Professional Documents
Culture Documents
Auditing (Annotated)
Auditing (Annotated)
Auditing (Annotated)
• Upon completing this on demand course, you will be instructed to take a final exam.
• Once you have successfully completed the final exam (70% or higher), your CPE certificate will
be immediately awarded for you to view, print, or download.
• This on demand course will allow you to print the course slides and glossary.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission
of Becker Professional Education Corporation or the copyright owner.
The Impact of
Sarbanes-Oxley
on Internal
Controls
Auditing
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© 2022 Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission
of Becker Professional Education Corporation or the copyright owner.
Learning After completing this course, the learner should be able to:
objectives
Recognize the purpose and definition of internal control
Field of study: Identify the principles that underlie the five components of internal
control
Auditing
Advance preparation:
Recognize the roles and responsibilities related to internal control
None
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission
of Becker Professional Education Corporation or the copyright owner.
Program This course will be an overview of:
content The Committee of Sponsoring Organizations (COSO) of the Treadway
Commission Study established internal control to be a process with five
interrelated components. Learn how the far-reaching COSO principles enable
compliance with the stringent requirements of the watershed Sarbanes-Oxley
Act of 2002 .
Understand how the COSO ICF enables compliance with the requirements of
the Sarbanes-Oxley Act.
• Summarize the Act's effect on the control environment, including the audit
committee's role and the rules governing public accounting firms;
• Discuss the Act's effect on risk assessment and how it is important to the
management certification of the internal control system;
• Describe the Act's effect on control activities, focusing on the assessment,
documentation, testing, and materiality of control activities; and
• Summarize the Act's effect on monitoring, information, and communication.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission
of Becker Professional Education Corporation or the copyright owner.
Major topic/
concept index Chapter 1 Slides 8 – 26 Chapter 2 Slides 27 – 38 Chapter 3 Slides 39 – 71 Chapter 4 Slides 72 – 80
Internal controls based How COSO principles The control Controls over
on the COSO study enable compliance with environment, risk information systems
• Introduction and Sarbanes-Oxley assessment, and control • General and
definitions • The five components activities application controls
• Objectives • The relationship of • Definitions • Information and
• Fundamental the components • Information and communication
concepts of the communication • Internal and external
definition • Monitoring communications
• The control
environment
• Management's
philosophy and
operating style
• Integrity and ethical
values
• Commitment to
competence
• Risk assessment
• Financial reporting
and compliance
objectives
• Managing change
• Control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 5
of Becker Professional Education Corporation or the copyright owner.
Major topic/
concept index Chapter 5 Slides 81 – 92 Chapter 6 Slides 93 – 103 Chapter 7 Slides 104 – 110
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 6
of Becker Professional Education Corporation or the copyright owner.
Major topic/
concept index Chapter 10 Slides 156 – 159 Chapter 11 Slides 160 – 174 Chapter 12 Slides 175 – 187
Effect of Sarbanes- Effect of Sarbanes- Effect of Sarbanes-Oxley
Oxley on control Oxley on information on monitoring
activities and communication • Greater significance
• Concept of control • Focusing on under SOX
activities operations objective • Surveillance of
• Weakness threshold • SOX requirements changes in systems
in the internal control • Corporate that might affect
system responsibility for internal controls
financial reports • Setting up the
• Improper influence monitoring
on conduct of audits process/following up
on corrective actions
• Follow-up on reports
to and investigations
by the audit committee
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 7
of Becker Professional Education Corporation or the copyright owner.
