13- OVERVIEW OF INTERNAL CONTROL Flashcards
(34 cards)
It is the process designed and effected by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It follows that interal control is designed and implemented to address identified business risks that threaten the achievement of any of these objectives.
Intemal control
Intemal control objectives fall into three categories:
• Reliability of the entity’s financial reporting
• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations
It means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records, and the timely preparation of reliable financial information.
Internal control system
ELEMENTS/COMPONENTS OF INTERNAL CONTROL
The internal control system extends beyond these matters which relate directly to the functions of the accounting system and consists of the following components accordance with the COSO’s updated Internal Control - Integrated Framework.
a. the control environment;
b. the entity’s risk assessment process;
c. the information system, including the related business processes, relevant
to financial reporting, and communication;
d. control activities;
e. monitoring of controls.
The _______ which means the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance in the entity. The control environment has an effect on the effectiveness of the specific control procedures. A strong control environment, for example, one with tight budgetary controls and an effective internal audit function, can significantly complement specific control procedures. However, a strong environment does not, by itself, ensure the effectiveness of the internal control system. Factors reflected in the control environment include:
control environment
• The function of the board of directors and its committees
• Management’s philosophy and operating style;
• The entity’s organizational structure and methods of assigning authority and responsibility;
• Management’s control system including the internal audit function, personnel policies and procedures and segregation of duties.
control environment
Integrity and ethical values are essential elements of the internal control environment. They affect the design adminisration, and monitoring of other components of intemal control. An entity’s ethical and behavioral standards and the manner in which it communicates and reinforces them determine the entity’s integrity and ethical behavior. Integrity and ethical values include management’s actions to remove or reduce incentives and emptations that might prompt personnel to engage in dishonest, illegal. or unethical acts. They also include the communication of entity values and behavioral standards to personnel through policy statements, a code of conduct, and management’s example of appropriate behavior.
Communication and Enforcement of Integrity and Ethical Values
Competence is the knowledge and skills necessary to accomplish tasks that define an employee’s job. Commitment to competence means that management considers the competence levels for particular jobs in
determining the skills and knowledge required of each employee and that it hires employees competent to perform the tasks.
Commitment to Competence
An entity’s control consciousness is influenced significantly by those charged with governance. Attributes of those charged with governance include independence from management, their experience and stature, the extent of their involvement and, scrutiny of activities,
appropriateness of their actions, the information they receive, the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors. The importance of responsibilities of those charged with governance is recognized in codes of practice and other regulations or guidance produced for the benefit of those charged with governance. Other responsibilities of those charged with governance include oversight of the design and effective operation of whistle blower procedures and the process for reviewing the effectiveness of the entity’s internal control.
Participation by those Charged with Governance
It is the “identification, analysis, and management of risks peraining to the preparation of linancial statements”
Risk assessment
For example risk assessment may focus on how the entity considers the possibility of transactions not being recorded or identifies and assesses significant estimates recorded in the financial statements.
T or F?
An entity’s risk assessment process is its process for identifying and respondling to business risks and the results thereof.
T
T or F?
For financial reporting purposes, the entity’s risk assessment process includes how management
identifies risks relevant to the preparation of financial statements that are presented fairly, in all material respects in accordance with the entity’s applicable financial reporting framework, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
T
Risks can arise or change due to circumstances such as the following:
• Changes in operating environment. Changes in regulatory operating environment can result changes in competitive pressures and significantly different risks.
• New personnel. New personnel may have a different focus on or understanding of internal control.
• New or revamped information systems. Significant and rapid changes in information systems can change the risk relating to internal control
• Rapid growth Significant and mapid expansioum f operations can
strain controls and increase the risk of a breakdown in controls.
• New rechnology: Incorporating new technologies into production processes or information systems may change the risk associated with internal control.
• New business models, products, or activities. Entering into business arcas or transactions with which an entity has little experience may introduce new risks associated with internal control.
• Corporate restructurings. Restructurings may be accompanied by staff reductions and changes in supervision and segregation of duties that may change the risk associated with internal control.
• Expanded foreign operations. The expansion or acquisition of foreign operations carries new and often unique risks that may affect internal control, for example, additional or changed risks from foreign curreney transactions.
• New accounting pronouncements. Adoption of new accounting principles or changing accounting principles may affect risks in preparing financial statements.
An information system consists of infrastructure (physical and hardware components), software, people, procedures, and data. Infrastructure and software will be absent, or have less significance, in systents that are exclusively or primarily manual. Many information systems make extensive use of IT.
Information System, including the Business Processes, Relevant to Financial Reporting and Communication
The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity;
• Resolve incorrect processing of transactions, for example, automated suspense files and procedures followed to clear suspense items out on a timely basis;
• Process and account for system overrides or bypasses to controls;
• Transfer information from transaction processing systems to the general ledger;
• Capture information relevant to financial reporting for events and conditions other than transactions,
as the depreciation amortization of assets and changes in the recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting framework is accumulated, recorded, processed, summarized and appropriately reported in the financial statements.
Communication takes such forms as policy manuals. accounting and financial
reporting manuals, and memoranda.
Communication also can be made electronically, orally, and through the actions of management.
are the policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives. Control activities, whether within IT or manual systems, have various objectives and are applied at various organizational and functional levels
Control activities
The major categories of control procedures are:
A. Performance Review
B. Information Processing Controls
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Adequate documents and records
4. Safeguards over access to assets; and Independent checks on performance
C. Physical controls
In a peformance review management uses secounting and operating data to assess performance, and it then takes corrective action. Such reviews include:
• comparing actual performance (or operating results) with codgers, forecasts, prior period performanos, containetitors data or tracking major initiatives such as cost-containment or cost-reduction programs to measure the extent to which targets are being met.
• investigating performance indicators based on opcrating of financial data, such as quantity or purchase price variances or the percentage of returns to total orders. reviewing functional or activity performance,
such as relating the performance of a manager responsible for a bank’s consumer loans
with some standard, such as economic statistics or targets.
Performance Reviewh
are policies and procedures designed to require authorization of transactions and to ensure the accuracy and completeness of transaction processing. Control
activities may be classified according to the scope of the system they affect.
Information processing controls
are control activities that prevent or detect errors or irregularities for all accounting systems. It affect all transaction cycles and apply to information processing as a center, hardware and systems software acquisition and maintenance,
General controls
are controls that pertain to the procesing of a specific type transaction, such a paroll, or sales and collections. These controls help ensure that transactions occured, are authorized, and are
completely and accurately recorded and processed.
Examples of
Checking the arilmetical accuracy of records,
Maintaining and reviewing accounts and trial balances,
Automated controls such as input data and numerical sequence checks, and manual follow-up of exception reports.
Application controls
Internal controls relating to the accounting system are concerned with achieving objectives such as:
• Transactions are executed in accordance with management’s general or specific authorization.
• All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with an identified
financial reporting framework.
• Access to assets and records is permitted only in accordance with management’s authorization.
• Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is
taken regarding any differences.
