200 likes | 497 Views
Internal Control Basic Concepts. Why do stores use cash registers?. To safeguard assets To insure accuracy and reliability of accounting data To provide efficiency in operations To encourage adherence to prescribed policies & procedures. Why Consider Internal Controls?.
E N D
Why do stores use cash registers? • To safeguard assets • To insure accuracy and reliability of accounting data • To provide efficiency in operations • To encourage adherence to prescribed policies & procedures
Why Consider Internal Controls? • The second standard of fieldwork: • A sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing , and extent of tests to be performed. • To ensure that the company’s objectives are being met.
Internal Control Basics The Auditing Standards Board (ASB) has defined the internal control structure as “the policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved”. SAS No. 55 and No. 78 relate to the internal control structure.
Internal Control Basics • Recently, the Information Systems Audit and Control Foundation (ISACF) developed the Control Objectives for Information and related Technology (COBIT) • Business aspects • IT resources • IT processes
Internal Control Basics The Committee of Sponsoring Organizations (COSO) defines internal control as the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to the following: 1. Effectiveness and efficiency of operations 2. Reliability of financial reporting 3. Compliance with applicable laws and regulations
Internal Control Components • Control Environment - The collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. • Integrity and Ethical Values • Management’s Philosophy and Operating Style • Organizational Structure • The Board of Directors and the Audit Committee • Methods of Assigning Authority and Responsibility • Human Resources Policies and Practices • External Influences
Internal Control Components • Risk Assessment - This is the entity’s identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed. • Identify Threats • Estimate Risk • Estimate Exposure • Identify Controls • Estimate Costs and Benefits
Internal Control Components • Control Activities - Policies and procedures in addition to the control environment and risk assessment that provide reasonable assurance that entity objectives will be achieved. • S egregation of duties • C omparisons and compliance monitoring • A dequate documents and records • L imited access to and use of assets and records • P roper authorization of transactions and activities
Internal Control Basics • Classifications • Preventive, Detective, Corrective • General and Application • Input, Processing, and Output
Internal Control Components • Information and Communication - This area deals with the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. • Identify and record all valid transactions (existence & completeness) • Properly classify transactions (presentation) • Record transactions at their proper monetary value (valuation) • Record transactions in the proper accounting period (allocation) • Properly present transactions and related disclosures in the financial statements. (presentation & disclosure)
Internal Control Components • Monitoring - The process that assesses the quality of the internal control performance over time. • Effective supervision • Responsibility accounting • Internal auditing
Document Your Understanding • Narrative • Flowchart • Questionnaire
Internal Control Risk • Rt = IR x CR x DR • SAS No. 47 requires the auditor to asses control risk. Maximum control risk is 100%
Assessing Control Risk • Start with the assertions • Existence or Occurrence • Completeness • Rights and Obligations • Valuation or Allocation • Presentation and Disclosure
Assessing Control Risk • Match the documented control procedures with the assertions • Three considerations: • Are there adequate controls in place? • Are the controls in place designed adequately? • Are the controls in place operating effectively?
Tests of Controls • Inquiry • Inspection • Observation • Re-performance
Additional Issues • SAS No. 55 requires documentation of the assessed level of control risk • SAS No. 60 requires the auditor to communicate any reportable conditions to the audit committee