1 / 43

Today’s Agenda 9/26/07

Today’s Agenda 9/26/07. Introductions Review Course Objectives, Syllabus and Logistics Management control systems and intro to internal accounting controls Definitions of Internal Controls and Risk Control Frameworks: COSO components: Control Environment Risk Assessment Control Activities

aiden
Download Presentation

Today’s Agenda 9/26/07

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Today’s Agenda 9/26/07 • Introductions • Review Course Objectives, Syllabus and Logistics • Management control systems and intro to internal accounting controls • Definitions of Internal Controls and Risk • Control Frameworks: • COSO components: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring • COSO Enterprise Risk Management

  2. ACTG 551 • No text • A fair amount of reading, some perhaps repetitive (let me know), but geared to hit topics from various dimensions • I’ve added a few readings and a case study

  3. Primary topics/Objectives for this class • Management Controls: • Internal Controls and Control Frameworks (both business and IT Controls). • IT General Controls and Application Controls and their importance to business operations and Corporate Governance. • The fundamentals of Corporate Governance and the roles of the key players: • Board of Directors and the Audit Committee • Management • External and Internal Auditors • The impact of Corporate scandals and the resulting legislation on Corporate Governance: • Sarbanes Oxley (the roles of the SEC and the PCAOB) • The impacts on the Board of Directors/Audit Committee. Management, Internal Auditors, and External Auditors • Did they get it right? Is it working? • Management Control Systems (IT): • the importance of ERP and accounting systems, balanced scorecards and the associated risks. • Maximizing the technology and processes: • Data Modeling, Data Analysis, and Continuous Auditing. • The future? • Introduction to the concepts of Enterprise Risk Management (COSO framework for ERM), XBRL and others.

  4. Primary methods • Lecture • Guest speakers • Panel Discussion • Readings • Brief writing assignments (1/3 rotation) • Cases (All) • Research project (All)

  5. This week’s readings • HBS Levers of Control - Control in the Age of Empowerment • Impressions and takeaways • Different types of control systems: • Diagnostic • Belief Systems • Boundary Systems • Interactive Control Systems • COSO framework and Tone at the Top

  6. What are the objectives of AIS (Accounting Information Systems)? • Support efficiency and effectiveness: • Through Collecting and storing data • Provide adequate controls • Provide information for decision making

  7. How does an AIS fit in an organization? Organization Accounting AIS Involved in profit or not-for profit activities to produce valued goods and/or services for customers Organization support function Delivers information products to help information customers plan, evaluate, and control the execution of business activities The structure used to collect, store, process, and report the accounting information products

  8. Factors influencing AIS design • Company Strategy • Information technology • Organizational culture • AIS design needs to be aligned with the Strategic Business Model: • what do we need or required to account for? • what do we want to measure and control?

  9. Measurement issues • What basis for measuring? For whom? • To meet what objective(s)? • Legal and Compliance (SEC, OSHA, Environmental etc.) • Operations (how is the business doing?) • Employees (what do people need, what do they expect) • Specifically what to measure (across all objective categories)? • E.g, (futures or orders) Is it all defined the same way in different locations? • Measurement attributes: • What exactly what we need to know about it (quantities, timing, location)? • What to report: • What is required by law? • What do investors expect? • What do employees expect? • Others? • Accounting Abstractions: • How does GAAP impact this (timing and revenue recognition) • Accounting Abstraction Model—what does accounting DO? • Cat herding………

  10. Business cycles • Real business activities for the AIS to capture, process, report – what do we want to know in the following areas: • Revenue: • Expenditures: • HR: • Production: • Financing:

  11. Collect data • Transactions: agreement between two parties to exchange economically measurable goods • Capture the data • Implement control procedures • Record in journal • Post to ledgers • Prepare reports

  12. Classifying Accounting Systems – types (small to big) • Single Entry • Money, Quicken • Bookkeeping Systems (organized around A=L + OE) • Peachtree, DacEasy, Quickbooks • Multidimensional Accounting • GEAC’s SmartEnterprise, Solomon’s Solomon IV • Modular Integration • JBA Software’s System 21, Lawson’s Insight II Enterprise Suite • Single Source ERP • SAP’s R/3, Oracle Financials, JD Edwards’ One World, PeopleSoft, Baan’s BaanERP

  13. There needs to by system documentation: • Why • Understand system • Communicate system • Evaluate system • What • Narratives • Data-flow diagrams (DFD) • Flow-chart (FC) • Document/manual • System/computer • Program/software

  14. What documentation methods are important? • DFDs and flowcharts are used extensively for systems development and for internal control documentation • 62.5% of information professionals use DFDs. • 97.6% use flowcharts.—and you need to know a bit about them. • Currently emphasized on understanding the system and its controls

  15. Use by accountants/auditors (we will cover this in detail later) • Documentation techniques are necessary tools for accountants: • SAS-94 requires that auditors understand the automated and manual procedures an entity uses. • This understanding can be gleaned through documenting the internal control system—a process that effectively exposes strengths and weaknesses of the system. • SOX requires that publicly-traded corporations and their auditors document and test the company’s internal controls. • Auditing Standard No. 2 promulgated by the PCAOB requires that the external auditor express an opinion on the client’s system of internal controls. • (Now) AS No. 5 – requires a “top down” risk based approach. You need to understand your processes and systems to effectively do this.

