IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Objectives of Internal Control (SAS No. 94) A process … designed to provide reasonable assurance regarding the objectives : Reliability of financial reporting Effectiveness and efficiency of operations Compliance with applicable laws and regulations
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control activities Information and communication Monitoring
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control activities Information and communication Monitoring
Integrity, ethical values, Management philosophy and operating style, and organizational structure influences the control environment.
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control activities Information and communication Monitoring
Once risks are identified, they can be analyzed to estimate their significance, to assess their likelihood of occurring, and to determine actions that will minimize them.
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control activities Information and communication Monitoring
Control Activities Performance reviews Segregation of duties Application controls General controls
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control procedures Information and communication Monitoring
The company’s information system is a collection of procedures (automated and manual and records established to initiate, record, process, and report the events in an entity’s process Communication involves providing an understanding of individual roles and responsibilities
Elements of Internal Control 1. Control environment 2. Risk assessment 3. Control procedures Information and communication Monitoring
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Proper execution of transactions in the revenue and acquisition cycles
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Proper execution of transactions in the revenue and acquisition cycles Risk of not achieving execution objectives
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Proper recording, updating, and reporting of data in an information system
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Proper recording, updating, and reporting of data in an information system Risk of not achieving information system objectives
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Safeguarding of assets
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Safeguarding of assets Risk of loss or theft of assets
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Favorable performance of an organization, Person, department, product, or service
Objectives and Risk Execution 2. Information System 3. Asset protection 4. Performance Favorable performance of an organization, Person, department, product, or service Risk of not achieving performance objectives