Lecture 10 Flashcards
(5 cards)
Define internal controls
Internal controls involve the process implemented to provide assurance that the following objectives are achieved
* Safeguards assets
* Provide accurate and reliable information
* Promote operational efficiency
* Enforce prescribed managerial policies
* Comply with applicable laws and regulations
Types of internal controls
Preventative
* Deters risk from being realised
* Eligibility requirements are verified against independent-party information prior to the award
Detective
* Finds if the risk does get realised
* Data mining to detect fraud patterns
Corrective
* Detects if the risk is realised and reacts
* Thermostat in the computer room that protects valuable equipment
Internal control framework
Internal control in the middle
- Around the outside
- Control environment
- Risk assessment
- Control actives
- Information and communication
- Monitoring activities
Components of COSO IC frameworks
Control environment
* Management philosophy, operating style
* Commitment to integrity, ethical values and competence
* Internal controls oversight by the board of directors
* Organising structure
* Methods of assigning authority and responsibility
* Human resource standards
Risk assessment
* Identifying and analysing a firm’s risks from external and internal environments
* Allows firms to understand the extent to which potential events might affect corporate objectives
* Risk is assessed from two perspectives
- + likelihood
- The probability that the event will occur
- +impact
- Estimate potential loss if an event occurs
Control activities
* A firm must establish control policies, procedures and practices that ensure the firm’s objectives are achieved and risk mitigation strategies are carried out
* Occur throughout a firm at all levels and in all functions
* Both physical controls ( e.g., segregation of duties) and it controls (e.g., access controls)
Information and communication
* supports all other control components by communicating effectively
* + to ensure that infomation flows within the firm
* +to interact with external parties and inform them about related policy positions
Monitoring activities
* The design and effectiveness of internal controls should be monitored by management in an ongoing basis
* Findings should be evaluated and deficiencies must be communicated in a timely mannor
* Necessary modifications should be made to improve the business process and the internal control systems
Why IC may not be effective
- Judgement error
- Unexpected transactions
- Collusion
- Form over substance
- Management override
- Weak ICs