  16. Monthly Statements Delivery Confirm Order Match Credit Check A/R Posting Logistics Order Shipping Invoicing Cash Receipts Order Entry Cash A/R Aging An Example Revenue Process

  17. Basics of Controls • Why cover internal controls? • Important for financial managers within business and for auditors (why?) • Highlight potential business risks (how?) • Even more important in today’s business environment (why?)

  18. Controls defined: • Process of exercising a restraining or guiding influence over the activities of an object, organism, or system • Exist everywhere • Operationalized in many ways • The right controls equal efficiency….

  19. Control philosophy • Controls should permeate, not dominate • Controls are everybody's, not just the accountant’s or auditors • Controls are (should be) part of the operation • Controls are (should be) built into the system • “The faster a car goes the more it needs good brakes” – controls facilitate speed

  20. Internal Control Systems • Internal control in a business • The methods a business uses to • safeguard assets, • provide accurate, reliable information, • promote and improve operational efficiency, and • encourage adherence to prescribed managerial policies • Controls in the external reporting world (Sarbanes Oxley-more details here later): • The financial statement assertions (PCAOB) • Existence or occurrence; • Completeness; • Valuation or allocation; • Rights and obligations; and • Presentation and disclosure.

  21. Internal Control Systems • Financial Statement Assertions for information (CAVR): • Completeness • Accuracy • Validity • Restricted Access

  22. Objective of IC • To reduce likelihood that a threat will come to pass and result in a loss to the organization. • Impact and likelihood (key concepts)

  23. Impact vs. Probability High Impact & Low Likelihood High Impact & High Likelihood Risk 1 Risk 2 Risk Risk Risk Risk Impact Low Impact & High Likelihood Low Impact & Low Likelihood Risk 3 Risk 4 Likelihood

  24. Impact vs. Probability High High Risk Medium Risk I M P A C T Share Mitigate & Control Medium Risk Low Risk Accept Control Low PROBABILITY High

  25. Example: Call Center Risk Assessment High Medium Risk High Risk • Loss of phones • Loss of computers • Credit risk • Customer has a long wait • Customer can’t get through • Customer can’t get answers I M P A C T Low Risk Medium Risk • Entry errors • Equipment obsolescence • Repeat calls for same problem • Fraud • Lost transactions • Employee morale Low PROBABILITY High

  26. What and who is COSO? • COSO, the Committee of Sponsoring Organizations of the • Treadway Commission, is a private sector initiative • established in 1985 by five financial professional • associations. • The Institute of Internal Auditors • American Institute of Certified Public Accountants • American Accounting Association • Institute of Management Accountants • Financial Executives Institute

  27. Why? • COSO’s goal is to improve the quality of financial reporting • through a focus on corporate governance, ethical • practices, and internal control.

  28. COSO Framework • Internal Control—as defined by the professional organizations most directly involved • Internal control is a process, • effected by an entity’s board of directors, management and other personnel, • to provide reasonable assurance regarding the achievement management’s objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations

  29. COSO Components of IC • Control environment • tone at the top • Risk assessment • identification and analysis of risks • Control activities • policies and procedures • Information and communication • processing info for people to do their jobs • Monitoring • assess quality of internal control over time

  30. (A broader view) COSO Enterprise risk management (S&P Credit Ratings may soon include) • ERM is a process, • effected by an entity’s board of directors, management and other personnel, • Applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. • Moves from emphasis on risks relating to financial reporting and compliance to emphasis on ALL risks of the business (is more in line with all of the levers of control in the reading)

  31. Applying COSO’sEnterprise Risk Management — Integrated Framework September 29, 2004

  32. Today’s organizations are concerned about: • Risk Management • Governance • Control • Assurance (and Consulting)

  33. ERM Defined: • “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” • Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.

  34. Why ERM Is Important • Underlying principles: • Every entity, whether for-profit or not, exists to realize value for its stakeholders. • Value is created, preserved, or eroded by management decisions in all activities, from setting strategy to operating the enterprise day-to-day.

  35. Why ERM Is Important • ERM supports value creation by enabling management to: • Deal effectively with potential future events that create uncertainty. • Respond in a manner that reduces the likelihood of downside outcomes and increases the upside.

  36. Enterprise Risk Management — Integrated Framework This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.

  37. The ERM Framework Entity objectives can be viewed in the context of four categories: • Strategic • Operations • Reporting • Compliance

  38. The ERM Framework ERM considers activities at all levels of the organization: • Enterprise-level • Division or • subsidiary • Business unit • processes

  39. The ERM Framework • Enterprise risk managementrequires an entity to take a portfolio view of risk.

  40. The ERM Framework • Management considers how individual risks interrelate. • Management develops a portfolio view from two perspectives: • Business unit level • Entity level

  41. The ERM Framework The eight components of the framework are interrelated …

  42. END OF CLASS • Questions?

More Related