safeguard assets Check the accuracy and reliability of accounting data Promote operational efficiency Enforce prescribed managerial policies

8 Information System Goals – CIA Triangle
Confidentiality Integrity Availability

9 CIA Triangle Confidentiality – Insuring that information is accessible only by those who are properly authorized Integrity – Insuring that data has not be modified without authorization Availability – Insuring that systems are operational when needed for use

10 Background Information on Internal Controls

11 Background Information on Internal Controls

12 Background Information on Internal Controls

13 1992 COSO Report Defines internal control and components
Presents criteria to evaluate internal control systems Provides guidance for public reporting on internal controls Offers materials to evaluate an internal control system

14 Components of Internal Control – COSO 1992
Control Environment Management’s oversight , integrity, and ethical principles Attention and direction by board of directors Management’s philosophy and operating style Method of assigning authority and responsibility Method of organizing and developing employees

15 Components of Internal Control – COSO 1992
Risk Assessment Identify organizational risks Analyze potential of risks (cost and occurrence) Cost-benefit analysis Control Activities Policies and procedures Manual and automated

16 Components of Internal Control – COSO 1992
Information and Communication Inform employees Roles and responsibilities Importance of good working relationships Monitoring Evaluation of internal controls Initiate corrective action when necessary

17 2004 COSO Enterprise Risk Management Framework
Emphasizes enterprise risk management Includes COSO (1992) control components Three new components Objective setting Event identification Risk response

18 2004 COSO Enterprise Risk Management Framework

19 Components of Internal Control – COSO 2004
Objective Setting Strategic – high level goals and mission Operations – day-to-day efficiency, performance, and profitability Reporting – internal and external Compliance – laws and regulations

20 Components of Internal Control – COSO 2004
Event Identification and Risk Response Identify threats Analyze risks Implement cost-effective countermeasures Additional considerations Risk tolerance Cost-benefit trade-offs

21 COSO 2013 Objectives Update Content - Reflect changes in business & operating environments Broaden Application - Expand operations and reporting objectives Clarify Requirements - Articulate principles to facilitate effective internal control

22 COSO 1992, 2004, 2013

23 Update considers changes in business and operating environments
Environments changes... …have driven Framework updates Expectations for governance oversight Globalization of markets and operations Changes and greater complexity in business Demands and complexities in laws, rules, regulations, and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud COSO Cube (2013 Edition)

24 Update articulates principles of effective internal control
Control Environment Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability Risk Assessment Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant change Control Activities Selects and develops control activities 11. Selects and develops general controls over technology Deploys through policies and procedures Information & Communication Uses relevant information Communicates internally Communicates externally Monitoring Activities Conducts ongoing and/or separate evaluations Evaluates and communicates deficiencies

25 Update describes important characteristics of principles, e.g.,
Control Environment The organization demonstrates a commitment to integrity and ethical values. Points of Focus: Sets the Tone at the Top Establishes Standards of Conduct Evaluates Adherence to Standards of Conduct Addresses Deviations in a Timely Manner Points of focus may not be suitable or relevant, and others may be identified Points of focus may facilitate designing, implementing, and conducting internal control There is no requirement to separately assess whether points of focus are in place

26

27 Risk Assessment Worksheet

28 Study Break #4 Which of the following is not one of the three additional components that was added in the 2004 COSO Report? Objective setting Risk assessment Event identification Risk response

29 Examples of Control Activities
Good Audit Trail Sound Personnel Policies and Practices Separation of Duties Physical Protection of Assets Reviews of Operating Performance

30 Good Audit Trail Use of Audit Trail Purpose of Audit Trail
Follow path of data recorded in transaction Initial source documents to final disposition of data Data on reports back to source documents Purpose of Audit Trail Verify accuracy of recorded transactions Detect errors and irregularities

31 Sound Personnel Policies
Retain as is (except for bold) - Prathima

32 Separation of Duties Purpose Separate Related Activities
Structure of work assignments One employee’s work checks the work of another Separate Related Activities Authorizing transactions Recording transactions Maintaining custody of assets

33 Physical Protection of Assets
Inventory Controls Stored in safe location with limited access Utilization of Receiving Report Document Controls Protecting valuable organizational documents Corporate charter, major contracts, blank checks, and SEC registration statements

34 Physical Protection of Assets
Cash Control Most susceptible to theft and human error Fidelity bond coverage Use checks for cash disbursements Deposit the daily cash receipts intact

35 Reviews of Operating Performance
Internal Audit Function Reports to Audit Committee of Board of Directors Independent of other subsystems Enhances objectivity Duties of Internal Auditors Operational audits Regular reviews of internal control systems

36 Study Break #5 Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees? Analysis, authorizing, transactions Custody, monitoring, detecting Recording, authorizing, custody Analysis, recording, transactions

37 2011 COBIT, Version 5 Control Objectives for Information and related Technology (COBIT) Strategic alignment Realization of expected benefits of IT Continual assessment of IT investment Determine risk appetite Measure and assess performance of IT resources

38 COBIT and Val IT Integration

39 Types of Controls Preventive Controls Detective Controls
Prevent problems from occurring Detective Controls Alert managers when preventive controls fail Corrective controls Solve or correct a problem

40 Evaluating Controls Requirements of Sarbanes-Oxley Act
Statement of management responsibility for internal control structure Assessment of effectiveness of internal control structure Attestation of auditor on accuracy of management’s assessment

41 Cost-Benefit Analysis

42 Risk assessments are tricky
Choose between two treatments for 600 people affected by a deadly disease "Saves 200 lives“

43 Risk assessments are tricky
Choose between two treatments for 600 people affected by a deadly disease "400 people will die"

44 A Risk Matrix

45 Chapter 9

46 The Risk Management Process
Identify IT Assets Assess IT Risks Identify IT Controls Document IT Controls monitor

47 Risk Management – Asset Identification
Processes People Hardware Software Cash Inventory Data Facilities

48 Assets Valuation - What do we stand to lose?
Assets: People, Data, Hardware, Software, Facilities, (Procedures) Valuation Methods Criticality to the organization’s success Revenue generated Profitability Cost to replace Cost to protect Embarrassment/Liability

Download ppt "Chapter 9: Introduction to Internal Control Systems"

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Internal Control.

Internal Control.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
Chapter 4 Internal Controls McGraw-Hill/Irwin

Chapter 4 Internal Controls McGraw-Hill/Irwin
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google