1
Internal controls
based on the
COSO study
Internal controls based on the COSO study
• Framework
The primary report on the theory of internal control
• Evaluation Tools
An exposition on evaluating internal control based on the theory and
definitions in the study
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 9
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
• Executive Summary
A summary designed to convey the basic elements to CEOs and other
executives in the organization
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 10
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 11
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 12
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
COSO sponsors
The professional organizations with the greatest interest in internal control:
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 13
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 14
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
The definition
The COSO study defines internal control as:
A process, effected by an entity's board of directors, management and
other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 15
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
The internal control system is an integral part of the entity and it either
functions or fails the same way that other aspects of the organization either Other
Management
successfully function or fail. Personnel
Internal
Control
Board of Directors
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 16
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
The objectives
The objectives of the internal control system are:
Key point: These objectives and their order are critical to understanding what
this definition means to an organization.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 17
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
Key point: Effectiveness is doing the right thing and efficiency is doing the right
thing the right way.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 18
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
Key point: The objective states financial reporting is more than just the
published financial statements.
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 19
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
• The AICPA incorporated the concepts of the COSO study into some of
the Statements on Auditing Standards. SASs 104–111 included the
COSO concepts.
Note: Note that Clarified Auditing Standards have replaced the Statements of
Auditing Standards.
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 20
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 21
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 22
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
When management and auditors look at internal controls, they must look at
the controls' effects (e.g., the control establishes accountability).
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 23
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 24
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 25
of Becker Professional Education Corporation or the copyright owner.
Internal controls based on the COSO study
Objectives
Internal control is geared to the achievement of objectives.
Every entity has a mission. The entity then establishes its objectives and
then the strategies for accomplishing those objectives.
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 26
of Becker Professional Education Corporation or the copyright owner.
2
How COSO
principles enable
compliance with
Sarbanes-Oxley
Compliance with Sarbanes-Oxley
1. Control environment
2. Risk assessment
4. Monitoring
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 28
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
Objectives
Monitoring
Control Environment
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 29
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 30
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 31
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
• The control process not only exists within each operating unit of the
organization but also within entities associated with the organization.
Objectives
Units/Activities
Units/Activities
Existing Control Activities
Units/Activities
Monitoring
Units/Activities
Info. & Communication
Components Units/Activities
Risk Assessment
Organization
Control Environment
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 32
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 33
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
• Without the control environment, the other components will collapse like a
house built without a foundation.
A risk is any condition, event, or factor that might prevent the organization
from achieving its objectives.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 34
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
3. Performance
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 35
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
Monitoring
Control Activities
Risk Assessment
Control Environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 36
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 37
of Becker Professional Education Corporation or the copyright owner.
Compliance with Sarbanes-Oxley
• The communication channels must reach every level of the internal Monitoring
control structure so the information can reach the levels that can
react to and address the specific control issue.
Control Activities
Risk Assessment
Control Environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 38
of Becker Professional Education Corporation or the copyright owner.
3
The control
environment, risk
assessment, and
control activities
The control environment, risk assessment,
and control activities
People are the engine that drives the entity, and the foundation on which
everything rests.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 40
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• People with the right educational background must be hired, and they
must be trained to perform their assigned duties within the entity that
employs them.
Key point: The COSO study refers to this as "a commitment to competence."
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 41
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The control environment There are five principles associated with the control environment
component.
(continued)
1. "The organization demonstrates a commitment to integrity and ethical
values.
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 42
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
Key point: People should be positively influenced to comply with the internal
control system and not dominated by threats for negative behavior.
• Commitment to competence.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 43
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 44
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• Management's operating style and its regard for the people in the
organization are irrevocably entwined with the question of integrity and
ethical values.
Key point: Management should expect no higher level of integrity than it shows
by its own actions.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 45
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 46
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
Risk assessment
The second component is risk assessment. Risks come from both external
and internal sources.
Risk assessment is the basis for determining how risks will be managed.
Prevention and detection mechanisms can be put in place only after the
risks have been identified and the likelihood of occurrence and the
probable impact determined.
The organization needs mechanisms to identify and deal with the special
risks associated with change, as economic, industry, regulatory, and
operating conditions are constantly changing.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 47
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 48
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• Risk assessment begins with the original objectives of control— Risk Assessment
operational, financial, and compliance objectives.
