Scribd
Upload
27 views

Internal Control Notes

Internal control refers to policies and procedures that help achieve objectives around safeguarding assets, accuracy, efficiency and compliance. The COSO framework outlines five components of internal control - control environment, risk assessment, control activities, information and communication, and monitoring.

Uploaded by

Elaine Tomaneng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

Internal Control Notes

Internal control refers to policies and procedures that help achieve objectives around safeguarding assets, accuracy, efficiency and compliance. The COSO framework outlines five components of internal control - control environment, risk assessment, control activities, information and communication, and monitoring.

Uploaded by

Elaine Tomaneng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

INTERNAL CONTROL

policies, practices, procedures designed to achieve...


4 BROAD OBJECTIVES:
safeguard assets
ensure accuracy and reliability
promote efficiency
measure compliance with policies

MODIFYING PRINCIPLES:

1. Management Responsibility - establishment and


maintenance of a system of internal control is a
management responsibility

2. Methods of Data Processing - Internal control system


should achieve the 4 broad objectives regardless of the data
processing method used (manual/computer)

3. Limitations - a) the possibility of errors; b) circumvention;


d) management override; d) changing conditions

4. Reasonable Assurance - reasonable assurance that the 4


broad objectives are met; cost should not outweigh its
benefits

EXPOSURES AND RISKS:


Exposure: absence or weakness of a control
Risks: potential threat to compromise use or value of
organizational assets

Types of risk
Destruction of assets
Theft of assets
Corruption of information or the I.S.
Disruption of the I.S.
HISTORY OF INTERNAL CONTROL
I. SEC ACT OF 1933 AND 1934
SEC Act of 1933
Objectives:
1. Require that investors receive financial & other significant information
concerning securities being offered for sale
2. Prohibit deceit, misrepresentations and other fraud in the sale of securities
SEC Act of 1934
Created and empowered the Securities & Exchange Commission (SEC) with
broad authority
Required publicly traded companies to be audited by an independent auditor

II. COPYRIGHT LAW - 1976


Protects intellectual property in the U.S.
Has been amended numerous times since
Management is legally responsible for violations of the organization
U.S. government has continually sought international agreement on terms
for protection of intellectual property globally vs. nationally

III. FOREIGN CORRUPT PRACTICES ACT (FCPA) OF 1977


Requires companies registered with the SEC to do the following:
1. Keep records that fairly & reasonably reflect the transactions of the firm and its
financial position
2. Maintain a system of internal control that provides reasonable assurance that
the organization’s objectives are met

IV. COMMITTEE OF SPONSORING ORGANIZATIONS - 1992


FEI, IMA, AAA, AICPA, IIA
Developed a management perspective model for
internal controls over a number of years

V. SARBANES-OXLEY ACT 0F 2002


(see study note on Sarbanes-Oxley Act)
THE PDC (PREVENTIVE,
DETECTIVE, CORRECTIVE) MODEL

PREVENTIVE DETECTIVE CORRECTIVE


First line of defense Second line of Must be taken to
Passive techniques defense reverse the effects
designed to reduce Identify and of detected errors
the frequency of expose Actually fixes the
occurrence of undesirable problem
undesirable events events that elude There may be
Most cost-effective preventive more than one
controls feasible corrective
Compare actual action
occurrences to
pre-established
standards

COSO INTERNAL
CONTROL FRAMEWORK
I. CONTROL ENVIRONMENT
Sets the tone for the organization & influences the control
awareness of the management and employees

Elements of Control Environment


Integrity and ethical values of management
Structure of the organization
Participation of the organization’s board of directors and
the audit committee
Management’s philosophy and operating style
Procedures for delegating responsibility and authority
Management’s methods for assessing performance
External influences
Organization’s policies and practices for managing human
resources
COSO INTERNAL CONTROL
FRAMEWORK CONTINUATION

II. RISK ASSESSMENT


- To identify, analyze and manage risks relevant to financial
reporting
Changes in operating environment
New personnel
New information systems
New technology
Significant or rapid growth
New product lines/activities(little experience)
Organizational restructuring
Entry to foreign markets
New accounting principles

III. INFORMATION AND


COMMUNICATION
- Initiate, identify, analyze, classify and record economic
transactions and events.

Capabilities of an Effective Accounting Information System:


Identify and record all valid economic transactions
Provide timely, detailed information
Accurately measure financial value of transactions
Accurately record transactions in the time period in which
they occurred

IV. MONITORING
- The process by which the quality of internal control
design and operation can be assessed
Separate procedures
Ongoing activities (Embedded Audit Modules –
EAMs and Continuous Online Auditing - COA)
COSO INTERNAL CONTROL
FRAMEWORK CONTINUATION

V. CONTROL ACTIVITIES
- policies and procedures used to ensure that
appropriate actions are taken to deal with the
organization’s identified risks
- grouped into two: Physical Controls & Information
Technology (IT) Controls

PHYSICAL CONTROLS

1. Transaction Authorization
Ensure that all material transactions processed by
the information system are valid and in accordance
w/ management’s objectives
May be general or specific

2. Segregation of Duties
Minimize incompatible functions
Objectives:
Authorization <- separate -> Processing
Asset custody responsibility <- separate -> record
keeping responsibility
Segregation of incompatible tasks

3. Supervision
serves as compensating control when lack of
segregation of duties exists by necessity
COSO INTERNAL CONTROL
FRAMEWORK CONTINUATION

V. CONTROL ACTIVITIES
PHYSICAL CONTROLS

4. Accounting Records
Source documents, journals and ledgers
Capture the economic essence of transactions and
provide an audit trail of economic events

5. Access Control
Ensure that only authorized personnel have
access to the firm’s assets
Direct access -> physical security devices
(locks, safes, fences, alarm system)
Indirect Access -> controlling the use of
documents and records and segregating duties
of who can access the records

6. Independent Verification
Independent checks of the accounting system to
identify errors and misrepresentations
Management can assess:
The performance of individuals
The integrity of the AIS
The integrity of the data in the records
COSO INTERNAL CONTROL
FRAMEWORK CONTINUATION

V. CONTROL ACTIVITIES
IT (INFORMATION
TECHNOLOGY) CONTROLS
Drives the financial reporting processes of
modern organizations
Two groupings: Application Controls and
General Controls

Applications General
controls Controls
Not application-
Ensure validity, specific, i.e. apply to
completeness, all systems
and accuracy
Include controls over:
of financial IT governance
transactions IT infrastructure
Security and access
to operating systems
and databases
Application acquisition
and development
Program change
procedures

You might also like