Download presentation
1
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Introduction to Internal Control What is it Why is it so important? Limitations of Internal Control Responsibilities of involved parties Components of Internal Control (COSO)
2
What is Internal Control?
COSO Definition: The processes implemented by the BOD and management to help ensure: Reliability of financial reporting. Compliance with applicable laws and regulations. Effectiveness and efficiency of operations.* * This is not included in the SOX definition of IC
3
Why is internal control SO important?
The businesses we audit rely on numerous reports and analyses to control operations. Good system reduces the possibility that errors or fraud will occur. Audit more efficiently and effectively if rely on the client’s internal controls. Professional standards and laws require that the auditors’ consider it. Expectations of f/s users!
4
Limitations of Internal Controls
Mistakes in judgment Breakdowns Collusion Management Fraud
5
Responsibilities Regarding Internal Controls in F/S Audit
Management Establish, set tone at top BOD and Audit Committee Oversee Internal Auditors Part of system External Auditor: 1. Review & document understanding 2. Test control where think are reliable Determine audit strategy Communicate problems to AC of BOD
6
External Auditor Responsibilities
Review & document understanding of system to form preliminary CR assessment. Prior experience w/ client Inquiry & client documentation Walkthroughs Understand process flow of transactions Confirm design of controls for all I/C components Evaluate the design of controls Determine if controls were placed in operation
7
External Auditor Responsibilities
Auditor documentation of Controls The form and extent of documentation is influenced by the size and complexity of the entity, and the nature of the entity’s IC. Questionnaires Flowcharts Narrative Memos Will also need to document the results of any testing of the system
8
External Auditor Responsibilities
2. Test controls where CR < max. Is preliminary CR assessment supported? Chapter 11 covers in more detail Audit procedures Review previous experience with the client Inquire of appropriate client personnel Inspect documents and records Observe entity activities and operations CAATs
9
External Auditor Responsibilities
3. Determine audit strategy Communicate with audit committee (SAS 112) Effective for calendar year 2006 audits Terminology to conform with 404 Significant deficiency Material weakness Increase reasons for issuing management letters
10
COSO Components
11
Control Environment Sets tone of organization, influencing control consciousness of its people Is part of organizational culture Factors include: Management’s philosophy and operating style Integrity and ethical values Competence of employees Authority appropriately delegated BOD and AC governance and monitoring mgmt
12
Illustration of Poor Control Environments
Miami childcare Worldcom testimony
13
Risk Assessment Process
Management has a process for considering how their business could be adversely impacted by: Business risks Fraud risks Legal risks Technology risks Financial reporting risks Forms the basis for determining control activities
14
Control Activities Policies and procedures to ensure reliable financial reporting. Should link with risk assessment Cost benefit: preventive vs. detective (compensating) controls
15
Control Activities: Categories
Authorization Segregation of Duties Information processing Computer general controls Computer application controls Controls over financial reporting Physical controls Performance reviews Controls over management discretion in financial reporting
16
Control Activities: Authorization
Are transactions approved? Ways to approve General policy vs. specific authorization Manual vs. computerized Relates to primarily to transaction objective of occurrence
17
Control Activities: Segregation of Duties
18
Control Activities: Information Processing Controls
General Controls Relate to the overall system rather than a specific software package Examples: Physical and password control over IT access Backup and processing controls Systems development and documentation Segregation of duties within IT department (user vs. development) Internal hardware controls to detect malfunctioning
19
Control Activities: Information Processing Controls
Computer Application Controls Controls within a particular software application that make sure transactions done right! Categories of computer application controls Input: “beep” if info in wrong format or content Processing: make sure nothing lost, duplicated, calculated wrong, or wrong files used internally Output: Make sure what went in is what came out, and that only the right folks get the information
20
Control Activities: Controls Over the Financial Reporting Process
General Journal Sales Journal Spread-sheets or Consolidation Software Cash Receipts Journal Trial Balance G/L F/S Cash Disb Journal How is this process controlled? Purchases Journal
21
Control Activities Continued
Physical Controls Limit access to assets directly and through documents Ex: Lock inventory in warehouse and lock up unused checks or authorizations Performance Reviews Someone who didn’t prepare info periodically looks at details Ex: Production mgr reviews payroll details, Dept managers review budget to actual
22
Control Activities: Controls Over Mgmt Discretion in Financial Reporting
Controls over judgmental areas in accounting Selection of GAAP where there is choice Disclosures Estimates or judgmental application of standards Tools Documentation of logic/support Review process Disclosure committee Accounting & operational members Review issues with Audit committee
23
Information and Communication
Pertinent information identified, captured and communicated in a timely manner. IT Systems and Management Reporting Transactions Audit Trail Documents & Records Management communications with employees & customers, suppliers, regulators and owners
24
Monitoring Assessment of a control system’s performance over time
Combination of ongoing and separate evaluation Management and supervisory activities Examples: Internal audit department System for customer complaints Whistleblower process to audit committee
25
Antifraud Programs and Controls
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.