Acct 316 Acct 316 Control and Accounting Information

  • Slides: 98
Download presentation
Acct 316 Acct 316 Control and Accounting Information Systems Chapter Acct 316 7 UAA

Acct 316 Acct 316 Control and Accounting Information Systems Chapter Acct 316 7 UAA – ACCT 316 Accounting Information Systems Dr. Fred Barbee

Acct 316 Acct 316 Acct 316 Introduction to Internal Control

Acct 316 Acct 316 Acct 316 Introduction to Internal Control

Internal Control. . . Can an information system operate without internal controls? Acct 316

Internal Control. . . Can an information system operate without internal controls? Acct 316 Perhaps. Will the organization attain its objectives? Perhaps.

Acct 316 Acct 316 Why Internal Control? Acct 316

Acct 316 Acct 316 Why Internal Control? Acct 316

Why Controls. . . To Ensure system goals are achieved Acct 316 To Lessen

Why Controls. . . To Ensure system goals are achieved Acct 316 To Lessen the risk of unwanted outcomes

Controls. . . Acct 316 What are the goals that internal control is designed

Controls. . . Acct 316 What are the goals that internal control is designed achieve? What are the typical business risks that the organization should try to avoid? to

Acct 316 Acct 316 Acct 316 What are the goals that internal control is

Acct 316 Acct 316 Acct 316 What are the goals that internal control is designed to help achieve? Question

Internal Control Goals n The National Commission on Fraudulent Financial Reporting Acct 316 Appointed

Internal Control Goals n The National Commission on Fraudulent Financial Reporting Acct 316 Appointed n The Committee of Sponsoring Organizations (COSO) n To study internal control

Internal Control Goals n COSO entity objectives. . . ΠOperations Acct 316 -

Internal Control Goals n COSO entity objectives. . . Œ Operations Acct 316 - relating to effective and efficient use of an entity’s resources. Financial Reporting - relating to preparation of reliable financial reports. Compliance - relating to the entity’s compliance with applicable laws and regulations.

Acct 316 Acct 316 Acct 316 What are the typical business risks that an

Acct 316 Acct 316 Acct 316 What are the typical business risks that an organization should try to avoid? Question

What is Risk? n. The dictionary defines risk as. . . Acct 316 Hazard;

What is Risk? n. The dictionary defines risk as. . . Acct 316 Hazard; peril; exposure to loss or injury. n. What is an exposure?

Exposure. . . the potential financial effect of an event multiplied by its probability

Exposure. . . the potential financial effect of an event multiplied by its probability of occurrence. Potential Financial Effect of an Event Probability of Occurrence Exposure

Risk Analysis THREAT * EXPOSURE * RISK = EXPECTED LOSS

Risk Analysis THREAT * EXPOSURE * RISK = EXPECTED LOSS

Risk Analysis Internal Controls THREAT * EXPOSURE * RISK = EXPECTED LOSS

Risk Analysis Internal Controls THREAT * EXPOSURE * RISK = EXPECTED LOSS

Controls. . . An exposure consists of the potential financial effect of an event

Controls. . . An exposure consists of the potential financial effect of an event multiplied by its probability of occurrence. Potential Financial Effect of an Event $5, 000 Probability of Occurrence X 5% Exposure = $250, 000

Direct Material Variances n An example of a control system in accounting AQ X

Direct Material Variances n An example of a control system in accounting AQ X AP AQ X SP Rate Variance SQ X SP Quantity Variance

Acct 316 Acct 316 Common Business Exposures Acct 316

Acct 316 Acct 316 Common Business Exposures Acct 316

Common Business Exposures Erroneous Record Keeping Unacceptable Accounting Business Exposures Business Interruptions Erroneous Management

Common Business Exposures Erroneous Record Keeping Unacceptable Accounting Business Exposures Business Interruptions Erroneous Management Decisions

Common Business Exposures Fraud and Embezzlement Statutory Sanctions Business Exposures Excessive Costs Loss/Destruction Of

Common Business Exposures Fraud and Embezzlement Statutory Sanctions Business Exposures Excessive Costs Loss/Destruction Of Resources Competitive Disadvantage

Acct 316 Acct 316 Acct 316 What are the legal responsibilities of management? Or,

Acct 316 Acct 316 Acct 316 What are the legal responsibilities of management? Or, what are we supposed to do?

The SEC. . . Acct 316 The establishment and maintenance of a system of

The SEC. . . Acct 316 The establishment and maintenance of a system of internal controls is an important management obligation.

The SEC. . . Acct 316 A fundamental aspect of management’s stewardship responsibility is

The SEC. . . Acct 316 A fundamental aspect of management’s stewardship responsibility is to provide shareholders with reasonable assurance that the business is adequately controlled.

