discussion
Chapter 7
Control and AIS
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-1
Internal Control
System to provide reasonable assurance that objectives are met such as:
Safeguard assets.
Maintain records in sufficient detail to report company assets accurately and fairly.
Provide accurate and reliable information.
Prepare financial reports in accordance with established criteria.
Promote and improve operational efficiency.
Encourage adherence to prescribed managerial policies.
Comply with applicable laws and regulations.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-2
Internal Control
Functions
Preventive
Deter problems
Detective
Discover problems
Corrective
Correct problems
Categories
General
Overall IC system and processes
Application
Transactions are processed correctly
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-3
Sarbanes Oxley (2002)
Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud
Public Company Accounting Oversight Board (PCAOB)
Oversight of auditing profession
New Auditing Rules
Partners must rotate periodically
Prohibited from performing certain non-audit services
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-4
Sarbanes Oxley (2002)
New Roles for Audit Committee
Be part of board of directors and be independent
One member must be a financial expert
Oversees external auditors
New Rules for Management
Financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading.
The auditors were told about all material internal control weak- nesses and fraud.
New Internal Control Requirements
Management is responsible for establishing and maintaining an adequate internal control system.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-5
SOX Management Rules
Base evaluation of internal control on a recognized framework.
Disclose all material internal control weaknesses.
Conclude a company does not have effective financial reporting internal controls of material weaknesses.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-6
Internal Control Frameworks
Committee of Sponsoring Organizations (COSO)
Internal control—integrated framework
Control environment
Control activities
Risk assessment
Information and communication
Monitoring
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-7
Internal Control
Enterprise Risk Management Model
Risk-based vs. control-based
COSO elements +
Setting objectives
Event identification
Risk assessment
Can be controlled but also
Accepted
Diversified
Shared
Transferred
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-8
Control Environment
Management’s philosophy, operating style, and risk appetite
The board of directors
Commitment to integrity, ethical values, and competence
Organizational structure
Methods of assigning authority and responsibility
Human resource standards
External influences
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-9
ERM—Objective Setting
Strategic
High-level goals aligned with corporate mission
Operational
Effectiveness and efficiency of operations
Reporting
Complete and reliable
Improve decision making
Compliance
Laws and regulations are followed
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-10
ERM—Event Identification
“…an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.”
Positive or negative impacts (or both)
Events may trigger other events
All events should be anticipated
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-11
Risk Assessment
Identify Risk
Identify likelihood of risk
Identify impact
Types of Risk
Inherent
Risk that exists before any plans are made to control it
Residual
Remaining risk after controls are in place to reduce it
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-12
ERM—Risk Response
Reduce
Implement effective internal control
Accept
Do nothing, accept likelihood of risk
Share
Buy insurance, outsource, hedge
Avoid
Do not engage in activity that produces risk
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-13
Control Activities
Policies and procedures to provide reasonable assurance that control objectives are met:
Proper authorization of transactions and activities
Signature or code on document to signal authority over a process
Segregation of duties
Project development and acquisition controls
Change management controls
Design and use of documents and records
Safeguarding assets, records, and data
Independent checks on performance
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-14
Segregation of Accounting Duties
No one employee should be given too much responsibility
Separate:
Authorization
Approving transactions and decisions
Recording
Preparing source documents
Entering data into an AIS
Maintaining accounting records
Custody
Handling cash, inventory, fixed assets
Receiving incoming checks
Writing checks
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-15
Information and Communication
Primary purpose of an AIS
Gather
Record
Process
Summarize
Communicate
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-16
Monitoring
Evaluate internal control framework.
Effective supervision.
Responsibility accounting system.
Monitor system activities.
Track purchased software and mobile devices.
Conduct periodic audits.
Employ a security officer and compliance officer.
Engage forensic specialists.
Install fraud detection software.
Implement a fraud hotline.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
7-17