chapter 9-1 chapter 9: introduction to internal control systems introduction 1992 coso report...
TRANSCRIPT
Chapter 9-1
Chapter 9: Introduction to Internal Control
Systems
Introduction
1992 COSO Report
Updates on Risk Assessment
Examples of Control Activities
Update on Monitoring
2011 COBIT, Version 5
Types of Controls
Evaluating Controls
Chapter 9-2
Definition Policies, plans, and procedures Implemented to protect a firms assets
People Involved Board of directors Management Other key personnel
Internal Control Systems
Chapter 9-3
Provides reasonable assurance Effectiveness and efficiency of operations Reliability of financial reporting Protection of Assets Compliance with applicable laws and regulations
Important Guidance Statement on Auditing Standard No. 94 Sarbanes-Oxley Act of 2002
Internal Control Systems
Chapter 9-4
Internal Control System Objectives
Safeguard assets
Check the accuracy and reliability of accounting data
Promote operational efficiency
Enforce prescribed managerial policies
Chapter 9-5
Study Break #1
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization.
A. Internal control
B. SAS No. 94
C. Risk assessment
D. Monitoring
Chapter 9-6
Study Break #1 - Answer
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization.
A. Internal control
B. SAS No. 94
C. Risk assessment
D. Monitoring
Chapter 9-7
Study Break #2
Which of the following is not one of the four objectives of an internal control system?
A. Safeguard assets
B. Promote firm profitability
C. Promote operational efficiency
D. Encourage employees to follow managerial policies
Chapter 9-8
Study Break #2 - Answer
Which of the following is not one of the four objectives of an internal control system?
A. Safeguard assets
B. Promote firm profitability
C. Promote operational efficiency
D. Encourage employees to follow managerial policies
Chapter 9-9
Background Informationon Internal Controls
Chapter 9-10
Background Informationon Internal Controls
Chapter 9-11
Background Informationon Internal Controls
Chapter 9-12
1992 COSO Report
Defines internal control and components
Presents criteria to evaluate internal control systems
Provides guidance for public reporting on internal controls
Offers materials to evaluate an internal control system
Chapter 9-13
Control Environment Management’s oversight , integrity, and ethical
principles Attention and direction by board of directors Management’s philosophy and operating style Method of assigning authority and responsibility Method of organizing and developing employees
Components of Internal Control – COSO 1992
Chapter 9-14
Risk Assessment Identify organizational risks Analyze potential of risks (cost and occurrence) Cost-benefit analysis
Control Activities Policies and procedures Manual and automated
Components of Internal Control – COSO 1992
Chapter 9-15
Information and Communication Inform employees Roles and responsibilities Importance of good working relationships
Monitoring Evaluation of internal controls Initiate corrective action when necessary
Components of Internal Control – COSO 1992
Chapter 9-16
2004 COSO Enterprise Risk Management Framework
Emphasizes enterprise risk management
Includes COSO (1992) control components
Three new components Objective setting Event identification Risk response
Chapter 9-17
2004 COSO Enterprise Risk Management
Framework
Chapter 9-18
Objective Setting Strategic – high level goals and mission Operations – day-to-day efficiency, performance,
and profitability Reporting – internal and external Compliance – laws and regulations
Components of Internal Control – COSO 2004
Chapter 9-19
Event Identification and Risk Response Identify threats Analyze risks Implement cost-effective countermeasures Additional considerations
Risk tolerance Cost-benefit trade-offs
Components of Internal Control – COSO 2004
Chapter 9-20
Risk Assessment Worksheet
Chapter 9-21
Commissioned survey called Enterprise Risk Management Initiative
Survey targeted utilization of COSO ERM Framework Theoretically sound 65% fairly or very familiar with framework Board had not assigned risk oversight in over half of
organizations State of ERM is relatively immature
COSO’s 2010 Report on ERM
Chapter 9-22
Study Break #3
An internal control system should consist of five components. Which of the following is not one of those five components?
A. The control environment
B. Risk assessment
C. Monitoring
D. Performance evaluation
Chapter 9-23
Study Break #3 - Answer
An internal control system should consist of five components. Which of the following is not one of those five components?
A. The control environment
B. Risk assessment
C. Monitoring
D. Performance evaluation
Chapter 9-24
Study Break #4
Which of the following is not one of the three additional components that was added in the 2004 COSO Report?
A. Objective setting
B. Risk assessment
C. Event identification
D. Risk response
Chapter 9-25
Study Break #4 - Answer
Which of the following is not one of the three additional components that was added in the 2004 COSO Report?
A. Objective setting
B. Risk assessment
C. Event identification
D. Risk response
Chapter 9-26
Examples of Control Activities
Good Audit Trail
Sound Personnel Policies and Practices
Separation of Duties
Physical Protection of Assets
Reviews of Operating Performance
Chapter 9-27
Good Audit Trail
Use of Audit Trail Follow path of data recorded in transaction Initial source documents to final disposition of
data Data on reports back to source documents
Purpose of Audit Trail Verify accuracy of recorded transactions Detect errors and irregularities
Chapter 9-28
Sound Personnel Policies
Chapter 9-29
Separation of Duties
Purpose Structure of work assignments One employee’s work checks the work of another
Separate Related Activities Authorizing transactions Recording transactions Maintaining custody of assets
Chapter 9-30
Physical Protection of Assets
Inventory Controls Stored in safe location with limited access Utilization of Receiving Report
Document Controls Protecting valuable organizational documents Corporate charter, major contracts, blank
checks, and SEC registration statements
Chapter 9-31
Receiving Report
Chapter 9-32
Physical Protection of Assets
Cash Control Most susceptible to theft and human error
Fidelity bond coverage
Use checks for cash disbursements
Deposit the daily cash receipts intact
Chapter 9-33
Disbursement Voucher
Chapter 9-34
Reviews of Operating Performance
Internal Audit Function Reports to Audit Committee of Board of Directors Independent of other subsystems Enhances objectivity
Duties of Internal Auditors Operational audits Regular reviews of internal control systems
Chapter 9-35
Study Break #5
Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees?
A. Analysis, authorizing, transactions
B. Custody, monitoring, detecting
C. Recording, authorizing, custody
D. Analysis, recording, transactions
Chapter 9-36
Study Break #5 - Answer
Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees?
A. Analysis, authorizing, transactions
B. Custody, monitoring, detecting
C. Recording, authorizing, custody
D. Analysis, recording, transactions
Chapter 9-37
2009 COSO Monitoring Guidance Report
Update on Monitoring
Chapter 9-38
Control Objectives for Information and related Technology (COBIT) Strategic alignment Realization of expected benefits of IT Continual assessment of IT investment Determine risk appetite Measure and assess performance of IT resources
2011 COBIT, Version 5
Chapter 9-39
COBIT and Val IT Integration
Chapter 9-40
Types of Controls
Preventive Controls Prevent problems from occurring
Detective Controls Alert managers when preventive controls fail
Corrective controls Solve or correct a problem
Chapter 9-41
Evaluating Controls
Requirements of Sarbanes-Oxley Act Statement of management responsibility for
internal control structure Assessment of effectiveness of internal control
structure Attestation of auditor on accuracy of
management’s assessment
Chapter 9-42
Cost-Benefit Analysis
Chapter 9-43
A Risk Matrix
Chapter 9-44
Copyright
Copyright 2012 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without theexpress written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchasermay make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
Chapter 9-45
Chapter 9