Chapter 9: Introduction to Internal Control Systems Introduction 1992 COSO Report Updates on Risk Assessment Examples of Control Activities Update on Monitoring 2011 COBIT, Version Types of Controls Evaluating Controls Chapter 9-1 Internal Control Systems Definition  Policies, plans, and procedures  Implemented to protect a firms assets People Involved  Board of directors  Management  Other key personnel Chapter 9-2 Internal Control Systems Provides reasonable assurance Effectiveness and efficiency of operations  Reliability of financial reporting  Protection of Assets  Compliance with applicable laws and regulations  Important Guidance Statement on Auditing Standard No 94  Sarbanes-Oxley Act of 2002  Chapter 9-3 Internal Control System Objectives Safeguard assets Check the accuracy and reliability of accounting data Promote operational efficiency Enforce prescribed managerial policies Chapter 9-4 Study Break #1 This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization A B C D Internal control SAS No 94 Risk assessment Monitoring Chapter 9-5 Study Break #1 - Answer This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization A B C D Internal control SAS No 94 Risk assessment Monitoring Chapter 9-6 Study Break #2 Which of the following is not one of the four objectives of an internal control system? A B C D Safeguard assets Promote firm profitability Promote operational efficiency Encourage employees to follow managerial policies Chapter 9-7 Study Break #2 - Answer Which of the following is not one of the four objectives of an internal control system? A B C D Safeguard assets Promote firm profitability Promote operational efficiency Encourage employees to follow managerial policies Chapter 9-8 Background Information on Internal Controls Chapter 9-9 Background Information on Internal Controls Chapter 9-10 Receiving Report Chapter 9-31 Physical Protection of Assets Cash Control  Most susceptible to theft and human error  Fidelity  Use bond coverage checks for cash disbursements  Deposit the daily cash receipts intact Chapter 9-32 Disbursement Voucher Chapter 9-33 Reviews of Operating Performance Internal Audit Function  Reports to Audit Committee of Board of Directors  Independent of other subsystems  Enhances objectivity Duties of Internal Auditors  Operational audits  Regular reviews of internal control systems Chapter 9-34 Study Break #5 Separation of duties is an important control activity If possible, managers should assign which of the following three functions to different employees? A B C D Analysis, authorizing, transactions Custody, monitoring, detecting Recording, authorizing, custody Analysis, recording, transactions Chapter 9-35 Study Break #5 - Answer Separation of duties is an important control activity If possible, managers should assign which of the following three functions to different employees? A B C D Analysis, authorizing, transactions Custody, monitoring, detecting Recording, authorizing, custody Analysis, recording, transactions Chapter 9-36 Update on Monitoring 2009 COSO Monitoring Guidance Report Chapter 9-37 2011 COBIT, Version Control Objectives for Information and related Technology (COBIT)  Strategic alignment  Realization of expected benefits of IT  Continual assessment of IT investment  Determine risk appetite  Measure and assess performance of IT resources Chapter 9-38 COBIT and Val IT Integration Chapter 9-39 Types of Controls Preventive Controls  Prevent problems from occurring Detective Controls  Alert managers when preventive controls fail Corrective controls  Solve or correct a problem Chapter 9-40 Evaluating Controls Requirements of Sarbanes-Oxley Act  Statement of management responsibility for internal control structure  Assessment of effectiveness of internal control structure  Attestation of auditor on accuracy of management’s assessment Chapter 9-41 Cost-Benefit Analysis Chapter 9-42 A Risk Matrix Chapter 9-43 Copyright Copyright 2012 John Wiley & Sons, Inc All rights reserved Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc The purchaser may make backup copies for his/her own use only and not for distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein Chapter 9-44 Chapter Chapter 9-45 ... managerial policies Chapter 9-8 Background Information on Internal Controls Chapter 9-9 Background Information on Internal Controls Chapter 9-10 Background Information on Internal Controls Chapter 9-11... Activities  Policies and procedures  Manual and automated Chapter 9-14 Components of Internal Control – COSO 1992 Information and Communication  Inform employees  Roles and responsibilities... performance, and profitability  Reporting – internal and external  Compliance – laws and regulations Chapter 9-18 Components of Internal Control – COSO 2004 Event Identification and Risk Response