160 likes | 306 Views
Chapter 3 Control Sturcture. ACCT620 Internal Auditing Otto Chang Professor of Accounting. COSO’s Definition of Control.
E N D
Chapter 3 Control Sturcture ACCT620 Internal Auditing Otto Chang Professor of Accounting Otto Chang
COSO’s Definition of Control • Internal control is a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations. • Reliability of financial reporting • Compliance with applicable laws and regulations. The Treadway Commission of the Committee of Sponsoring Organizations (AICPA, IIA, FEI, AAA and IMA) Otto Chang
Importance of Control • Control is a major element of management. Management is responsible for controlling the operations of an organization. • The internal auditor is responsible for establishing (recommending) the internal controls necessary to assist management in meeting its responsibilities. Otto Chang
Primary Objectives of Control • Propriety of information (reliability and integrity) • Compliance with rules (policies, plans, procedures, laws and regulations) • Safeguarding assets • Efficient use of resources • Accomplishment of objectives (for operations and programs) Otto Chang
Types of Control • External controls: • From outside the organization. (Anti-pollution laws, SEC) • Internal controls: • Preventive controls. • Detective controls. • Corrective controls. • Directive controls. • Compensating controls. Otto Chang
Internal Controls • Preventive controls. Prevent undesirable outcomes before they happen. • Detective controls. Identify undesirable outcomes when they do happen. • Corrective controls. Make sure corrective action is taken to reverse the undesirable outcomes. • Directive controls. Designed to produce positive results. e.g., training and supervision. • Compensating controls. Otto Chang
The Components of Internal Control • Control environment (sets the tone for the organization) • Risk assessment (identify and analyze relevant risks) • Control activities (policies and procedures that help insure that management directives will be carried out) • Information and communication (requires timely communication) • Monitoring (assesses the quality of the control) Otto Chang
Methods of Internal Control • Organization controls • Operational controls • Controls for personnel management • Review control • Suitable facilities and equipment Otto Chang
Organization Controls • Purpose, Authority, and responsibility • Organizational structure • Decision Authority • Job Descriptions (including segregation of related duties) Otto Chang
Operational Controls • Planning • Budgeting • Accounting and Information systems • Documentation • Authorization • Policies and procedures • Orderliness Otto Chang
Controls for Personnel Management • Recruiting and selection of suitable personnel • Orientation, training, and development • Supervision Otto Chang
Review Control • Review of Individual employees • Internal review of operations and programs • External reviews (e.g., by independent auditors) • Peer review Otto Chang
Requirements of the Foreign Corrupt Practices Act (FCPA) • An internal control system must assure • Transactions executed as authorized • Transactions are recorded in a manner that permits accounting and reporting per GAAP and maintains accountability for assets • Access to assets as authorized by management • Provides a comparison of assets on hand with the records and provides for actions to be taken when there are differences Otto Chang
Reasons for Control Non-function • Apathy • Fatigue • Executive override • Complexity • Poor communication • Alteration to obtain more efficiency • Conflicts of interest Otto Chang
Steps in Developing Control Structure • Developing a control environment • Risk assessment • Identifying general and specific controls • Tying general controls to specific controls • Selecting transactional controls • Planned redundancy • Cost/Benefits considerations • Continuous monitoring Otto Chang
Describing Internal Control Systems • Narrative description • Flowcharting • Combined flowcharting and narrative descriptions • Internal control questionnaires (ICQs) Otto Chang