Chapter 6 Flashcards
It is the control exercised within the business by management and overseen by the board. It also includes the control of activities that have been outsourced.
Internal Control
The control exercised over the business from outside - by owners and other stakeholders.
External Control
*Father of management theory
*first to describe “control” as a function of management along with other functions which he set (planning, organizing, commanding, coordinating, controlling)
Fayol
It comprises the plan of organization and the co-ordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.
Internal control
It comprises the plan of the organization and the procedures and records that are concerned with the safeguard of assets and the reliability of financial records.
Accounting control
It includes, but it not limited to, the plan of organization and the procedures and records that are concerned with the decision processes leading to management’s authorization of transactions.
Administrative control
(COSO) It is broadly defined as process, effected by the entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
* Effectiveness and efficiency of operations
* Reliability of financial reporting
* Compliance with applicable laws and regulations
Internal Control
3 Frameworks of Internal Control
COSO (US)
CoCo (Canada), and
Turnbull (UK)
Six (6) Internal Control Paradigms
- COSO on Internal Control
- Turnbull on Internal Control
- CoCo on Internal Control
- A systems/cybernetics model of Internal Control
- Control by Division with Supervision
- Control by Category
Control depends on each of the other functions of management. There is no control without: (5)
*Planning
*Organizing
*Directing and leading
*Staffing
*Co-ordinating
Three parties responsible for internal control:
- Board of Directors
- Management
- Other personnel
Overall Objective of Internal Control (COSO)
To provide reasonable assurance that the organization will achieve all of its objectives.
Five essential components of internal control (COSO)
- Control environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
It is to do with the “tone at the top” in terms of example set by top management and the board, whether they tend to override controls in their own interests and whether they act consistently and appropriately to wrongdoing.
Control environment
It includes the values, ethics, culture, and commitment of the organization and its members.
It embraces the policies of the board which relate to internal control (Code of business conduct, whistleblowing policy, internet security policy)
Control Environment
It can be regarded as the foundation component of the five essential internal control components.
Control Environment
Six (6) Elements of Control Environment (PCAOB)
*Integrity and ethical values
*Management’s philosophy and operating style
*Organizational structure
*Assignment of authority and responsibility
*Human resource policies and practices
*Competence of personnel
The identification of risk within a business should be an ongoing process sensitive to the implications of changed market conditions, operational workloads, macroeconomic parameters, and so on.
T
Identification of threats to the organization, their assessment or measurement and deciding how they should be responded to.
Risk Assessment
It refers to all procedures the organization operates which have a control purpose (locking doors, undertaking reconciliations and so on)
Control Activities
Two dimensions of control activities
- Establishment of a POLICY– defines what has to be done to achieve the related business objective.
- A PROCEDURE is required which defines the processes necessary to meet the policy requirements
It may be defined in the form of procedures, user manuals, job description, etc.
Control Activities
It can cater for flows in various directions, i.e. up the hierarchy, across functions or down through all layers of management and responsibility.
Internal communications
___ requirements will cater for both inward and outward flows.
External Communication
Who should undertake the responsibility for monitoring the internal control system?
Board
(Turnbull) The board should maintain a sound system of internal control to safeguard shareholders’ investments and the company’s assets.
Main Principle of Internal Control
Turnbull combines “control environment and control activities”
Difference to COSO
It is less “mechanical” and more “behaviroal” than the COSO internal control framework and, arguably, has advantages in application within organizations that are more participative and less hierarchical, as well as being a valuable control framework to use in control self assessment situations.
Canadian Institure of Chartered Accountants’ Criteria of Control Board (CoCo)
As defined in CoCo, it comprises those elements of an organization (including its resources, systems,
processes, culture, structure and tasks) that, taken together, support people in the achievement
of the organization’s objectives.
Internal Control
Objectives of internal Control (CoCo)
- Effectiveness and efficiency of operations
- Reliability of internal and external reporting
- compliance with applicable laws and regulations and internal policies
CoCo control framework components (4)
Purpose
Commitment
Capability
Monitoring & Learning
In any organization of people, the essence of control is purpose, commitment, capability, and monitoring and learning.
CoCo on Internal Control
It groups the criteria that provide a sense of the organization’s direction (what to do).
Purpose
It groups the criteria that provide a sense of the organization’s identity and values (wanting to do it)
Commitment
It groups the criteria that provide a sense of the organization’s competence (tools to do it)
Capability
It groups the criteria that provide a sense of the organization’s evolution (Are we doing it?)
Monitoring and learning
Two of the criteria within the “Capability” grouping
Information
Communication
This paradigm veiws the organizational process as analogous too, for instance, an air conditioning system.
Paradigm 4: A systems/cybernetics model of internal control
Three main elements of a system
Input
process
output
Basic Elements of a Control System
Control Object
Detector
Reference point
Comparator (analyser)
Activator
Feedback
Feedforward
This model of internal control is based on the premise that effective control may be achieved by means of an appropriate combination of various opportunities to “divide” (separate off or segregate), together with supervision.
Paradigm 5: Control by Division with supervision
Different Divisions opportunities that can be utilized
▪Division of Duties
▪Division of Fundamentally Incompatible Responsibilities
▪Division of Operations
▪Division of Staff
▪Division of Data
▪Division of Data Entry and Accounts Postings
▪Division of Authority
▪Division of Time
A particular type of control may be appropriate in certain circumstance, and indeed more than one of type of control may be needed to bear down effectively on a particular risk.
Paradigm 6: Control by Category
Different categories of Control
- Preventive
- Pre-emptive
- Directive
- Performance
- Detective
- Corrective
- Investigative
Objectives of Internal Control Processes (4)
To provide reasonable assurance of:
a. the reliability and integrity of financial and operational information
b. The effectiveness and efficiency of operations
c. the safeguarding of assets
d. compliance with laws, regulations, policies, and contracts