Professional Documents
Culture Documents
INS3116 - CHAPTER 2 - Internal Control Framework - COSO
INS3116 - CHAPTER 2 - Internal Control Framework - COSO
INS3116 - CHAPTER 2 - Internal Control Framework - COSO
1
Internal Audit Framework
COSO’S INTERNAL CONTROL FRAMEWORK…
FIVE INTER-RELATED STANDARDS:
Risk
Monitoring
Assessment
Control
Environment
Information & Control
Communication Activities
11-3
Copyright © 2017 Pearson Education, Ltd.
COMPONENTS OF INTERNAL
CONTROLS
Breakdown of internal
Monitor
control
Control
SWOT, PEST
► Insure
Risk assessment
► Accept
► Avoid
Control environment
DEFINITION
“Internal control is the process designed, implemented and maintained by those
charged with governance, management and other personnel to provide
reasonable assurance about the achievement of the entity’s objectives with
regard to:
• Reliability of financial reporting
• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations”.
WHY DO WE CARE?
TRUE & FAIR
STOPPED
WORKING
Accounting Data
FALSE
MANAGEMENT AND AUDITOR RESPONSIBILITIES FOR
INTERNAL CONTROL
Management’s Responsibilities for Establishing Internal
Control—Management must establish and maintain the
entity’s internal controls.
Internal control systems are designed with two concepts in
mind:
• Reasonable Assurance—Management designs a system that
provides reasonable assurance considering the costs involved.
• Inherent Limitations—
• No system of internal controls can be completely effective
• Effectiveness depends on the competency and dependability of
the employees
• Collusion is still possible
11-7
Copyright © 2017 Pearson Education, Ltd.
MANAGEMENT AND AUDITOR RESPONSIBILITIES
FOR INTERNAL CONTROL (CONT.)
11-8
Copyright © 2017 Pearson Education, Ltd.
MANAGEMENT AND AUDITOR RESPONSIBILITIES FOR
INTERNAL CONTROL (CONT.)
11-9
Copyright © 2017 Pearson Education, Ltd.
TYPE OF CONTROLS
Objectives of controls
• To prevent or detect misstatements in the financial report
• Support the automated parts of the business in the functioning of the controls
in place
Types of controls
• Manual controls
• Automated (or application) controls
• IT general controls (ITGC)
• IT- dependent manual controls
TYPE OF CONTROLS
1. CONTROL ENVIRONMENT
Foundation for all other standards of internal control.
Pervasive influence on all the decisions and activities of an
organization.
Effective organizations set a positive “tone at the top”.
Factors
include the integrity, ethical values and competence of
employees, and, management’s philosophy & operating style.
Examples of soft controls:
• Management philosophy
• Organizational structure
• Communication
• Competency of employees
2. RISK ASSESSMENT
Risks are internal & external events (economic conditions,
staffing changes, new systems, regulatory changes, natural
disasters, etc.) that threaten the accomplishment of objectives.
Risk assessment is the process of identifying, evaluating, and
deciding how to manage these events… What is the likelihood of
the event occurring? What would be the impact if it were to
occur? What can we do to prevent or reduce the risk?
Have any of you been through a risk assessment with Internal Audit or an outside party?
3. CONTROL ACTIVITIES
Tools - policies, procedures, processes -designed and
implemented to help ensure that management directives are
carried out.
Help prevent or reduce the risks that can impede the
accomplishment of objectives.
Occur throughout the organization, at all levels, and in all
functions.
Includes training, approvals, authorizations, verifications,
reconciliations, security of assets, reviews of operating
performance, and segregation of duties.
Types of Controls
• Preventative
• Detective
4. COMMUNICATION AND INFORMATION
Are cost-effective.
IMPORTANT CONCEPTS…
Internal control is a process;
Internal control is effected by people; it’s not merely policy manuals and
forms but people at every level of an organization.