Prepared by Paula Funkhouser
University of Nevada, Reno
Core Concepts of Accounting Information Systems, 13th Edition
Mark G. Simkin ● Jacob M. Rose ● Carolyn S. Norman
Introduction to
Internal Control
Systems
Chapter 13
1
Chapter 13:
Introduction to Internal Control Systems
•
•
•
•
•
•
•
•
Introduction
1992 COSO Report
Updates on Risk Assessment
Examples of Control Activities
Update on Monitoring
2011 COBIT, Version 5
Types of Controls
Evaluating Controls
2
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Internal Control Systems
• Definition
– Policies, plans, and procedures
– Implemented to protect a firms assets
• People Involved
– Board of directors
– Management
– Other key personnel
3
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Internal Control Systems
• Provides reasonable assurance
– Effectiveness and efficiency of operations
– Reliability of financial reporting
– Protection of Assets
– Compliance with applicable laws and regulations
• Important Guidance
– Statement on Auditing Standard No. 94
– Sarbanes-Oxley Act of 2002
4
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Internal Control System
Objectives
• Safeguard assets
• Check the accuracy and reliability of accounting data
• Promote operational efficiency
• Enforce prescribed managerial policies
5
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #1
This term describes the policies, plans, and procedures
implemented by a firm to protect the assets of the organization.
A.
B.
C.
D.
Internal control
SAS No. 94
Risk assessment
Monitoring
6
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #2
Which of the following is not one of the four objectives of an
internal control system?
A.
B.
C.
D.
Safeguard assets
Promote firm profitability
Promote operational efficiency
Encourage employees to follow managerial policies
7
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Background Information
on Internal Controls
•
•
•
•
•
•
1992 COSO Report
2013 COSO Report
2004 COSO – ERM
1992 COBIT
2012 COBIT, Version 5
Sarbanes-Oxley Act, Section 404
8
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Components of Internal Control
– COSO 1992
• Control Environment
– Management’s oversight, integrity, and ethical principles
– Attention and direction by board of directors
– Management’s philosophy and operating style
– Method of assigning authority and responsibility
– Method of organizing and developing employees
9
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Components of Internal Control
– COSO 1992
• Risk Assessment
– Identify organizational risks
– Analyze potential of risks (cost and occurrence)
– Cost-benefit analysis
• Control Activities
– Policies and procedures
– Manual and automated
10
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Components of Internal Control
– COSO 1992
• Information and Communication
– Inform employees
– Roles and responsibilities
– Importance of good working relationships
• Monitoring
– Evaluation of internal controls
– Initiate corrective action when necessary
11
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
2013 COSO Report
• Supercedes 1992 COSO Report
• Added to Five Components of Internal Control
– Improve governance
– Use framework beyond financial reporting
– Improve quality of risk assessment
– Strengthen anti-fraud efforts
– Adapt controls to changing business requirements
12
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
2004 COSO Enterprise Risk
Management Framework
• Emphasizes enterprise risk management
• Includes COSO (1992) control components
• Three new components
– Objective setting
– Event identification
– Risk response
13
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
2004 COSO Enterprise Risk
Management Framework
14
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Components of Internal Control
– COSO 2004
• Objective Setting
– Strategic – high level goals and mission
– Operations – day-to-day efficiency, performance, and
profitability
– Reporting – internal and external
– Compliance – laws and regulations
15
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Components of Internal Control
– COSO 2004
• Event Identification and Risk Response
– Identify threats
– Analyze risks
– Implement cost-effective countermeasures
– Additional considerations
• Risk tolerance
• Cost-benefit trade-offs
16
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Risk Assessment Worksheet
17
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
COSO’s 2010 Report on ERM
• Commissioned survey called Enterprise Risk
Management Initiative
• Survey targeted utilization of COSO ERM
Framework
– Theoretically sound
– 65% fairly or very familiar with framework
– Board had not assigned risk oversight in over half of
organizations
– State of ERM is relatively immature
18
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #3
An internal control system should consist of five components.
Which of the following is not one of those five components?
A.
B.
C.
D.
The control environment
Risk assessment
Monitoring
Performance evaluation
19
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #4
Which of the following is not one of the three additional
components that was added in the 2004 COSO Report?
A.
B.
C.
D.
Objective setting
Risk assessment
Event identification
Risk response
20
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Examples of Control Activities
• Good Audit Trail
• Sound Personnel Policies and Practices
• Separation of Duties
• Physical Protection of Assets
• Reviews of Operating Performance
21
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Good Audit Trail
• Use of Audit Trail
– Follow path of data recorded in transaction
– Initial source documents to final disposition of data
– Data on reports back to source documents
• Purpose of Audit Trail
– Verify accuracy of recorded transactions
– Detect errors and irregularities
22
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Sound Personnel Policies
23
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Separation of Duties
• Purpose
– Structure of work assignments
– One employee’s work checks the work of another
• Separate Related Activities
– Authorizing transactions
– Recording transactions
– Maintaining custody of assets
24
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Physical Protection of Assets
• Inventory Controls
– Stored in safe location with limited access
– Utilization of Receiving Report
• Document Controls
– Protecting valuable organizational documents
– Corporate charter, major contracts, blank checks, and SEC
registration statements
25
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.