The SEC. . . Acct 316 Additionally, management has a responsibility to furnish shareholders

The SEC. . . Acct 316 Additionally, management has a responsibility to furnish shareholders and potential investors with reliable financial information on a timely basis.

Legal Responsibilities Acct 316 n. Management is legally responsible nfor establishing and maintaining an

Legal Responsibilities Acct 316 n. Management is legally responsible nfor establishing and maintaining an adequate system of internal control.

The SEC. . . Acct 316 An adequate system of internal control is necessary

The SEC. . . Acct 316 An adequate system of internal control is necessary to management’s discharge of these obligations.

Acct 316 OK, so what if management doesn’t do this. What then?

Acct 316 OK, so what if management doesn’t do this. What then?

Enter. . . The Foreign Corrupt Practices Act

Enter. . . The Foreign Corrupt Practices Act

FCPA Legal Requirement Acct 316 Make and keep books, records, and accounts that, in

FCPA Legal Requirement Acct 316 Make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the transactions of the registrant and the disposition of its assets.

FCPA Legal Requirement Design and maintain Acct 316 a system of internal accounting controls

FCPA Legal Requirement Design and maintain Acct 316 a system of internal accounting controls sufficient to provide reasonable assurances that certain specified objectives are met.

Acct 316 Acct 316 The Internal Control Structure. . . Acct 316 What is

Acct 316 Acct 316 The Internal Control Structure. . . Acct 316 What is Internal Control?

Standards of Field Work Acct 316 The Field Work standards are so named because

Standards of Field Work Acct 316 The Field Work standards are so named because they pertain primarily to the conduct of the audit at the client’s place of business; that is, in the field.

Second Standard of Field Work Acct 316 A sufficient understanding of the internal control

Second Standard of Field Work Acct 316 A sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.

Acct 316 Acct 316 Defining Internal Acct 316 Reviewing the Control Literature

Acct 316 Acct 316 Defining Internal Acct 316 Reviewing the Control Literature

1949 Committee on Auditing Procedure Acct 316 A system of internal control should be

1949 Committee on Auditing Procedure Acct 316 A system of internal control should be designed to achieve objectives that are both operational and accounting in nature.

Defining Internal Control The 1958 definition was the first to differentiate between Acct 316

Defining Internal Control The 1958 definition was the first to differentiate between Acct 316 accounting controls and administrative controls, A distinction that is very important to independent auditors.

In 1963, chapter 5 of Statement on Auditing Procedure No. 33 attempted to clarify

In 1963, chapter 5 of Statement on Auditing Procedure No. 33 attempted to clarify the distinction between administrative and accounting controls, stating that the independent auditor is primarily concerned with the latter when applying generally accepted auditing standards.

After 1963, there continued to be confusion concerning the scope of the auditor’s responsibility

After 1963, there continued to be confusion concerning the scope of the auditor’s responsibility as it related to safeguarding of assets and the reliability of financial statements.

Acct 316 Acct 316 So. . . What is Internal Control? Acct 316

Acct 316 Acct 316 So. . . What is Internal Control? Acct 316

Cohen Commission Report Acct 316 Published annual reports should contain a report in which

Cohen Commission Report Acct 316 Published annual reports should contain a report in which corporate management discloses the condition of the company’s internal control system.

Acct 316 Acct 316 Internal Control Acct 316 Some Recent Additions

Acct 316 Acct 316 Internal Control Acct 316 Some Recent Additions

Internal Control. . . Acct 316 Information Systems Audit and Control Foundation – Control

Internal Control. . . Acct 316 Information Systems Audit and Control Foundation – Control Objectives for Information and Related Technology COBIT

COBIT Audience: Management; Users; IS Auditors Focus: Information Technology Responsibility: Management Size: 187 Pages

COBIT Audience: Management; Users; IS Auditors Focus: Information Technology Responsibility: Management Size: 187 Pages – 4 Documents

Internal Control Viewed as: Acct 316 A set of processes including policies, procedures, practices,

Internal Control Viewed as: Acct 316 A set of processes including policies, procedures, practices, and organizational structure. www. isaca. org/bkr_cbt 3. htm

Internal Control Objectives Effective & efficient operations Confidentiality Acct 316 Integrity & availability of

Internal Control Objectives Effective & efficient operations Confidentiality Acct 316 Integrity & availability of information Reliable financial reporting Compliance with laws and regulations

Internal Control. . . Acct 316 Institute of Internal Auditors Research Foundation’s Systems Auditability

Internal Control. . . Acct 316 Institute of Internal Auditors Research Foundation’s Systems Auditability and Control (SAC)

