Internal Control Flashcards
Internal Control
Internal control is a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
What group produces the framework for internal controls?
The internal control framework that is most commonly used in the United States is “Internal Control—Integrated Framework” produced by COSO. In this, COSO separates internal control into five components: control environment, risk assessment process, control activities, information and communication, and monitoring. COSO is the Committee of Sponsoring Organizations of the Treadway Commission.
Segregation of Duties
When duties are separated, users cannot obtain a detailed knowledge of programs and computer operators cannot gain unsupervised access to production programs.
Corporate Culture
The corporate culture is an integral part of an organization’s control environment and thus presents risks that would appropriately be addressed by the internal audit function. An organization’s control environment and corporate culture are integral parts of its control structure.
Objectives of Internal Controls
Provide reasonable assurance that three things will be achieved:
Effectiveness and efficiency of operations
Reliability of financial reporting (internal and external)
Compliance with applicable laws and regulations
Fundamental Concepts
The purpose of internal control is to help the company achieve its objectives.
Internal control is an ongoing process.
Internal control is effected by people.
Internal control procedures can provide only reasonable assurance.
Internal control must be flexible in order to be adaptable to the entity’s structure.
Reasonable Assurance
An internal control system cannot provide reasonable assurance that operations objectives will actually be met.
It provides only reasonable assurance that management and the board of directors are made aware in a timely manner about the progress towards achieving operational objectives.
Who is interested in the IC of a Company?
Investors and potential investors External auditors Legislative and regulatory bodies Management Customers
Responsibility for Internal Control
COSO defined the responsibility to maintain and assess internal controls as follows:
The board of directors
The CEO
Senior managers
Financial officers and their staffs
Internal auditors
Virtually all employees are involved in internal control
Management’s Responsibility
It is management’s responsibility to establish the proper control environment and to design an overall internal control structure. Whereas management is responsible for establishing the proper control environment and designing an overall internal control structure, it is the responsibility of internal auditing to review the reliability and integrity of financial information and the means used to collect and report such information.Management’s responsibility is not to ensure that external and internal auditors adequately monitor the control environment, because monitoring the control environment is not a responsibility of auditors. Management’s responsibility is to monitor the control environment itself.lthough the board of directors has oversight responsibility, it is not the responsibility of the board of directors to design the controls.
Control Activities
Control activities are actions established by policies and procedures that help ensure that management’s instructions that are intended to limit risks to the achievement of the organization’s objectives are carried out.
Control Procedures
Feedback controls are used to review past performance when something has already gone wrong.
Preventive controls deter undesirable events from occurring.
Feedforward controls are control activities that detect the problem before it occurs.
Concurrent controls are in operation at the same time as the production process itself.
Example of a feedback control
Variance analysis.
Feedback controls identify when something has already gone wrong. Variance analysis reviews deviation from a standard, so therefore it is a feedback control.
Detective Control
Detective controls are designed to detect and correct undesirable event that have occurred. Received goods that are counted and compared with quantities on purchase order and receiving report is an example of a detective control. Segregation of duties is a preventive control. Review and approval of each procurement action is a preventive control. Prenumbered standard purchase order forms is a preventive control.