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 49
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 50
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 51
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• The ability to meet the compliance standards is within the control of the
entity, so the entity sets its objectives based on the externally
established standards. These standards include:
– Environmental protection
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 52
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 53
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 54
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 55
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
Control activities
After the risk assessment has been made, the entity turns to developing
control activities.
Control activities are the policies and procedures that help ensure that
management directives are carried out.
They help ensure that necessary actions are taken to address the risks to
achieving the entity's objectives.
Key point: Management identifies risks that could stand in the way of achieving
objectives—the risk assessment. Then, management establishes control
activities—policies, procedures, and practices—to guard against those risks.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 56
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
Control activities are the policies and procedures that people perform to ensure
that management's directives related to risk are carried out. Typical control
activities include:
• Authorizations
• Approvals
• Verifications
• Reconciliations
• Reviews of operating performance
• Security of assets, and
• Segregation of duties.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 57
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 58
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• Segregation of duties.
Because more and more operating and decision-support systems are
computerized, there is a great need to assure that proper controls are
built into computer systems as they are developed.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 59
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 60
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
4. Entity-specific controls
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 61
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 62
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
Key point: Control activities will not work if they do not fit the organization.
The entity must
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 63
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• The COSO study divides control activities by the level of personnel that
provide those controls and indicates that this division is just one of a
number of ways that control activities can be viewed.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 64
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 65
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 66
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
• Physical controls
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 67
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 68
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
If the results are negative, how will they be corrected and when
will the entity return to predicted performance?
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 69
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 70
of Becker Professional Education Corporation or the copyright owner.
The control environment, risk assessment,
and control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 71
of Becker Professional Education Corporation or the copyright owner.
4
Controls over
information systems
Controls over information systems
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 73
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 74
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 75
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
Key point:
• Information is derived from data, but not all data is information because not
all data is useful in its current form.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 76
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 77
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
• Information comes from inside and outside the organization and is used
for almost every imaginable purpose to guide the entity's strategic and
tactical decision making, and to measure performance.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 78
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
Engineering
the production department, and engineering from marketing. Any time one
Upper Management
Sales
portion of an entity fails to listen or to send its message, the risk that the
entity will not achieve its objectives increases.
Middle Management
Lower Management
Marketing
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 79
of Becker Professional Education Corporation or the copyright owner.
Controls over information systems
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 80
of Becker Professional Education Corporation or the copyright owner.
5
Monitoring
activities
Monitoring activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 82
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 83
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
Example
Regular managerial Carrying out regular management activities provides insight on the extent that managers and
activities supervisory personnel are aware of the timeliness and accuracy of information from the system
External feedback Communication from external parties corroborates internal information and indicates problems
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 84
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
Example (continued)
Data recorded by Data from information systems is compared with physical assets, as in counts of finished goods.
information systems These routines test both the protection of the assets and the quality of the information system that
accounts for them
Internal feedback (e.g., separation of duties): Appropriate organizational structure provides oversight of control
functions and feedback on any deficiencies.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 85
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
Reporting deficiencies
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 86
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
Internal and external auditors offer their assessment of the design and
performance of the internal control system, identify potential weaknesses
in the system, and make recommendations for improvements in the
system.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 87
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 88
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 89
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
Key point: The higher the risk, the more frequently the evaluation should be
conducted.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 90
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
The internal auditors may perform this study either as part of their regular
work or as a special project.
The internal and external auditors may perform the evaluation jointly.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 91
of Becker Professional Education Corporation or the copyright owner.
Monitoring activities
• Analyze the design of the internal control system and the results of
the tests performed on the system.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 92
of Becker Professional Education Corporation or the copyright owner.
6
Evaluation
methodology
Evaluation methodology
Requirements
• Present
" 'Present' refers to the determination that components and relevant
principles exist in the design and implementation of the system of
internal control to achieve specified objectives."
