Internal Control Structure

Learning Objectives l To understand the components of an organization’s internal control structure l To know the objectives and limitations of internal control l To learn which characteristics of a control environment promote accurate and reliable data l To learn which characteristics of an accounting system promote accurate and reliable data. l To describe good control procedures.

Example Situation 1 l The policy of installing a security system in the house is part of the control environment in the house. l The objective »is to safeguard property and life. l Threat » from intruders. l Risk » of loss of assets/life from this threat. l The control reduces the risk

Example Situation 2 l The policy of issuing a driver's licence and the procedure to obtain the licence is part of the control environment on the road. l The objective »safety on the road. l Threat »from people driving on the road not understanding the rules of the traffic. l Risk » of accidents and loss of assets, health and life. l The control reduces the risk

Example Situation 3 l When the person writing the check cannot also enter the corresponding cash journal entry, there is a control environment in the accounting department. l The objective »is to safeguard the assets of the company »to ensure accurate and reliable information. l Threat »from somebody wanting to commit a fraud. l The risk » is loss of assets and inaccurate records. l The control reduces the risk

The Pattern l In each of the above examples, there is an objective (usually safety) l there is a threat to the objective l there are risks associated with those threats, and l there is a control which counteracts the risk from the threat. l The controls are usually in the form of policies and/or procedures.

Why do we have l Police on the road ? l State laws ? l Federal Laws ? l Rules ? l Regulations ? l Policies ? l Procedures ?

For Controls How Do controls provide freedom?

Internal Controls l An organization's internal control structure consists of the policies and procedures established by management to achieve organizational objectives.

What are the Objectives ? l Objectives of Accounting Controls: »Safeguard Assets »Ensure Accurate and reliable accounting data l Objectives of Administrative Controls »Promote Operational Efficiency »Encourage adherance to management's policies

What are the Threats ? l Errors »Unintentional »Clerk enters wrong amount on check »Procedures can be designed to check for unintentional errors. l Irregularities »Intentional »Management Fraud »Defalcation

What are the risks ? l Inaccurate records l Unreliable data l Loss of assets »Cash »Inventory

Internal Control Structure l A company's Internal Control structure tries to fight the threats to minimize the risk so as to meet the objectives.

Reasonable Assurance l Note that risks can be minimized but not totally removed. l Total removal of risk will be extremely costly and often not cost justified. l Internal control policies and procedures are intended to provide reasonable but not absolute assurance that management's objectives are attained. l The above bullet point is called the concept of reasonable assurance.

Limitations of Controls l There are always limitations of controls l What are the limitations of Accounting Controls ? »Errors : e.g. a valid journal entry with wrong amounts. »Collusion: when two or more employees conspire to commit a theft and conceal it. »Management Override. l The cost of overcoming these limitations can be enormous.

Components of an Internal Control Structure l Control Environment »Those circumstances surrounding an organization’s accounting system that influence the effectiveness of the accounting system and control procedures l The Accounting System »Methods and records used to identify, assemble, analyze, classify and report accounting transactions l Control Procedures

The Control Environment Internal Control Structure

The Control Environment Accounting Systems Internal Control Structure

The Control Environment Accounting Systems Control Procedures Internal Control Structure

Control Environment l Management's philosophy and operating style l Organizational structure l Audit Committees l Methods of assigning authority and responsibility l Management control methods l Personnel policies and practices l External Influences l Computer Controls and Policies

Personnel Policies and Practices l Training l Recognition for work well done l Adequate Pay l Background check l Job Rotation l Required Vacation l Bonding

The Accounting System l Debit and Credit Analysis l Chart of Accounts l Standard Journal Vouchers l Trial balance »Transpositions »Misfootings »Abnormal Account Balances l Control Accounts »Sum of Subsidiary Ledger Accounts

Contol Procedures l Proper procedures for Transactions »Prompt recording »Visual checking »Balancing »Batch controls »General Authorization »Specific Authorization l Security for Assets and Records »physical security »Fixed responsibility

Contol Procedures Contd.. l Segregation of duties »Authorize Transactions »Record Transactions »Maintain Custody of Asset l Adequate Documentation and Records »Forms control »Prenumbered Documents l Independent Verification of Performance »Independent Auditors »Internal Auditors

Evaluating Internal Controls l Control Risk Assessment »Likelihood that controls do not prevent/detect material misstatement l Technically done for each management assertion for each transaction stream

Management Assertions and Transaction Streams l Transaction Streams »Sales »Cash Receipts »Inventory/AP »Other Cash Disbursements »Payroll »Etc. l Management Assertions »Completeness »Existence/Occurrence »Valuation/Gross »Valuation/Net »Rights/Obligations »Presentation/Disclosure

Steps in CRA »Evaluate Internal Control Environment –Evaluate potential management override –Evaluate computer controls--Computer auditor »Document Accounting Processes »Document Controls »Make Preliminary CRA »Test Controls »Make CRA based on Control Tests