06Introduction to Internal Control Systems PPT.ppt

1 Introduction to Internal Control SystemsIntroductionInternal Control Systems Definition FrameworkPreventive, Detective, and Corrective ControlsControl Activities within an Internal Control SystemCost-Benefit Concept for Developing ControlsIntroductionAn organization s financial resources canbe protected from loss, waste, or theft by developing an Internal Control systemimplementing it within its AISAn Internal Control system ensures reliable data processing promotes operational efficiencyIntroductionThis presentation defines:corporate governance, IT governance, and Internal controls. Internal ControlAn Internal Control system consists ofvarious methods designed and implementedseveral measures planned and executedIt aims to achieve four main objectives:to safeguard assets, to check the accuracy and reliability of accounting data, to promote operational efficiency, and to encourage adherence to prescribed managerial ControlInternal Control is a process effected by an entity s board of directors, management, and other reasonable assurance in: effectiveness and efficiency, reliability of financial reporting, and compliance with applicable lawsand regulationsInternal ControlObjectives of the Internal Control StructureThe objectives of the Control Structure are.

2 Safeguarding assetsChecking the accuracy and reliabilityof accounting dataPromoting operational efficiencyEncouraging adherence toprescribed managerial policiesBackground Informationon Internal ControlsThe key laws, professional guidance, and reports that focus on Internal controls are:Foreign Corrupt Practices Act 1977 Treadway Commission ReportSAS No. 55 1988 Committee of Sponsoring Organizations (COSO) Report 1992 SAS No. 78 1995 Control Objectives for Business and IT (COBIT) 1995 Information Federation for Information Processing 2001 Foreign Corrupt Practices ActIn 1977 the Foreign Corrupt PracticesAct (FCPA) was passed after awareness that foreign bribes were paid by publicly held companies to secure export sales understanding that bribes were made possible due to lax Internal controlsto heighten awareness in a sound internalcontrol of the Foreign Corrupt Practices ActThe FCPA requires thatpublicly held companies design and implement a system of Control proceduresThe Control system must provide assurance that:assets are accounted for appropriatelytransactions are in conformity to GAAP access to assets is properly controlledperiodic comparisons of existing assets to the accounting records are madeBackground of Internal ControlsResults of the FCPA.

3 The Treadway Commission to examine the causes of fraudulent financial reporting to give recommendations to reduce its occurrenceBackground of Internal ControlsThe Committee of Sponsoring Organizations (COSO) to develop a common definition for Internal Control to provide guidance for judging its effectivenessThe ISACF to examine the Internal Control area to produce Control Objectives for Information and Related Technology (COBIT).COBIT s definition of Internal Control :The policies, procedures, practices, and organizational structures are designed to provide assurance that business objectives will be achieved undesired events will be prevented, detected and of Internal ControlsComponents of Internal ControlControl EnvironmentRisk AssessmentControl ActivitiesInformation andCommunicationMonitoringThe Control EnvironmentThe Control Environmentestablishes the tone of a company, influences the Control awareness of the included within the Control environment are.

4 Integrity, ethical values and competence of employeesManagement philosophy and operating styleAssignment of authority and responsibilityThe attention and direction provided by theboard of directorsRisk AssessmentRisk assessment involvesthe consideration of the risk factor recognition that every organization facesrisks to its successrecognition that the sources are Internal and external Identification, analysis and actionto achieve the company s goalsControl ActivitiesControl activities:are the policies and procedures that ensure management directives are carried out, protection of the assets of the firm include a combination of manual controls automated controls. Can be categorized as approvals, authorizations, verifications, reconciliations, reviews of operatingperformance, and segregation of ActivitiesInformation and CommunicationInformation refers to theaccounting system , which records, processes, Summarizes,reports a company s transactions, and maintains accountability for assets,liabilities, and and CommunicationCommunication helps personnelunderstand their roles and responsibilities to Internal Control and over financial is the process that assesses the qualityof Internal Control performance over time involves evaluating the design and operation of controls on a timely basis.

5 Initiating corrective action when specific controls are not functioning Risk Management Framework Internal EnvironmentObjective SettingEvent IdentificationRisk AssessmentRisk ResponseControl ActivitiesInformation & CommunicationMonitoringBusiness UnitSubsidiaryDivisionControl Procedures AnalysisControl Procedures can be classified asPreventive Controls to prevent some potential problem fromoccurring when an activity is performedDetective Controls to discover the occurrence of adverse eventssuch as operational inefficiencyCorrective controls to remedy problems discovered throughdetective of Preventive and Detective ControlsPreventive and detective Control procedures should not be treated as mutually ActivitiesWithin an Internal Control system arethe following features a good Audit Trailsound personnel policies and competent employeesseparation of dutiesphysical protection of assetsinternal reviews of controls by Internal audit subsystemTimely Performance ReportsGood Audit TrailAn audit trailenables auditors and accountants to follow the transaction data from the initial source documents to the final disposition in a financial report and detect, in the processing data errors and irregularitiesSound Personnel PoliciesExamples of sound personnel policies are.

6 Specific hiring proceduresTraining programsGood supervisionFair and equitable guidelines foremployees salary increasesSound Personnel PoliciesRotation of certain key employees in different jobsEnforced vacationsInsurance coverage on those employees who handle liquid assetsRegular performance reviewsSeparation of DutiesSegregating activities and responsibilities of employeesallows different people to perform various tasksof a specific main functions that should be kept separate are custodyof assets recordingtransactions, and authorizingtransactions. Physical Protection of AssetsProtection of assets iskeeping a company s assets in a safe physical location minimizing the risk of damage to the assets or avoiding theft by employeesor outsidersPhysical Protection of AssetsExamples of accounting Control procedurea voucher system protects against unauthorized cash petty cash fund is used for small expenditures where writing a check would be Reviews of ControlsInternal auditis a service function within many large companiesreport to high-level management or to the board of directors in order to remain independent and objective as a separate subsystemperform periodic reviews, called operational audits.

7 On each department to evaluate the efficiency and effectiveness of that particular departmentTimely Performance ReportsPerformance reportsprovide information to management on efficiency of the Internal controls and effectiveness of the Internal controlsThese reports should provide timely feedback tomanagement on the success of the Internal controls or failure of the Internal Concept for Developing ControlsA cost-benefit analysisshould be conducted to make sure that the benefitsof planned controls exceed the cost of implementingthem in the are considered cost-effective when their anticipated benefits exceed their anticipated ideal Control is a Control procedure that reducesto practically zero the risk of an undetected error or Benefit AnalysisThe benefits of additional Control proceduresresult from risk of loss reductions. should include a measure of loss the exposure (potential loss associated with a Control problem) and risk (probability that the Control problem will occur).

8 Are calculated as Expected loss = risk * exposur