Systems Auditability and Control Audience: Internal Auditors Focus: Information Technology Responsibility: Management Size: 1,

Systems Auditability and Control Audience: Internal Auditors Focus: Information Technology Responsibility: Management Size: 1, 193 pages in 12 modules

Internal Control Viewed as. . . Set of processes, subsystems, and people. Acct 316

Internal Control Viewed as. . . Set of processes, subsystems, and people. Acct 316 www. theiia. org

Internal Control Objectives Effective & efficient operations Reliable financial reporting Acct 316 Compliance with

Internal Control Objectives Effective & efficient operations Reliable financial reporting Acct 316 Compliance with laws and regulations

Internal Control. . . Acct 316 The Committee of Sponsoring Organizations of the Treadway

Internal Control. . . Acct 316 The Committee of Sponsoring Organizations of the Treadway Commission Internal Control – Integrated Framework

COSO Audience: Management Focus: Overall Entity Responsibility: Management Size: 353 pages in 4 volumes

COSO Audience: Management Focus: Overall Entity Responsibility: Management Size: 353 pages in 4 volumes

COSO Internal control viewed as a process. Acct 316 www. coso. org

COSO Internal control viewed as a process. Acct 316 www. coso. org

COSO Internal control objectives: Effective and efficient operations Acct 316 Reliable financial reporting Compliance

COSO Internal control objectives: Effective and efficient operations Acct 316 Reliable financial reporting Compliance with laws and regulations

Internal Control. . . Acct 316 American Institute of Certified Public Accountants – Consideration

Internal Control. . . Acct 316 American Institute of Certified Public Accountants – Consideration of the Internal Control Structure in a Financial Statement Audit (SAS 55)

SAS 55 & SAS 78 Audience: External Auditors Focus: Financial Statement Responsibility: Management Size:

SAS 55 & SAS 78 Audience: External Auditors Focus: Financial Statement Responsibility: Management Size: 63 pages in 2 documents

SAS 55/78 Internal control viewed as a process. Acct 316 www. aicpa. org

SAS 55/78 Internal control viewed as a process. Acct 316 www. aicpa. org

SAS 55/78 Internal control objectives: Effective and efficient operations Acct 316 Reliable financial reporting

SAS 55/78 Internal control objectives: Effective and efficient operations Acct 316 Reliable financial reporting Compliance with laws and regulations

Acct 316 Acct 316 National Commission on Fraudulent Financial Reporting Acct 316 The Treadway

Acct 316 Acct 316 National Commission on Fraudulent Financial Reporting Acct 316 The Treadway Commission

Treadway Commission Emphasized the importance of internal control. Specifically. . . Acct 316 The

Treadway Commission Emphasized the importance of internal control. Specifically. . . Acct 316 The control environment; Codes of conduct; Audit committees; and The internal audit function

Treadway Commission Acct 316 The commission reaffirmed the Cohen Commission’s call for management reports

Treadway Commission Acct 316 The commission reaffirmed the Cohen Commission’s call for management reports on the effectiveness of its internal controls.

COSO Report. . . Acct 316 COSO’s final report “Internal Control – Integrated Framework”

COSO Report. . . Acct 316 COSO’s final report “Internal Control – Integrated Framework” was issued in September 1992 4 volumes 453 pages Thousands of hours of work

COSO Report. . . Acct 316 Provides a common definition of internal control to

COSO Report. . . Acct 316 Provides a common definition of internal control to meet the needs of diverse users. Provides a framework against which entities can assess and improve their internal control systems.

Acct 316 Acct 316 Internal Control. . . Acct 316 The COSO Definition

Acct 316 Acct 316 Internal Control. . . Acct 316 The COSO Definition

COSO Internal control is a process, effected by an entity’s board of directors, management,

COSO Internal control is a process, effected by an entity’s board of directors, management, and other personnel,

COSO designed to provide reasonable assurance regarding the achievement of objectives in the following

COSO designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

COSO Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws

COSO Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations.

COSO Key Concepts Internal control is a process. It is a means to an

COSO Key Concepts Internal control is a process. It is a means to an end, not an end in itself. Internal control is effected by people. It’s not merely policy manuals and forms, but people at every level of an organization.

COSO Key Concepts Internal control can be expected to provide only reasonable assurance, not

COSO Key Concepts Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more overlapping categories.

COSO It consists of several interrelated components, with integrity, ethical values; competence, and the

COSO It consists of several interrelated components, with integrity, ethical values; competence, and the control environment, serving as the foundation for the other components.