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 94
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
• Operating together
"Internal Control—Integrated Framework: Framework and Appendices." Committee of Sponsoring Organizations of the Treadway Commission. May 2013.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 95
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
Methodology
Checklists, questionnaires, and flowchart techniques can be used, as well
as quantitative techniques.
Some entities compare their internal control systems with those of similar
organizations as a form of benchmarking; however, the many cautions
about the entity-specific nature of controls must be observed.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 96
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
Many controls are undocumented, but they are regularly performed and
highly effective.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 97
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
Key point: The COSO study provides an outline of an action plan for
performing an evaluation of the internal control system. The study suggests an
outline that includes the following:
• Identifying the ongoing monitoring activities that routinely provide comfort that
internal control is effective
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 98
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
Key point: The COSO study provides an outline of an action plan for
performing an evaluation of the internal control system. The study suggests an
outline that includes the following:
• Bringing together the parties who will carry out the evaluation (together,
they consider not only scope and time frames, but also methodology, tools to
be used, input from internal and external auditors and regulators, means of
reporting findings, and expected documentation.)
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 99
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 100
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
– Operating together.
• Mitigation
A major deficiency in a component or relevant principle cannot be
mitigated by another component or principle that is present and
functioning.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 101
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 102
of Becker Professional Education Corporation or the copyright owner.
Evaluation methodology
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 103
of Becker Professional Education Corporation or the copyright owner.
7
Roles and
responsibilities
Roles and responsibilities
Internal parties
"Everyone in an organization has some responsibility for internal control."
• Management
• Internal auditors
• External parties
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 105
of Becker Professional Education Corporation or the copyright owner.
Roles and responsibilities
Management
The CEO, the division and department managers, and the senior financial
officers have a specific responsibility for the financial activities and the
controllership of the organization. Their activities cut across the entity's
operational and geographic lines.
Board of directors
• In some cases, such as banking, they are liable for civil monetary
penalties and even confiscation of their personal assets for failure to
perform their responsibilities.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 106
of Becker Professional Education Corporation or the copyright owner.
Roles and responsibilities
Internal auditors
Internal auditors have a special role in the internal control system.
The internal auditor's charter spreads across the entire organization and
the auditor reports those findings to senior management and the board's
audit committee.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 107
of Becker Professional Education Corporation or the copyright owner.
Roles and responsibilities
External auditors
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 108
of Becker Professional Education Corporation or the copyright owner.
Roles and responsibilities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 109
of Becker Professional Education Corporation or the copyright owner.
Roles and responsibilities
• Financial analysts and bond rating agencies make their own evaluations
of the entity, including financial data, the entity's actions in response to
conditions in the economy, and the entity's potential for success or failure.
• The news media, especially the financial press, makes similar analyses.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 110
of Becker Professional Education Corporation or the copyright owner.
8
Effect of Sarbanes-
Oxley on control
environment
Effect of Sarbanes-Oxley on control environment
• The issues of ethical conduct and corporate structure that are mandated
by the Act require a number of issues that are only suggested by
COSO.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 112
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
• People put the internal control system and its control mechanisms in
place.
• The designers of the internal control system must be aware that the
system will be operated by people and that people will be affected by it.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 113
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 114
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 115
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The final rule provides that the code of ethics shall be written standards
and shall promote:
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 116
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 117
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Organizational Structure
Shareholders
Board of Audit
Directors Committee
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 118
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 119
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 120
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Board membership
The final rule, Standards Relating to Listed Company Audit Committees,
contains amendments to Exchange Act Rule 10A-3 defining qualifications for
members of the audit committee. There are two criteria determining
independence: compensation and affiliation.
• Compensation
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 121
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Key point: The final rule specifies that the prohibition covers accounting,
consulting, legal, investment banking, or financial advisory services.
Other commercial relationships are not covered by the final rule.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 122
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 123
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Key point:
• The audit committee should develop the policies and procedures that best fit
the structure and function of the company.
