Prepared by Paula Funkhouser University of Nevada, Reno Core Concepts of Accounting Information Systems, 13th Edition Mark G Simkin ● Jacob M Rose ● Carolyn S Norman Introduction to Internal Control Systems Chapter 13 Chapter 13: Introduction to Internal Control Systems • • • • • • • • Introduction 1992 COSO Report Updates on Risk Assessment Examples of Control Activities Update on Monitoring 2011 COBIT, Version Types of Controls Evaluating Controls Copyright © 2015 John Wiley & Sons, Inc All rights reserved Internal Control Systems • Definition – Policies, plans, and procedures – Implemented to protect a firms assets • People Involved – Board of directors – Management – Other key personnel Copyright © 2015 John Wiley & Sons, Inc All rights reserved Internal Control Systems • Provides reasonable assurance – Effectiveness and efficiency of operations – Reliability of financial reporting – Protection of Assets – Compliance with applicable laws and regulations • Important Guidance – Statement on Auditing Standard No 94 – Sarbanes-Oxley Act of 2002 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Internal Control System Objectives • Safeguard assets • Check the accuracy and reliability of accounting data • Promote operational efficiency • Enforce prescribed managerial policies Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #1 This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization A B C D Internal control SAS No 94 Risk assessment Monitoring Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #2 Which of the following is not one of the four objectives of an internal control system? A B C D Safeguard assets Promote firm profitability Promote operational efficiency Encourage employees to follow managerial policies Copyright © 2015 John Wiley & Sons, Inc All rights reserved Background Information on Internal Controls • • • • • • 1992 COSO Report 2013 COSO Report 2004 COSO – ERM 1992 COBIT 2012 COBIT, Version Sarbanes-Oxley Act, Section 404 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Components of Internal Control – COSO 1992 • Control Environment – Management’s oversight, integrity, and ethical principles – Attention and direction by board of directors – Management’s philosophy and operating style – Method of assigning authority and responsibility – Method of organizing and developing employees Copyright © 2015 John Wiley & Sons, Inc All rights reserved Components of Internal Control – COSO 1992 • Risk Assessment – Identify organizational risks – Analyze potential of risks (cost and occurrence) – Cost-benefit analysis • Control Activities – Policies and procedures – Manual and automated 10 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Sound Personnel Policies 23 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Separation of Duties • Purpose – Structure of work assignments – One employee’s work checks the work of another • Separate Related Activities – Authorizing transactions – Recording transactions – Maintaining custody of assets 24 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Physical Protection of Assets • Inventory Controls – Stored in safe location with limited access – Utilization of Receiving Report • Document Controls – Protecting valuable organizational documents – Corporate charter, major contracts, blank checks, and SEC registration statements 25 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Receiving Report 26 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Physical Protection of Assets • Cash Control – Most susceptible to theft and human error – Fidelity bond coverage – Use checks for cash disbursements – Deposit the daily cash receipts intact 27 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Disbursement Voucher 28 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Reviews of Operating Performance • Internal Audit Function – Reports to Audit Committee of Board of Directors – Independent of other subsystems – Enhances objectivity • Duties of Internal Auditors – Operational audits – Regular reviews of internal control systems 29 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #5 Separation of duties is an important control activity If possible, managers should assign which of the following three functions to different employees? A B C D Analysis, authorizing, transactions Custody, monitoring, detecting Recording, authorizing, custody Analysis, recording, transactions 30 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Update on Monitoring • 2009 COSO Monitoring Guidance Report 31 Copyright © 2015 John Wiley & Sons, Inc All rights reserved 2012 COBIT, Version • Control Objectives for Information and related Technology (COBIT) – Meet stakeholders needs – Cover enterprise end-to-end – Apply a single integrated framework – Enable holistic approach – Separate governance from management 32 Copyright © 2015 John Wiley & Sons, Inc All rights reserved COBIT and Val IT Integration 33 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Types of Controls • Preventive Controls – Prevent problems from occurring • Detective Controls – Alert managers when preventive controls fail • Corrective controls – Solve or correct a problem 34 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Evaluating Controls • Requirements of Sarbanes-Oxley Act – Statement of management responsibility for internal control structure – Assessment of effectiveness of internal control structure – Attestation of auditor on accuracy of management’s assessment 35 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Cost-Benefit Analysis 36 Copyright © 2015 John Wiley & Sons, Inc All rights reserved A Risk Matrix 37 Copyright © 2015 John Wiley & Sons, Inc All rights reserved ... reserved Reviews of Operating Performance • Internal Audit Function – Reports to Audit Committee of Board of Directors – Independent of other subsystems – Enhances objectivity • Duties of Internal... rights reserved Study Break #2 Which of the following is not one of the four objectives of an internal control system? A B C D Safeguard assets Promote firm profitability Promote operational efficiency... Components of Internal Control – COSO 1992 • Information and Communication – Inform employees – Roles and responsibilities – Importance of good working relationships • Monitoring – Evaluation of internal