chapter 8-1. chapter 8-2 chapter 8 introduction to internal control systems introduction internal...
TRANSCRIPT
![Page 1: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/1.jpg)
Chapter 8-1
Chapter 8-1
![Page 2: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/2.jpg)
Chapter 8-2
Chapter 8-2
Chapter 8Introduction to Internal Control
Systems
Introduction
Internal Control Systems Definition Framework
Preventive, Detective, and Corrective Controls
Control Activities within an Internal Control System
Cost-Benefit Concept for Developing Controls
![Page 3: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/3.jpg)
Chapter 8-3
Chapter 8-3
Introduction
An organization’s financial resources canbe protected from loss, waste, or theft by
developing an internal control system
implementing it within its AIS
An internal control system
ensures reliable data processing
promotes operational efficiency
![Page 4: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/4.jpg)
Chapter 8-4
Chapter 8-4
Internal Control
An internal control system consists ofvarious methods designed and implemented
several measures planned and executed
![Page 5: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/5.jpg)
Chapter 8-5
Chapter 8-5
It aims to achieve four main objectives:to safeguard assets
to check the accuracy and reliability of accounting data
to promote operational efficiency
to encourage adherence to prescribed managerial policies
Internal Control
![Page 6: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/6.jpg)
Chapter 8-6
Chapter 8-6
Describes the policies, plans, and procedures implemented by a firm to protect its assets. people involved include: board of directors management other personnel
provides reasonable assurance of: effectiveness and efficiency, reliability of financial reporting, and compliance with applicable laws
and regulations
Internal Control
![Page 7: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/7.jpg)
Chapter 8-7
Chapter 8-7
Objectives of the Internal Control Structure
The objectives of the Control Structure are:Safeguarding assets
Checking the accuracy and reliabilityof accounting data
Promoting operational efficiency
Encouraging adherence toprescribed managerial policies
![Page 8: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/8.jpg)
Chapter 8-8
Chapter 8-8
Background Informationon Internal Controls
The key laws, professional guidance, and reports that focus on internal controls are:
Foreign Corrupt Practices Act 1977
Treadway Commission Report 1977
SAS No. 55 1988
Committee of Sponsoring Organizations (COSO) Report 1992
SAS No. 78 1995
Control Objectives for Business and IT (COBIT) 1995
Information Federation for Information Processing 2001
![Page 9: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/9.jpg)
Chapter 8-9
Chapter 8-9
Background Informationon Internal Controls
SAD No. 94 2001
Sarbanes-Oxley Act, Section 404 2002
Committee of Sponsoring Organizations (COSO) Report 2004
CobiT, Version 4.0 2005
![Page 10: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/10.jpg)
Chapter 8-10
Chapter 8-10
Foreign Corrupt Practices Act
In 1977 the Foreign Corrupt PracticesAct (FCPA) makes
it illegal for publicly owned corporations to bribe foreign officials
board members and managers personally liable if illegal payments are made
only applies to publicly owned corporations
![Page 11: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/11.jpg)
Chapter 8-11
Chapter 8-11
Provisions of the Foreign Corrupt Practices Act
The FCPA requires that publicly held companies design and implement a system of control procedures
The control system must provide assurance that:assets are accounted for appropriatelytransactions are in conformity to GAAP access to assets is properly controlledperiodic comparisons of existing assets to the accounting records are made
![Page 12: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/12.jpg)
Chapter 8-12
Chapter 8-12
Background of Internal Controls
The Treadway Commission Report recommended: a common definition for internal control guidance for judging the effectiveness of internal
control methods to improve internal control
![Page 13: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/13.jpg)
Chapter 8-13
Chapter 8-13
Background of Internal Controls
Results of The Committee of Sponsoring Organizations (COSO) in 1992 defines internal control and describes its
components presents criteria to evaluate internal control
systems provides guidance for public reporting on
internal controls offers materials to evaluate an internal control
system
![Page 14: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/14.jpg)
Chapter 8-14
Chapter 8-14
The International Federation for Information Processing in 2001 sponsored conference “Integrity and Internal Control in Information Systems” (ISACF) encouraged IT and Internal control specialist: to work together to develop reliable systems which would enable managers to have more confidence in the integrity of their information systems and the data generated from those systems
.
Background of Internal Controls
![Page 15: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/15.jpg)
Chapter 8-15
Chapter 8-15
Components of Internal Control According to the 1992
COSO Report
Control Environment
Risk Assessment
Control Activities
Information andCommunication
Monitoring
![Page 16: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/16.jpg)
Chapter 8-16
Chapter 8-16
The Control Environment
The Control Environment establishes the tone of a company, influences the control awareness of the employees.
Factors included within the control environment are:Integrity, ethical values and competence of employeesManagement philosophy and operating styleAssignment of authority and responsibilityThe attention and direction provided by theboard of directors
![Page 17: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/17.jpg)
Chapter 8-17
Chapter 8-17
Risk Assessment
Risk assessment involvesrecognition that every organization facesrisks to its successrecognition that the sources are internal and external identification, analysis and actionto achieve the company’s goalsuse of cost-benefit analysis
![Page 18: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/18.jpg)
Chapter 8-18
Chapter 8-18
Control Activities
Control activities:
are the policies and procedures that ensure management directives are carried out, protection of the assets of the firm
include a combination of manual controls automated controls.