• The SEC final rules do not provide any specific procedures or mechanisms
for reporting because the nature and complexity of registered issuers is too
diverse to support a "one size fits all" approach.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 124
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Shareholders
Board of Audit
Directors Committee
CEO
Whistle-blowing
CFO
Rank-and-File
Organization
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 125
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 126
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Shareholders
CEO
Whistle-blowing
CFO
Rank-and-File
Organization
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 127
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
• To the registered public accounting firm employed by the issuer for the
purpose of rendering or issuing an audit report; and
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 128
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The fact that the audit committee has an "audit committee financial expert"
member must be cited and whether that member is independent or the
absence of such a member explained—however, the name of that member
must be disclosed.
If the company does not have an audit committee but the board of
directors acts as the audit committee, that fact is stated.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 129
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Finally, the issuer must disclose whether the members of the audit
committee are independent.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 130
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Key point: The disclosure rules for the audit committee will continue to
evolve and these should not be viewed as hard and fast rules. Regularly
monitor the SEC website (www.sec.gov) for changes and new developments.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 131
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The audit committee has the responsibility for seeing that the accounting
firm abides by the rules in its dealing with the company.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 132
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Overseeing the audit and the The committee must understand the list of prohibited activities. Section 201
lists eight specific activities and provides that the PCAOB can specify
public accounting firm others in the future. This section is now §10A(g) of the Securities
(continued) Exchange Act of 1934.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 133
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Overseeing the audit and the – Bookkeeping or other services related to the accounting records or
financial statements of the audit client;
public accounting firm
(continued) – Financial information systems design and implementation;
– Actuarial services;
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 134
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 135
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
• There is language in Section 201 to cover the engagement of the public accounting
firm for work other than the audit or tax work on a de minimis basis when it has
not been preapproved by the audit committee:
– The cost of non-audit services cannot exceed 5 percent of all fees paid to the
auditor.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 136
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 137
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
• Such services were not recognized by the issuer at the time of the
engagement to be non-audit services; and
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 139
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 140
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
Shareholders
CEO
Whistle-blowing
CFO
Public Accounting
Firm
Rank-and-File
Organization
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 141
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 142
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
• The final rule issued by the SEC made it clear that the employment of
former members of the audit engagement team is a conflict only if the
employment begins within the one year preceding the initiation of the
audit and if that individual was assuming a "financial reporting oversight
role" in the company.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 143
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control environment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 144
of Becker Professional Education Corporation or the copyright owner.
9
Effect of
Sarbanes-Oxley
on risk assessment
Effect of Sarbanes-Oxley on risk assessment
Overview
The assessment of the control system required to support the Section 404
certification begins with an examination of the risk assessment.
Key point: If the risk assessment is not properly conducted, none of the other
steps can be successful.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 146
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
Overview (continued)
Risk assessment is the process of identifying and analyzing the events
and conditions (risks) that may prevent the achievement of the entity's
objectives.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 147
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
Categories of objectives
Objectives are related to the original objectives of control: operational,
financial, and compliance objectives.
Risk assessment begins with these internally generated objectives and the
risks to their achievement.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 148
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 149
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
Many control procedures were simply the way every organization does
things. For example:
• The petty cash funds were maintained under lock and key in the
custody of designated individuals who were accountable for any
shortages; however, there were no written rules.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 150
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 151
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
Entities should focus more on their thought processes than the adoption of
standardized evaluation models.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 152
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
• The fact that the public accounting firm independently must assess the
design and operating effectiveness of the system—this is differentiated
from the environment in which the public accounting firm performed its
procedures and offered recommendations on control deficiencies.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 153
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
Key point: The level of complexity and detail in the illustrative model in the
COSO Evaluation Tools volume does not rise to the level of the Act's standard.
It should be viewed solely as an example.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 154
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on risk assessment
• The executive managers and members of the board must consider their
personal liabilities to governmental actions and suits by stockholders
and others.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 155
of Becker Professional Education Corporation or the copyright owner.
