Download presentation
Presentation is loading. Please wait.
Published byWesley Dickerson Modified over 6 years ago
1
Chapter 4 Internal Controls McGraw-Hill/Irwin
Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
2
Outline Objectives Definition of internal control
Internal control purposes Risk exposures COSO frameworks Examples 4-2
3
Objectives When you finish this chapter, you should be able to:
Define “internal control” and explain its importance in the accounting information system Explain the basic purposes of internal control Describe and give examples of various kinds of risk exposures Conduct a comprehensive risk assessment Summarize and explain the importance of the COSO documents on internal control Critique existing internal control systems and design effective internal controls 4-3
4
Definition of internal control
Most definitions of internal control contain four common elements: Internal control is a process Internal controls are designed to provide reasonable assurance Internal control necessarily involves people in the organization Internal controls provide that reasonable assurance in a few common areas 4-4
5
Internal control purposes
Broadly speaking, internal controls should help organizations: Safeguard their assets Ensure the reliability of financial statements Promote operating efficiency Encourage compliance with management’s directives 4-5
6
Risk exposures One good way to start designing internal controls is to think about an organization’s risks. Among the many good ways to think about risk is Brown’s taxonomy. 4-6
7
Risk exposures Operational risk Financial risk
Systems risk: related to information technology Human error risk: people in the organization might make mistakes Financial risk Market risk: changes in stock prices, investment values, interest rates Credit risk: customers’ unwillingness or inability to pay their debts Liquidity risk: insufficient cash to pay debts 4-7
8
Risk exposures Hazard risk Strategic risks
Officers’ and directors’ liability: people might break laws, resulting in personal penalties Strategic risks Legal and regulatory risk: people might break laws, resulting in penalties for the organization Business strategy risk: poor decision making related to market competition 4-8
9
COSO frameworks The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed frameworks related to internal control (1985) and enterprise risk management (2004). 4-9
10
COSO frameworks Internal Control: Integrated Framework
Control environment: the tone at the top Risk assessment: using a taxonomy to identify organizational risks Control activities: actual responses to risk. Preventive, detective, corrective General, application Information and communication: keeping people informed Monitoring: periodic reviews and updates In 2006, COSO published “Internal Control over Financial Reporting—Guidance for Smaller Public Companies” to provide suggestions for implementing Internal Control: Integrated Framework. 4-10
11
COSO frameworks Enterprise Risk Management: Integrated Framework
Internal environment: tone at the top Objective setting: organizational goals Strategic Reporting Operations Compliance Event identification: what can happen that may impede goals Internal External Risk assessment: likelihood and impact Inherent Residual 4-11
12
COSO frameworks Enterprise Risk Management: Integrated Framework (continued) Risk response: generic ways to deal with risk Avoid Accept Reduce Share Control activities: specific procedures for responding to risk Information and communication: keep people informed about what’s happening with risk and the plan Monitoring: Ongoing activities and / or separate evaluations that ensure the plan is updated as needed 4-12
13
Examples Although every organization’s approach to internal control is slightly different, certain controls are common in many organizations. The following slides contain some examples. 4-13
14
Examples Adequate documentation Background checks
Back-up computer files Back-up power supplies Bank reconciliation Batch control totals Data encryption Document matching Edit checks 4-14
15
Examples Firewalls Insurance and bonding Internal audits Limit checks
Lockbox systems Physical security Preformatted data entry screens Prenumbered documents Restrictive endorsements of checks 4-15
16
Examples Daily deposit of cash receipts Segregation of duties
User training All internal controls have associated costs—financial, operational and behavioral. The key is ensuring that the benefits outweigh the costs. 4-16
17
4-17
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.