![Page 19: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/19.jpg)
Chapter 8-19
Chapter 8-19
Can be categorized as approvals authorizations verifications reconciliations reviews of operating performance segregation of duties
Control Activities
![Page 20: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/20.jpg)
Chapter 8-20
Chapter 8-20
Information and Communication
Management’s responsibility to make sure the accounting system,
collects
measures
processes
communicates to individuals inside and outside the firm
![Page 21: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/21.jpg)
Chapter 8-21
Chapter 8-21
Information and Communication
Communication helps personnelunderstand their roles and responsibilities to internal control by the use of:
policies and procedures manuals training sessions for new employees refreshers training for continuing
employees
![Page 22: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/22.jpg)
Chapter 8-22
Chapter 8-22
Monitoring
Monitoring is the process that assesses the qualityof internal control performance over time
involves evaluating the design and operation of controls on a timely basis,
initiating corrective action when specific controls are not functioning properly.
![Page 23: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/23.jpg)
Chapter 8-23
Chapter 8-23
2004 COSO Enterprise Risk Management
Framework
Stra
tegic
Operat
ions
Repor
ting
Compli
ance
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Business
Unit
Subsidiary
Entity L
evel
Division
![Page 24: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/24.jpg)
Chapter 8-24
Chapter 8-24
2004 Framework added elements to 1992 COSO
Objective setting
Event identification
Risk response
![Page 25: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/25.jpg)
Chapter 8-25
Chapter 8-25
Objective Setting
Enterprise’s objectives are viewed from these four perspectives:
• Strategic; high level goals and mission• Operations; day to day goals• Reporting; internal and external• Compliance; with laws and regulations
![Page 26: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/26.jpg)
Chapter 8-26
Chapter 8-26
Event Identification and Risk Response
Identify threats
Analyze the risks
Implement cost-effective countermeasures
![Page 27: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/27.jpg)
Chapter 8-27
Chapter 8-27
Control Procedures Analysis
Control Procedures can be classified asPreventive Controls to prevent some potential problem from
occurring when an activity is performedDetective Controls – alert us when preventive controls have failed
Corrective controls to remedy problems discovered through
detective controls
![Page 28: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/28.jpg)
Chapter 8-28
Chapter 8-28
Interrelationship of Preventive and Detective
Controls
Preventive and detective control procedures
should not be treated as mutually exclusive.
are interrelated
![Page 29: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/29.jpg)
Chapter 8-29
Chapter 8-29
Control Activities
Within an Internal Control System arethe following features
a good Audit Trail
sound personnel policies and competent employees
separation of duties
physical protection of assets
internal reviews of controls by internal audit subsystem
Timely Performance Reports
![Page 30: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/30.jpg)
Chapter 8-30
Chapter 8-30
Good Audit Trail
An audit trail enables auditors and accountants
to follow the transaction data from the initial source documents to the final disposition in a financial
report and vice-versa
to detect, in the processing data errors and irregularities
![Page 31: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/31.jpg)
Chapter 8-31
Chapter 8-31
Sound Personnel Policies
Examples of sound personnel policies are:Specific hiring procedures
Training programs
Good supervision
Fair and equitable guidelines foremployees’ salary increases
![Page 32: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/32.jpg)
Chapter 8-32
Chapter 8-32
Sound Personnel Policies
Rotation of certain key employees in different jobs
Enforced vacations
Insurance coverage on those employees who handle liquid assets
Regular performance reviews
![Page 33: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/33.jpg)
Chapter 8-33
Chapter 8-33
Separation of Duties
Segregating activities and responsibilities of employees allows different people to perform various tasks of a specific transaction
The main functions that should be kept separate are custody of assets recording transactionsauthorizing transactions
![Page 34: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/34.jpg)
Chapter 8-34
Chapter 8-34
Physical Protection of Assets
Protection of assets is
keeping a company’s assets in a safe physical location
minimizing the risk of damage to the assets or
avoiding theft by employeesor outsiders
![Page 35: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/35.jpg)
Chapter 8-35
Chapter 8-35
Physical Protection of Assets
Examples of accounting control procedure
a voucher system protects against unauthorized cash disbursements.
a petty cash fund is used for small expenditures where writing a check would be inefficient.
cash receipts deposited intact each day
![Page 36: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/36.jpg)
Chapter 8-36
Chapter 8-36
Internal Reviews of Controls
Internal auditors report to high-level management or to the board of directors in order to remain independent and objective as a separate subsystem
perform periodic reviews on each department to evaluate their efficiency and effectiveness make recommendations of ways cost of control procedures can be reduced
![Page 37: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/37.jpg)
Chapter 8-37
Chapter 8-37
Timely Performance Reports
Performance reports provide information to management on efficiency of the internal controls and effectiveness of the internal controls
These reports should provide timely feedback tomanagement on the success of the internal controls or failure of the internal controls
![Page 38: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/38.jpg)
Chapter 8-38
Chapter 8-38
Cost-Benefit Concept for Developing Controls
A cost-benefit analysis should be conducted to make sure that the benefitsof planned controls exceed the cost of implementingthem in the system
controls are considered cost-effective when their anticipated benefits exceed their anticipated costs
an ideal control is a control procedure that reducesto practically zero the risk of an undetected error or irregularity.
![Page 39: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/39.jpg)
Chapter 8-39
Chapter 8-39
Cost Benefit Analysis
The benefits of additional control procedures
result from risk of loss reductions.
should include a measure of loss the exposure (potential loss associated with a
control problem) and risk (probability that the control problem will
occur).
are calculated as Expected loss = risk X exposure
![Page 40: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/40.jpg)
Chapter 8-40
Chapter 8-40
Copyright
Copyright 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without theexpress written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchasermay make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
![Page 41: Chapter 8-1. Chapter 8-2 Chapter 8 Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive,](https://reader036.vdocuments.us/reader036/viewer/2022081420/56649e265503460f94b1614f/html5/thumbnails/41.jpg)
Chapter 8-41
Chapter 8-41
Chapter 8