10
Effect of
Sarbanes-Oxley
on control activities
Effect of Sarbanes-Oxley on control activities
One difference
• Key controls;
• Material weaknesses;
• Reportable events.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 157
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control activities
─ "If this control fails, would it result in a condition that should be cited
in the Section 302 officers' statement or generate a qualified
auditor's opinion in the attestation?"
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 158
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on control activities
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 159
of Becker Professional Education Corporation or the copyright owner.
11
Effect of
Sarbanes-Oxley
on information and
communication
Effect of Sarbanes-Oxley on information and
communication
The information gathered from internal and external sources would move
through identified communication channels to identify weaknesses, provide
monitoring data, and generally improve the entity or prevent deterioration.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 161
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
SOX requirements
Sarbanes-Oxley (SOX) makes it the law that the company must secure
and act upon such information.
Key point: The important concepts are identifying the correct information and
ensuring that it gets from its origination to its intended destination while
ensuring its integrity.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 162
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
Section 301-4
(4) Complaints—Each audit committee shall establish procedures for—
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 163
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 164
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
Key point: To ensure the process works most effectively and efficiently, the
company should have forms and routing mechanisms whenever possible.
The instructions should be contained in company procedures manuals
and the company's code of ethics.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 165
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• Based on the officer's knowledge, the report does not contain any untrue
statement of a material fact or omit to state a material fact necessary in
order to make the statements made, in light of the circumstances under
which such statements were made, not misleading;
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 166
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 167
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 168
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• The burden for false reporting falls on the CEO and CFO; they'll want
to be sure that information on problems is reported immediately when
discovered and corrective action is immediate.
• All responsible staff members know the need for prompt reporting of any
germane information on problems in the control system.
• Policies and procedures are published and provided to all current staff
members in affected positions and all future incumbents in such
positions.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 170
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• The reporting point is defined (where the report should be directed); and
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 171
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• The new people in the positions do not get the word and the process falls apart.
• There is a danger that the CEO and CFO will find themselves in trouble.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 172
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• Require that those positions report breakdowns just as any other legal
compliance requirement (requirement should be written into job
descriptions).
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 173
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on information and
communication
• The company should also be aware that the bank's counsel is permitted
under these rules of the ABA to breach confidentiality if the attorney has
evidence that the company or its employees are about to commit
financial fraud.
Key point: The company can no longer go to counsel, ask for an opinion on the
legality of an action, and then ignore that advice in the belief that the attorney is
irrevocably bound to confidentiality.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 174
of Becker Professional Education Corporation or the copyright owner.
12
Effect of
Sarbanes-Oxley
on monitoring
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 176
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 178
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
• Organizational realignments
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 179
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 180
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 181
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
Key point:
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 182
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 183
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
• The committee may choose to use the head of internal audit or the
company's in-house counsel to assist with the monitoring of the reports
and investigations.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 184
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
– The reports will be public record and, if not furnished by the public
accounting firm upon request, can be obtained from the PCAOB or
the SEC.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 185
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 186
of Becker Professional Education Corporation or the copyright owner.
Effect of Sarbanes-Oxley on monitoring
Key point: The public accounting firm should take care of this issue; however,
the audit committee should monitor to ensure that the CPA firm is in compliance.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission 187
of Becker Professional Education Corporation or the copyright owner.
Thank you.
Thanks for viewing this
on demand course!
• Once you have successfully completed the final exam (70% or higher),
your CPE certificate will be immediately awarded for you to view, print,
or download.
The copyright in this material is owned by Becker Professional Education Corporation, or where specifically indicated, by the original creator of the material. None of this material may be
© Becker Professional Education Corporation. All rights reserved. copied, reproduced, republished, or displayed in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, or otherwise, without the prior written permission
of Becker Professional Education Corporation or the copyright owner.