Internal Controls

Question 1

What is internal control? (3)

Answer 1

a process designed to provide reasonable assurance of achieving the following: COG

• generating reliable financial accounting information
• complying with applicable laws and regulations
• operating efficiently and effectively

Question 2

Why is internal control important?

Answer 2

The client’s internal control system exists to: III

• identify and manage risks
• implement corporate governance (maps out responsibilities and accountabilities
• implement and maintain corporate strategy (are top management’s goals, initiatives carried out by employees)

Question 3

5 COSO cube main ideas (provides reasonable, but not absolute assurance)

Answer 3

MIRCC

• Monitoring activities
• Information and communication
• Risk assessment
• Control activities
• Control environment

Question 4

What is the foreign corrupt policies act?

Answer 4

• if you’re a corporation, you cannot bribe foreign government
• if you’re a foreign corp registered in the US, you must follow this also

Question 5

What are the common control activities (6)?

Answer 5

• segregation of duties
• authorization procedures
• documentation
• physical controls to safeguard assets
• reconciliations
• competent trustworthy employees

Question 6

Some important IT controls…

Answer 6

• authorization for users
• input controls
• self-checking digits

Question 7

What is effective internal control?

Answer 7

• reduces the risk of failing to achieve an objective to a reasonable level
• does not eliminate risk
• reduces risk to the organization’s risk appetite
• the five components must be operating together

Question 8

Is enterprise risk management separate from internal controls?

Answer 8

YES, yet we still use IC to support goals/policies that are set

Question 9

How do auditor reports on internal control differ?

Answer 9

They differ based on the type of company (small, big, public, private)

Question 10

When was reporting on internal controls required?

Answer 10

In 2002, after the sarbanes oxley act

Question 11

How did auditors used to handle internal controls?

Answer 11

They assumed the largest control risk (assumed that controls were bad)
Then, had to make sure that detection risk was low by increasing substantive testing (need more tests, bigger sample size, specific staff members)
Inspecting doesn’t involve improvement aspect, shows the big picture but not the details

Question 12

How must we implement total quality management (TQM)?

Answer 12

Check for quality and internal control each step of the way. Auditors pre-SOX did not realize they cannot see via inspection alone

Question 13

What is the cost of control?

Answer 13

• control is not free, we might have to forgo a sale because of controls
• their is a cost to developing, implementing, and monitoring controls
• these costs GENERALLY DO NOT INCREASE REVENUE
• benefits are hard to see
• also a strategic cost (a competitor could spend the money on something else and beat you out of business)

Question 14

What must management’s report include according to SOX?

Answer 14

• statement of management’s responsibility
• identify the framework used (usually COSO)
• assessment of the effectiveness of the company’s internal controls
• description of any material deficiencies in internal controls

Question 15

Why mandate internal controls?

Answer 15

Addresses the problem of some business implementing internal controls and others not investing.
All are forced to have minimum controls, so no one has a short-term cost advantage.

Question 16

Who must have an audit of their internal controls? (this can be an integrated audit with financial reporting)

Answer 16

Large public companies must have an audit of their internal controls (>75 million in public float)
Small public companies must still have a management report, but it does not have to be audited

Question 17

What did the Jobs Act of 2012 do?

Answer 17

• said that large IPO companies do not have to have an audit of internal controls
• these companies with less than 1 billion in sales do not have to have an audit if IC for the first 5 years
• gives short term advantage to little companies to start up
• frees up cash for investing in other things
• we need IPOs to grow our economy (some companies might volunteer the IC report to get more investors)

Question 18

Why mandate manager and auditor IC reports?

Answer 18

• protect the capital markets
• forces managers to take responsibility for internal controls
• audit report gives teeth to management report because of its third party objectivity

Question 19

Are private company internal control reports available to third parties?

Answer 19

NO, only available to management and those responsible for corporate governance.

Question 20

What is a deficiency according to the SEC? What are the indicators of a deficiency?

Answer 20

There are a combination of deficiency in internal control such that there is a reasonable possibility that a material misstatement of the company’s financial statements will not be prevented or detected on a timely basis?
Indicators: nature of account, susceptibility to fraud, subjectivity, complexity, relationship with other controls, future consequences