Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tim Grow, CPA Charleston Office Managing Shareholder

Published byErlin Sanjaya Modified over 5 years ago

Similar presentations

Presentation on theme: "Tim Grow, CPA Charleston Office Managing Shareholder"— Presentation transcript:

1 Tim Grow, CPA Charleston Office Managing Shareholder
Internal Control Tim Grow, CPA Charleston Office Managing Shareholder © Elliott Davis, PLLC © Elliott Davis, LLC

2 Internal Control Effectiveness and efficiency of operations
Internal control is a process, effected by an entity’s board of directors, management and others, designed to provide reasonable assurance regarding the achievement of objectives in the following areas: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations © Elliott Davis, LLC © Elliott Davis, PLLC

3 The Need for Internal Control
In order to establish effective controls an organization should first identify its relevant: Objectives of control Risks Controls to manage risk © Elliott Davis, LLC © Elliott Davis, PLLC

4 Internal Control Process
Internal control is a process established to provide reasonable assurance of the achievement of objectives related to: Operations Reporting Compliance The responsibility to develop and maintain effective internal controls lies with management and the board of directors. © Elliott Davis, LLC © Elliott Davis , PLLC

5 Characteristics Basic characteristics of internal control include:
Continuity Dependent on the cooperation of personnel The ability to provide reasonable assurance Adaptability © Elliott Davis, LLC © Elliott Davis, PLLC

6 Consequences of Weak Controls
Weak internal controls create a number of undesirable consequences such as: Fraud Collusion Loss of reputation Inefficient operations © Elliott Davis, LLC © Elliott Davis, PLLC

7 COSO The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an initiative of 5 groups, including the AICPA. COSO established an internal control framework in The COSO framework is the foundation of the internal control processes in most organizations today. © Elliott Davis, LLC © Elliott Davis, PLLC

8 COSO Framework The COSO integrated framework embodies 5 integral components of internal control Control environment Risk assessment Control activities Information and communication Monitoring activities © Elliott Davis, LLC © Elliott Davis, PLLC

9 Control Environment The COSO framework defines the Control Environment as a set of processes, standards, and structures that promote effective internal control The Control Environment is impacted by the ethics and integrity of the organization, in particular the “tone at the top” established by management. © Elliott Davis, LLC © Elliott Davis, PLLC

10 Components of the Control Environment*
The Control Environment includes: The training and support of employees Organizational structure Management’s philosophy and operating style (what you permit you promote) Hiring procedures i.e. hiring competent /qualified employees Overall ethics of the organization © Elliott Davis, LLC © Elliott Davis, PLLC

11 Control Environment Strategies
Integrity Strategy Aims to establish effective internal control by communication of organizational values and vision, and create an environment that promotes ethical behavior Compliance Strategy Seeks to limit unwanted behaviors by enforcing strict standards of conduct © Elliott Davis, LLC © Elliott Davis, PLLC

12 Documentation of the Control Environment*
An entity should document the controls and processes in place that relate to its control environment. Types of documentation include: Flowcharts Narratives Questionnaires Memos Organizational Charts © Elliott Davis, LLC © Elliott Davis, PLLC

13 COSO Risk Assessment In the COSO framework, Risk Assessment is the process through which an entity both identifies and assesses its prevalent risks. A risk is the possibility that something will happen that adversely affects the entity’s achievement of its objectives. Having risks is “OK” all organizations have them © Elliott Davis, LLC © Elliott Davis, PLLC

14 Risk Management VS. Risk Assessment
Risk management is a process designed to identify and manage risks with the purpose of keeping risks within a tolerable range so that an entity has reasonable assurance that it will achieve its objectives. Risk assessment is an element within the risk management process. It allows management to create an assessment of key risks which forms a basis on which to determine control activities. © Elliott Davis, LLC © Elliott Davis, PLLC

15 Risk Assessment, Continued*
Risk assessment is composed of four primary factors: Materiality of the amounts Complexity of the process History of accounting adjustments Propensity for changes in financial processes An entity should conduct risk assessment on both the process level and the entity level. © Elliott Davis, LLC © Elliott Davis, PLLC

16 Risk Responses There are five predominant risk strategies:
Avoidance - Don’t do it Mitigation – Lessen it’s impact Transfer – Move the risk Acceptance – Tolerate it Creation – Develop a response © Elliott Davis, LLC © Elliott Davis, PLLC

17 COSO – Control Activities
Control activities are performed at all levels within an entity, and consist of the activities that help achieve the risk mitigation goals established by management. Types of control activities: Manual Automated Preventative, detective, and corrective Compensating © Elliott Davis, LLC © Elliott Davis, PLLC

