Chapter 8 Introduction to Internal Control Systems - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Chapter 8 Introduction to Internal Control Systems

Description:

3. Preventive, Detective, and Corrective Controls ... Safeguard assets, including preventive or detective, on a timely basis, the ... – PowerPoint PPT presentation

Number of Views:958
Avg rating:3.0/5.0
Slides: 24
Provided by: marian181
Category:

less

Transcript and Presenter's Notes

Title: Chapter 8 Introduction to Internal Control Systems


1
Chapter 8Introduction to Internal Control Systems
Presentation Outline
1. Introduction 2. Internal Control Systems
Definition and Frameworks 3. Preventive,
Detective, and Corrective Controls 4. Control
Activities Within An Internal Control System 5.
Cost-Benefit Concept for Developing Controls
2
INTERNAL CONTROL SYSTEMS DEFINITION AND
FRAMEWORKS
  • Internal Control is a process, implemented by an
    entitys board of directors, management and other
    personnel, designed to provide reasonable
    assurance regarding the achievement of the
    following objectives
  • Safeguard assets, including preventive or
    detective, on a timely basis, the unauthorized
    acquisition, use of disposition of material
    company assets
  • Ensure the reliability and accuracy of accounting
    data.
  • Maintaining records in sufficient detail to
    accurately and fairly reflect company assets
  • Providing accurate and reliable information
  • Providing reasonable assurance that financial
    reporting is prepared in accordance with GAAP
  • Promote and improve operational efficiency,
    including making sure company receipts and
    expenditures are made in accordance with
    management and directors authorizations
  • Encourage adherence to prescribed managerial
    policies
  • Comply with applicable laws and regulations

3
Foreign Corrupt Practices Act
  • In 1977 the FCPA was passed after the Securities
    and Exchange Commission became aware of foreign
    bribes paid by publicly-held companies to secure
    export sales.
  • These bribes were made possible due to lax
    internal controls.
  • The goal of the FCPA was to heighten awareness in
    a sound internal control structure.
  • The FCPA requires that publicly-held companies
    design and implement a system of control
    procedures that provide reasonable assurance
    that
  • assets are accounted for appropriately
  • transactions are in conformity to GAAP
  • access to assets is properly controlled
  • periodic comparisons of existing assets to the
    accounting records are made

4
Committee of Sponsoring Organizations
  • As a result of the FCPA, a study was done by The
    Treadway Commission to examine the causes of
    fraudulent financial reporting and give
    recommendations to reduce its occurrence.
  • The Committee of Sponsoring Organizations (COSO)
    was formed to develop a common definition for
    internal control and provide guidance for judging
    its effectiveness.
  • According to the COSO, internal control......
  • is a process. It is a means to an end, not an
    end in itself.
  • is affected by people at every level of the
    organization.
  • cannot be expected to provide more than
    reasonable assurance.
  • is geared to the achievement of the entitys
    objectives in all areas, not just financial
    reporting.
  • consists of interrelated components.

5
Sarbanes-Oxley Act
  • In response to the wave of corporate accounting
    scandals including Enron, WorldCom, Xerox, Tyco,
    and others, Congress passed the Sarbanes-Oxley
    Act of 2002 (SOX), which may be the most sweeping
    piece of legislation to impact financial
    reporting and the accounting profession since the
    SEC Acts of 1933 and 1934. Impacts of SOX
  • 1. Public Company Accounting Oversight Board
    (PCAOB).
  • SOX created a five-member PCAOB which sets and
    enforces auditing, quality control, ethics,
    independence, and other standards relating to
    audit reports.
  • 2. New rules for auditors (Section 201 Services
    Outside the Scope of Practice of Auditors)
  • Auditors must report information such as critical
    accounting policies and practices, alternative
    GAAP treatments, and auditor-management
    disagreements to the companys audit committee.
  • SOX prohibits auditors from performing non-audit
    services such as bookkeeping, information systems
    design and implementation, internal audit
    outsourcing services, management functions, and
    human resource services.
  • SOX prohibits audit firm providing services to
    companies whose top management was the auditors
    of the company in the proceeding 12 months.

6
Sarbanes-Oxley Act
  • 3. New rules for audit committees
  • Audit committee members must be on the companys
    board of directors and be independent of the
    company.
  • The audit committee hires, compensates, and
    oversees the auditors, who report directly to
    them.
  • 4. New rules for management (Section 302
    Corporate Responsibility for Financial Reports)
  • SOX requires the CEO and CFO to certify that
    financial statements and disclosures are fairly
    presented, were reviewed by management, and are
    not misleading.
  • If management willfully and knowingly violates
    the certification, they can be imprisoned for up
    to 20 years and fined up to 5,000,000
  • 5. New internal control requirements (Section
    404 Management Assessment of Internal Controls)
  • SOX requires companies to issue a report
    accompanying the financial statements that states
    management is responsible for establishing and
    maintaining an adequate internal control
    structure and appropriate control procedures.
  • Management must assess the companys internal
    controls and attest to their accuracy, note of
    significant defects or material noncompliance
    found during their internal control tests.
  • The companys auditor must attest to as well as
    report on the managements internal control
    assessment and describe the scope of the
    auditors internal control tests.

