Core concepts of accounting information systems 13 by simkin norman chapter 13

Internal Control Systems • Provides reasonable assurance – Effectiveness and efficiency of operations – Reliability of financial reporting... Internal Control System Objectives • Safegu

Trang 1

Prepared by Paula Funkhouser University of Nevada, Reno

Core Concepts of Accounting Information Systems, 13th Edition

Mark G Simkin ● Jacob M Rose ● Carolyn S Norman

Introduction to Internal Control

Systems

Chapter 13

Trang 2

• Updates on Risk Assessment

• Examples of Control Activities

• Update on Monitoring

• 2011 COBIT, Version 5

• Types of Controls

• Evaluating Controls

Trang 3

Internal Control Systems

• Definition

– Policies, plans, and procedures

– Implemented to protect a firms assets

Trang 4

Internal Control Systems

• Provides reasonable assurance

– Effectiveness and efficiency of operations

– Reliability of financial reporting

Trang 5

Internal Control System

Objectives

• Safeguard assets

• Check the accuracy and reliability of accounting data

• Promote operational efficiency

• Enforce prescribed managerial policies

Trang 6

Study Break #1

This term describes the policies, plans, and procedures

implemented by a firm to protect the assets of the organization

A Internal control

B SAS No 94

C Risk assessment

D Monitoring

Trang 7

B Promote firm profitability

C Promote operational efficiency

D Encourage employees to follow managerial policies

Trang 9

Components of Internal Control – COSO 1992

• Control Environment

– Management’s oversight, integrity, and ethical principles– Attention and direction by board of directors

– Management’s philosophy and operating style

– Method of assigning authority and responsibility

– Method of organizing and developing employees

Trang 10

Components of Internal Control

– COSO 1992

• Risk Assessment

– Identify organizational risks

– Analyze potential of risks (cost and occurrence)

– Cost-benefit analysis

• Control Activities

– Policies and procedures

– Manual and automated

Trang 11

– COSO 1992

• Information and Communication

– Inform employees

– Roles and responsibilities

– Importance of good working relationships

• Monitoring

– Evaluation of internal controls

– Initiate corrective action when necessary

Trang 12

2013 COSO Report

• Supercedes 1992 COSO Report

• Added to Five Components of Internal Control

– Improve governance

– Use framework beyond financial reporting

– Improve quality of risk assessment

– Strengthen anti-fraud efforts

– Adapt controls to changing business requirements

Trang 13

2004 COSO Enterprise Risk

Management Framework

• Emphasizes enterprise risk management

• Includes COSO (1992) control components

• Three new components

– Objective setting

– Event identification

– Risk response

Trang 14

2004 COSO Enterprise Risk

Management Framework

Trang 15

– COSO 2004

• Objective Setting

– Strategic – high level goals and mission

– Operations – day-to-day efficiency, performance, and

profitability

– Reporting – internal and external

– Compliance – laws and regulations

Trang 16

Trang 17

Risk Assessment Worksheet

Trang 18

COSO’s 2010 Report on ERM

• Commissioned survey called Enterprise Risk

Management Initiative

• Survey targeted utilization of COSO ERM

Framework

– Theoretically sound

– 65% fairly or very familiar with framework

– Board had not assigned risk oversight in over half of organizations

– State of ERM is relatively immature

Trang 20

Study Break #4

Which of the following is not one of the three additional

components that was added in the 2004 COSO Report?

A Objective setting

B Risk assessment

C Event identification

D Risk response

Trang 21

Examples of Control Activities

• Sound Personnel Policies and Practices

• Separation of Duties

• Physical Protection of Assets

• Reviews of Operating Performance

Trang 22

Good Audit Trail

• Use of Audit Trail

– Follow path of data recorded in transaction

– Initial source documents to final disposition of data

– Data on reports back to source documents

• Purpose of Audit Trail

– Verify accuracy of recorded transactions

– Detect errors and irregularities

Trang 23

Sound Personnel Policies

Trang 24

Separation of Duties

– Structure of work assignments

– One employee’s work checks the work of another

• Separate Related Activities

– Authorizing transactions

– Recording transactions

– Maintaining custody of assets

Trang 25

Physical Protection of Assets

• Inventory Controls

– Stored in safe location with limited access

– Utilization of Receiving Report

• Document Controls

– Protecting valuable organizational documents

– Corporate charter, major contracts, blank checks, and SEC registration statements

Trang 26

Receiving Report

Trang 27

Physical Protection of Assets

• Cash Control

– Most susceptible to theft and human error

– Fidelity bond coverage

– Use checks for cash disbursements

– Deposit the daily cash receipts intact

Trang 28

Disbursement Voucher

Trang 29

Reviews of Operating

Performance

• Internal Audit Function

– Reports to Audit Committee of Board of Directors

– Independent of other subsystems

Trang 30

A Analysis, authorizing, transactions

B Custody, monitoring, detecting

C Recording, authorizing, custody

D Analysis, recording, transactions

Trang 32

– Meet stakeholders needs

– Cover enterprise end-to-end

– Apply a single integrated framework

– Enable holistic approach

– Separate governance from management

Trang 33

COBIT and Val IT Integration

Trang 35

Evaluating Controls

• Requirements of Sarbanes-Oxley Act

– Statement of management responsibility for internal control structure

– Assessment of effectiveness of internal control structure

– Attestation of auditor on accuracy of management’s

assessment

Trang 36

Cost-Benefit Analysis

Trang 37

A Risk Matrix

Định dạng
Số trang	37
Dung lượng	1,3 MB