18 Manual Control VS. Automated Control
Manual Controls require action to be taken by organizational personnel, for instance: Reconciliation of bank accounts Matching purchase orders to invoices Automated Controls are built into the entity’s software system and network, for instance: Batch controls System generated exceptions © Elliott Davis, LLC © Elliott Davis, PLLC

19 Preventive Control VS. Detective Control
A preventive control is a proactive control activity. Its goal is to eliminate negative events before they occur. Preventive controls are stronger than detective controls. Detective controls are reactive control activities. The purpose of a detective control is to identify a negative event after its actual occurrence. © Elliott Davis, LLC © Elliott Davis, PLLC

20 Compensating Controls
In some instances a weakness or limitation within the control environment can be mitigated by relying on a compensating control: Can be detective or preventive Common in small organizations; for example when proper segregation of duties is difficult to accomplish. © Elliott Davis, LLC © Elliott Davis, PLLC

21 COSO – Information and Communication
Communication and information are integral to the accomplishment of an entity’s objectives. Communication should be an ongoing process of sharing, obtaining, and creating relevant information and delivering it to appropriate personnel. Information must not only be accessible but also timely. © Elliott Davis, LLC © Elliott Davis, PLLC

22 COSO – Monitoring Activities
Monitoring activities can be either ongoing or separate assessments of internal control that are used to determine whether internal control components are implemented and operating effectively. Ongoing monitoring activities are built into the business processes and are the most timely. Separate monitoring activities are those that are conducted periodically and may involve varying levels of detail and frequency. © Elliott Davis, LLC © Elliott Davis, PLLC

23 Monitoring Activities, Cont’d
Steps of the monitoring process include: Identify what is being tested Determine the type and extent of testing Create tests Conduct tests for effectiveness Document testing and results Assess test results Communicate findings © Elliott Davis, LLC © Elliott Davis, PLLC

24 So…now I know what I’m trying to achieve, how do I implement?
Implementation So…now I know what I’m trying to achieve, how do I implement? © Elliott Davis, LLC © Elliott Davis, PLLC

25 Overview Document an understanding of processes and controls (hopefully the entity already has some of this documentation) Identify key controls (best done collaboratively) Evaluate for design effectiveness Test for implementation Consider testing for operating effectiveness © Elliott Davis, LLC © Elliott Davis, PLLC

26 Document an Understanding
Authorization – How does management approve transactions, vendors, policies, etc.? Initiating and recording – How are transactions initiated? How do transactions get into the accounting system (including subledgers) Processing – How is activity on the account processed (for example, batch processing, end-of-day processing, real time processing)? Reporting – What general ledger accounts and other information are used to prepare reports? How is information reported in the financials? © Elliott Davis, LLC © Elliott Davis, PLLC

27 Key Controls - Institute of Internal Auditors
“A key control is a control that provides reasonable assurance that material errors will be prevented or detected in a timely manner.” - Institute of Internal Auditors © Elliott Davis, LLC © Elliott Davis, PLLC

28 Evaluate Effectiveness
Ask “What could go wrong?” Consider potential misstatements whether caused by fraud or error Consider mitigating controls Consider design © Elliott Davis, LLC © Elliott Davis, PLLC

29 Mitigating Controls Lessen the impact or puts a cap on the amount of potential error A mitigating control is instrumental in identifying possible errors when a key control is not in place. It can often prevent the error from being material © Elliott Davis, LLC © Elliott Davis, PLLC

30 Test for Implementation - Walkthroughs
Selecting a few transactions and walking them through the transaction cycle focusing on key controls Objective of walkthroughs: Confirm understanding of key elements of processes and related controls Determine whether the entity has implemented the controls Determine whether changes have occurred that may impact the effectiveness of the process or control © Elliott Davis, LLC © Elliott Davis, PLLC

31 Evaluate for Operating Effectiveness
Accomplished through Inquiry Observation Inspection Re-performance © Elliott Davis, LLC © Elliott Davis, PLLC

32 Internal Control Never Stops
Conclusion Internal Control Never Stops It should be the bedrock for the organization It will be as effective as it is given priority Things get ugly when it fails Effective internal control will rarely be given its due © Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

Download ppt "Tim Grow, CPA Charleston Office Managing Shareholder"

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems

Control and Accounting Information Systems
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Internal Control.

Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing

Review of Introduction to Auditing
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Internal Control and Control Self-Assessment

Internal Control and Control Self-Assessment
Control and Accounting Information Systems

Control and Accounting Information Systems
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Similar presentations

Ads by Google