7
Components of Internal ControlCOSOs Enterprise
Risk Management (ERM) Framework
  • Five interrelated components of COSOs internal
    control model
  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information Communication
  • Monitoring
  • Which of the following is not a component of
    internal control?
  • Control risk.
  • Monitoring.
  • Information and communication.
  • The control environment.

8
1. Control Environment
  • The Control Environment establishes the tone of a
    company, influencing the control awareness of the
    companys employees.
  • Factors included within the control environment
    are
  • Management philosophy and operating style
  • Integrity and ethical values
  • Competence of employees and commitment to
    competence
  • The attention and direction of the Board of
    Directors and Audit Committee
  • Organizational Structure
  • Assignment of authority and responsibility
  • Which of the following factors are included in an
    entitys control environment?
  • Audit Committee Integrity and Organizational
  • Participation Ethical Values
    Structure
  • Yes Yes No
  • Yes No Yes
  • No Yes Yes
  • Yes Yes Yes

9
2. Risk Assessment
  • Identify threats
  • Estimate the likelihood of threat occurring
  • Estimate exposure - potential dollar loss
  • Expected Loss Risk/Likelihood Exposure
  • Identify controls to protect from the threats
  • Estimate costs/benefits
  • Determine cost/benefit effectiveness
  • Type of Risks/Treats
  • Unintentional errors
  • Deliberate errors (fraud)
  • Unintentional losses of assets
  • Thefts of assets
  • Breaches of security
  • Acts of violence
  • Factors that Increase Risk Exposure
  • Frequency - the more frequent an occurrence of a
    transaction the greater the exposure to risk.
  • Vulnerability - liquid and/or portable assets
    contribute to risk exposure.
  • Size of the potential loss - the higher the
    monetary value of a loss, the greater the risk
    exposure.

10
COST-BENEFIT CONCEPT FOR DEVELOPING CONTROLS
  • An ideal control is a control procedure that
    reduces to practically zero the risk of an
    undetected error or irregularity.
  • A cost-benefit analysis should be conducted in
    order to make sure that the benefits of planned
    controls exceed the cost of incorporating them in
    the system.
  • Costs of controls include one time costs,
    recurring costs, additional losses caused by
    control failure and opportunity cost.
  • Internal control can provide only reasonable
    assurance of achieving an entitys control
    objectives. The likelihood of achieving those
    objectives is affected by which limitation
    inherent to internal control?
  • The auditors primary responsibility is the
    detection of fraud.
  • The board of directors is active and independent.
  • The cost of internal control should not exceed
    its benefits.
  • Management monitors internal control.

11
3. Control Activities
  • Control policies and procedures must be
    established and executed to help ensure that the
    actions identified by management as necessary to
    address risks are effectively carried out.

12
4. Information and Communication
  • Surrounding the control activities are
    information and communication systems that enable
    the organization to capture and exchange the
    information needed to conduct, manage, and
    control its operations.
  • The term information refers to the accounting
    system, which includes that methods and records
    used to record, process, summarize, and report a
    companys transactions and maintain
    accountability for assets, liabilities and
    equity.
  • Communication refers to providing a companys
    personnel with an understanding of their roles
    and responsibilities pertaining to internal
    control over financial reporting.

13
5. Monitoring
  • The entire process must be monitored, and
    modified as necessary so the system can react
    dynamically and change as conditions warrant.
  • Monitoring of performance is done by
  • Internal audit
  • Responsibility accounting
  • Supervision

14
TYPES OF CONTROL PROCEDURES
  • Control Procedures may be classified according to
    their intended uses (functions) in a system
  • Preventive Controls - designed to prevent some
    potential problem from occurring when an activity
    is performed
  • Examples hiring qualified personnel,
    appropriately segregating duties, controlling
    physical access to assets, facilities, and
    information
  • Detective Controls - discover the occurrence of
    adverse events such as operational inefficiency.
  • Examples duplicate checking of calculations and
    preparing bank reconciliations and monthly trial
    balances
  • Corrective controls - designed to remedy problems
    discovered through detective controls.
  • Examples maintaining backup copies of
    transaction files and master files and adhering
    to procedures for correcting data entry errors

15
CONTROL ACTIVITIES WITHIN AN INTERNAL CONTROL
SYSTEM
  • Good Audit Trail
  • Sound Personnel Policies and Practices
  • Segregation of Duties
  • Physical Protection of Assets
  • Internal Reviews of Controls
  • Timely Performance Reports

16
1. Good Audit Trail
  • An audit trail enables auditors and accountants
    within the organization to follow the path of
    transaction data from source documents to
    ultimate disposition in a financial report and
    vice-versa.
  • Without a good audit trail, it is more likely
    that errors and irregularities in processing data
    will not be detected.
  • To establish its audit trail, a company needs
  • A chart of accounts that describes the purpose of
    each ledger account
  • A complete description of the types of source
    documents and the correct procedures to prepare
    and approve the data for these documents
  • A comprehensive description of the authority and
    responsibilities each individual is assigned.

