discussion

profilequake
013255271X_ppt_07.pptx

Chapter 7

Control and AIS

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-1

Internal Control

System to provide reasonable assurance that objectives are met such as:

Safeguard assets.

Maintain records in sufficient detail to report company assets accurately and fairly.

Provide accurate and reliable information.

Prepare financial reports in accordance with established criteria.

Promote and improve operational efficiency.

Encourage adherence to prescribed managerial policies.

Comply with applicable laws and regulations.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-2

Internal Control

Functions

Preventive

Deter problems

Detective

Discover problems

Corrective

Correct problems

Categories

General

Overall IC system and processes

Application

Transactions are processed correctly

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-3

Sarbanes Oxley (2002)

Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud

Public Company Accounting Oversight Board (PCAOB)

Oversight of auditing profession

New Auditing Rules

Partners must rotate periodically

Prohibited from performing certain non-audit services

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-4

Sarbanes Oxley (2002)

New Roles for Audit Committee

Be part of board of directors and be independent

One member must be a financial expert

Oversees external auditors

New Rules for Management

Financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading.

The auditors were told about all material internal control weak- nesses and fraud.

New Internal Control Requirements

Management is responsible for establishing and maintaining an adequate internal control system.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-5

SOX Management Rules

Base evaluation of internal control on a recognized framework.

Disclose all material internal control weaknesses.

Conclude a company does not have effective financial reporting internal controls of material weaknesses.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-6

Internal Control Frameworks

Committee of Sponsoring Organizations (COSO)

Internal control—integrated framework

Control environment

Control activities

Risk assessment

Information and communication

Monitoring

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-7

Internal Control

Enterprise Risk Management Model

Risk-based vs. control-based

COSO elements +

Setting objectives

Event identification

Risk assessment

Can be controlled but also

Accepted

Diversified

Shared

Transferred

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-8

Control Environment

Management’s philosophy, operating style, and risk appetite

The board of directors

Commitment to integrity, ethical values, and competence

Organizational structure

Methods of assigning authority and responsibility

Human resource standards

External influences

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-9

ERM—Objective Setting

Strategic

High-level goals aligned with corporate mission

Operational

Effectiveness and efficiency of operations

Reporting

Complete and reliable

Improve decision making

Compliance

Laws and regulations are followed

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-10

ERM—Event Identification

“…an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.”

Positive or negative impacts (or both)

Events may trigger other events

All events should be anticipated

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-11

Risk Assessment

Identify Risk

Identify likelihood of risk

Identify impact

Types of Risk

Inherent

Risk that exists before any plans are made to control it

Residual

Remaining risk after controls are in place to reduce it

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-12

ERM—Risk Response

Reduce

Implement effective internal control

Accept

Do nothing, accept likelihood of risk

Share

Buy insurance, outsource, hedge

Avoid

Do not engage in activity that produces risk

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-13

Control Activities

Policies and procedures to provide reasonable assurance that control objectives are met:

Proper authorization of transactions and activities

Signature or code on document to signal authority over a process

Segregation of duties

Project development and acquisition controls

Change management controls

Design and use of documents and records

Safeguarding assets, records, and data

Independent checks on performance

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-14

Segregation of Accounting Duties

No one employee should be given too much responsibility

Separate:

Authorization

Approving transactions and decisions

Recording

Preparing source documents

Entering data into an AIS

Maintaining accounting records

Custody

Handling cash, inventory, fixed assets

Receiving incoming checks

Writing checks

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-15

Information and Communication

Primary purpose of an AIS

Gather

Record

Process

Summarize

Communicate

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-16

Monitoring

Evaluate internal control framework.

Effective supervision.

Responsibility accounting system.

Monitor system activities.

Track purchased software and mobile devices.

Conduct periodic audits.

Employ a security officer and compliance officer.

Engage forensic specialists.

Install fraud detection software.

Implement a fraud hotline.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7-17