Example: quiz answers

LEARNING OBJECTIVES

103 IDENTIFYINGRISKS ANDCONTROLS INBUSINESSPROCESSES4 LEARNINGOBJECTIVESA fter completing this chapter, you should understand:U1. internal control framework: OBJECTIVES and Execution, information systems, asset protection, andperformance Execution and information system risks associated with events in the acquisition and Record and update risks in a general ledger Workflow controls used to reduce completing this chapter, you should be able to:P1. Identify execution risks in acquisition and Identify risks associated with recording and Use narratives and activity diagrams to identify exist-ing controls and opportunities for additional 4 builds on the foundations in Chapter 2 and 3 to discuss risks and internal con-trols.

104 Part I Accounting Information Systems: Concepts and Tools The responsibility of managers for internal control has been made explicit in the Sarbanes-Oxley Act of 2002 and Standard No. 2 of the Public Company Accounting Oversight Board(PCAOB).1 Standard No. 2 requires management to prepare a statement describing and assessing the company’s internal control

Tags:

  Internal, Control, Sarbanes, Oxley, Learning, Objectives, Oxley act, Learning objectives, Internal control

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of LEARNING OBJECTIVES

1 103 IDENTIFYINGRISKS ANDCONTROLS INBUSINESSPROCESSES4 LEARNINGOBJECTIVESA fter completing this chapter, you should understand:U1. internal control framework: OBJECTIVES and Execution, information systems, asset protection, andperformance Execution and information system risks associated with events in the acquisition and Record and update risks in a general ledger Workflow controls used to reduce completing this chapter, you should be able to:P1. Identify execution risks in acquisition and Identify risks associated with recording and Use narratives and activity diagrams to identify exist-ing controls and opportunities for additional 4 builds on the foundations in Chapter 2 and 3 to discuss risks and internal con-trols.

2 Event analysis, introduced in Chapter 2, helps to identify risks. Activity diagrams,introduced in Chapter 3, are employed to document and evaluate workflow controls. Wewill continue to discuss internal control issues throughout the text. Read this chaptercarefully, as it provides the background for future discussion of internal this chapter, we discuss key internal control OBJECTIVES of organizations and therisks of not achieving these OBJECTIVES . We will explain how one can assess these risksusing concepts that were discussed in prior chapters related to transaction cycles, events,activities, and files.

3 Additionally a variety of internal control techniques to address therisks will be considered. The first part of the chapter focuses on internal control objec-tives and risk assessment. Later, attention is directed to control activities that can be usedto mitigate the text, an internal control icon is positioned in the margin close to thetext where internal control is discussed. Because this entire chapter is about internal con-trol, we place only one icon, to the left of this paragraph, to represent the ANDACCOUNTANTS ROLESI nternal controlis a process, effected by an entity s board of directors, management, andother personnel, designed to provide reasonable assurance regarding achievement ofobjectives in the following categories: effectiveness and efficiency of operations; reliabil-ity of financial reporting.

4 And compliance with applicable laws and good understanding of internal control is important to accountants as managers,users, designers, and evaluators of accounting systems. internal control / Auditing104 Part IAccounting Information Systems: Concepts and Tools The responsibility of managersfor internal control has been made explicit in theSarbanes- oxley Act of 2002 and Standard No. 2 of the Public CompanyAccounting Oversight Board(PCAOB).1 Standard No. 2 requires management toprepare a statement describing and assessing the company s internal control reports of public companies must now include (1) a statement that manage-ment is responsible for internal controls over financial reporting, (2) a statementidentifying the framework used by management to evaluate internal controls, (3) anassessment of internal controls and disclosure of any material weaknesses, and (4) astatement that a public accounting firm has issued an attestation report on manage-ment s assessment of internal control .

5 For the second requirement, a control frame-work such as the one described later in Key Point would be appropriate. Usersmust also understand a company s internal controls so that they can beapplied properly. As an example, management policy may require that invoicedetails should be verified against the packing slip and purchase order. Such a con-trol is effective only if the person responsible for recording invoices understands andperforms this verification. Accountants are also important in their role as designersof internal control proce-dures that lead to compliance with regulations and company OBJECTIVES .

6 They mustassess the risk of not achieving company and internal control OBJECTIVES and chooseor devise internal controls that can reduce the risks. In their role as evaluatiors, internal and external auditors must understand internalcontrol systems. internal auditors will play an important role in developing manage-ment s report that assesses internal controls, now required by PCAOB Standard External auditors need to understand internal controls so that they can preparean attestation to management s statement about internal control as required by thatstandard. Of course, they also need to understand internal controls so that theyconduct the audit of a company s financial statements.

7 Generally accepted auditingstandards have long required that auditors obtain a sufficient understanding ofinternal controls to plan the FORSTUDYINGINTERNALCONTROL: INTERNALCONTROLCOMPONENTS ANDOBJECTIVESC omponents of internal ControlKey Point displays five components of internal control . It is based on a 1992 report, internal control An Integrated Framework by the Committee of SponsoringOrganizations (COSO) of the Treadway Commission. Hereafter, we will refer to thereport as the COSO Report. This landmark report was used in developing Statement onAuditing Standard (SAS) 94,2which governed the auditor s assessment of internal con-trols as it relates to information technology.

8 It was also singled out in PCAOB AuditingStandard No. 2, as an example of a framework that would be useful to managers in eval-uating internal controls. 1 The sarbanes - oxley Act resulted in the establishment of the Public Company Accounting OversightBoard (PCOAB), which was empowered to propose auditing standards for publicly traded Security and Exchange Commission (SEC) must approve each standard to make it enforceable. ThePCOAB created Auditing Standard No. 2, An Audit of internal control Over Financial Reporting Per-formed in Conjunction With an Audit of Financial Statements.

9 It was approved by the SEC in ReleaseNo. 34-49884, on June 17, 2004. 2 Auditing Standards Board, SAS No. 94, The Effect of Information Technology on the Auditor s Con-sideration of internal control in a Financial Statement Audit, Journal of Accountancy(September2001): 131 Risks and Controls in Business ProcessesChapter 4 105As indicated in Key Point , the COSO Report identifies five interrelated compo-nents of internal control : (1) control environment, (2) risk assessment, (3) control activ-ities, (4) information and communication, and (5) monitoring.

10 Each component isbriefly described in the exhibit. We will emphasize the second, third, and fourth compo-nents because they are directly related to the use and design of accounting informationsystems. The second component, risk assessment, is discussed in the next section of thischapter. You will learn how to systematically identify risks in a business process. Thethird component, control activities, is addressed later in the chapter. Common internalcontrol techniques that reduce risks such as segregation of duties, prenumbered docu-ments, and many others will be discussed.


Related search queries