17
2. Sound Personnel Policies and Practices
  • Examples of sound personnel policies are
  • specific hiring procedures
  • supervision
  • rotating of duties for key employees
  • enforced vacations
  • regular performance reviews
  • proper training
  • fidelity bond coverage on those employees who
    handle liquid assets.

18
3. Segregation of Duties
  • Segregating activities and responsibilities of a
    companys employees allows different people to
    perform various tasks of a specific transaction.
  • The main functions that should be kept separate
    are custody of assets, recording transactions,
    and authorizing transactions.
  • Proper segregation of duties reduces the
    opportunities to allow persons to be in positions
    both to
  • Journalize entries and prepare financial
    statements.
  • Record cash receipts and cash disbursements.
  • Establish internal control and authorize
    transactions.
  • Perpetrate and conceal errors and fraudulent acts.
  • Proper segregation of functional responsibilities
    to achieve effective internal control calls for
    separation of the functions of
  • Authorization, execution, and payment.
  • Authorization, recording, and custody.
  • Custody, execution, and reporting.
  • Authorization, payment, and recording.

19
3. Segregation of Duties
  • The Gardner Company, a client of your firm, has
    come to you with the following problem It has
    three clerical employees, who must perform the
    following functions
  • Maintain the general ledger
  • Maintain the accounts payable ledger
  • Maintain the accounts receivable ledger
  • Prepare checks for signature
  • Maintain the disbursements journal
  • Issue credits on returns and allowances
  • Reconcile the bank account
  • Handle and deposit cash receipts
  • Assuming equal abilities among the three
    employees, the company asks you to assign the
    eight functions to them to maximize internal
    control. Assume that these employees will perform
    no accounting functions other than the ones
    listed.
  • List four possible unsatisfactory pairings of the
    functions
  • State how you would distribute the functions
    among the three employees.

20
4. Physical Protection of Assets
  • Keeping a companys assets in a safe physical
    location minimizes the risk of damage to the
    assets or theft by employees or outsiders.
  • A voucher system is an example of an accounting
    control procedure that protects against
    unauthorized cash disbursements.
  • A petty cash fund may be used for small
    expenditures where writing a check would be
    inefficient.
  • An independent auditor is concerned with controls
    designed to safeguard assets that are relevant to
    the reliability of financial reporting. Adequate
    safeguards over access to and use of assets means
    protection from
  • Any management decision that would unprofitably
    use company resources.
  • Only those losses arising from fraud.
  • Losses such as those arising from setting a
    product price too low and subsequently realizing
    operating losses from the products sale.
  • Losses arising from access by unauthorized
    persons.

21
5. Internal Reviews of Controls
  • Internal audit is a service function within many
    large companies.
  • As a separate subsystem, they report to
    high-level management or to the board of
    directors in order to remain independent and
    objective.
  • They perform periodic reviews, called operational
    audits, on each department within the
    organization in order to evaluate the efficiency
    and effectiveness of that particular department.

22
6. Timely Performance Reports
  • Performance reports provide information to
    management on how efficiently and effectively its
    companys internal controls are functioning.
  • These reports should provide timely feedback to
    management on the success or failure of the
    companys internal controls.

23
8-16 Alden, Inc. Internal Control Case
  • You have been hired by the management of Alden,
    Inc., to review its control procedures for the
    purchase, receipt, storage, and issuance of raw
    materials. You prepared the following comments,
    which describe Aldens procedures.
  • Raw materials, which consist mainly of high-cost
    electronic components, are kept in a locked
    storeroom. Storeroom personnel include a
    supervisor and four clerks. All are well trained,
    competent, and adequately bonded. Raw materials
    are removed from the storeroom only upon written
    or oral authorization from one of the production
    foremen.
  • There are no perpetual inventory records hence,
    the storeroom clerks do not keep records of goods
    received or issued. To compensate for the lack of
    perpetual records, a physical inventory count is
    taken monthly by the storeroom clerks, who are
    well supervised. Appropriate procedures are
    followed in making the inventory count.
  • After the physical count, the storeroom
    supervisor matches quantities counted against a
    predetermined reorder level. If the count for a
    given part is below the reorder level, the
    supervisor enters the part number on a materials
    requisition list and sends this list to the
    accounts payable clerk. The accounts payable
    clerk prepares a purchase order for a
    predetermined reorder quantity for each part and
    mails the purchase order to the vendor from whom
    the part was last purchased.
  • When ordered materials arrive at Alden, they are
    received by the storeroom clerks. The clerks
    count the merchandise and see that the counts
    agree with the shippers bill of lading. All
    vendors bill of lading are initialed, dated, and
    files in the storeroom to serve as receiving
    reports.
Write a Comment
User Comments (0)
About PowerShow.com