COSO Coso’s Components 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information

COSO Coso’s Components 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information & Communication 5. Monitoring

COSO Integrated Framework Acct 316

COSO Integrated Framework Acct 316

Control Environment Commitment to integrity and ethical values; Acct 316 Management’s philosophy and operating

Control Environment Commitment to integrity and ethical values; Acct 316 Management’s philosophy and operating style; Organizational structure The audit committee of the board of directors.

Control Environment Methods of assigning authority and responsibility. Acct 316 Human resources policies and

Control Environment Methods of assigning authority and responsibility. Acct 316 Human resources policies and practices External influences

COSO Integrated Framework Acct 316

COSO Integrated Framework Acct 316

Risk Assessment Identification of risks Acct 316 Analysis of risks Management of risks

Risk Assessment Identification of risks Acct 316 Analysis of risks Management of risks

Typical Sources of Risk Clerical and Operational employees Acct 316 Computer programmers Managers and

Typical Sources of Risk Clerical and Operational employees Acct 316 Computer programmers Managers and Accountants Former Employees Customers and Suppliers

Typical Sources of Risk Competitors Acct 316 Outside persons Acts of Nature

Typical Sources of Risk Competitors Acct 316 Outside persons Acts of Nature

Types of Risks Unintentional Errors Deliberate Errors (Fraud) Acct 316 Unintentional Losses of Assets

Types of Risks Unintentional Errors Deliberate Errors (Fraud) Acct 316 Unintentional Losses of Assets Thefts of Assets Breaches of Security Acts of violence and Natural Disasters

Factors That Increase Risk Exposure Frequency Vulnerability Acct 316 Size of the potential loss

Factors That Increase Risk Exposure Frequency Vulnerability Acct 316 Size of the potential loss

Problem Conditions Affecting Risk Exposures Collusion Computer Crime Acct 316 Lack of Enforcement

Problem Conditions Affecting Risk Exposures Collusion Computer Crime Acct 316 Lack of Enforcement

COSO Integrated Framework Acct 316

COSO Integrated Framework Acct 316

Control Activities Proper authorization of transactions and activities Acct 316

Control Activities Proper authorization of transactions and activities Acct 316

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties

Segregation of Duties Authorization Recording Must Be Separate Custody

Segregation of Duties Authorization Recording Must Be Separate Custody

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design and use of adequate documents and records

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design and use of adequate documents and records Adequate safeguards of assets & records

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design

Control Activities Acct 316 Proper authorization of transactions and activities Segregation of duties Design and use of adequate documents and records Adequate safeguards of assets & records Independent checks on performance.

COSO Integrated Framework Acct 316

COSO Integrated Framework Acct 316

Information and Communication Identify, assemble, analyze, classify, record and report transactions Acct 316 Maintain

Information and Communication Identify, assemble, analyze, classify, record and report transactions Acct 316 Maintain accountability for assets and liabilities Open and well-defined lines of communication

COSO Integrated Framework Acct 316

COSO Integrated Framework Acct 316

Monitoring Effective supervision Responsibility accounting Acct 316 Internal auditing

Monitoring Effective supervision Responsibility accounting Acct 316 Internal auditing

COSO Integrated Framework

COSO Integrated Framework

Acct 316 Acct 316 Internal Control. . . Acct 316 Classifications

Acct 316 Acct 316 Internal Control. . . Acct 316 Classifications

Preventive, Detective, and Corrective Controls Input Process Output Sensor Corrective Controls Benchmark Detective and

Preventive, Detective, and Corrective Controls Input Process Output Sensor Corrective Controls Benchmark Detective and Corrective Controls

Control Classifications By Objectives Administrative By Settings General Accounting Application Input Processing Output By

Control Classifications By Objectives Administrative By Settings General Accounting Application Input Processing Output By Risk Aversion Corrective Preventive By System Architectures Manual Systems Computer Based Systems Batch Processing Online Processing Data Base Detective

Acct 316 Acct 316 Internal Control. . . Acct 316 Some Common Grounds

Acct 316 Acct 316 Internal Control. . . Acct 316 Some Common Grounds

Some Common Ground ŒA system of internal control is not an end in itself.

Some Common Ground ŒA system of internal control is not an end in itself. Acct 316 It is, rather, a means to an end. Internal control is a system Clearly defined goals Interrelated components acting in concert to achieve those goals.

Some Common Ground Establishing a viable internal control system in management’s responsibility. Acct 316

Some Common Ground Establishing a viable internal control system in management’s responsibility. Acct 316 The strength of any internal control system is largely a function of the people who operate it.

Some Common Ground Acct 316 Internal control cannot be expected to provide 100% assurance

Some Common Ground Acct 316 Internal control cannot be expected to provide 100% assurance that the organization will reach its objectives. ‘ Internal control is not “free; ” it has a cost associated with it.