Internal Control Notes

AA 3201 STUDY NOTES 2

INTERNAL CONTROL A. Internal Control System – comprises policies, practices, and procedures employed by the organization. Objectives: (SEPMe) 1. Safeguard assets of the firm 2. Ensure accuracy and reliability of accounting records and information. 3. Promote efficiency in firm’s operations 4. Measure compliance with management’s prescribed policies and procedures. B. Modifying Assumptions (4) 1. Management Responsibility a. Establishment and maintenance of a system of internal control is a management responsibility b. Eminent in SOX legislation 2. Reasonable Assurance a. Reasonable assurance that the four broad objectives (SEPMe) are met in a cost-effective manner b. Cost-Benefit principle 3. Methods of Data Processing a. SEPMe should be achieved regardless of data processing method used. 4. Limitations a. Limitations on internal control effectiveness including (4): i. Possibility of error, ii. Circumvention – thru collusion or other means iii. Management Override – personal distortion of transactions or directing a subordinate to do so iv. Changing Conditions C. PDC CONTROL MODEL (Preventive-Detective-Corrective Internal Control Model) - Illustrates that the internal control shield is composed of three levels: preventive controls, and corrective models

Preventive

Detective

(first line of defense)

(second line of defense)

passive techniques designed to reduce the frequency of occurrence of undesirable events. force compliance with prescribed or desired actions; screens out abberant events Example: separation of duties, proper authorization, adequte documentation and control of assets

devices, techniques, and procedures designed to identify and expose undesirable events that elude preventive controls reveal specific types of errors by comapring actual occurences to pre-established standards identify anomalies and draw attention to them Examples: physical inventory checks, reviews of account reports and reconciliations, as well as assessments of current controls

Corrective actions taken to reverse the effects of errors detected in the previous step fix the problem detected error correction should be viewed as a separate control step to be taken cautiously include any measures taken to repair damage or restore resources and capabilities to their prior state following an unauthorized or unwanted activity

D. Standards, Legislations, and Regulatory Bodies 1. Philippine Standards on Auditing (PSAs) i. deals with the auditor's responsibility to form an opinion on the financial statements. It establishes the independent auditor's overall responsibilities when conducting an audit of financial statements. 2. Sarbanes-Oxley Act of 2002 i. requires management of public companies to implement an adequate system of internal controls over their financial reporting process ii. includes controls over transaction processing systems that feed data to the financial reporting systems 3. Securities and Exchange Commission 4. Committee of Sponsoring Organizations i. comprised of the AICPA, AAA, FEI, IMA, IIA E. COSO Internal Control Framework (aka SAS 78) – consists of five components (CRIMC): 1. Control Environment

DMOS

2.

3.

4. 5.

AA 3201 STUDY NOTES 2 a. Foundation for the other four components b. Sets the tone for the organization and influences the control awareness of its management and employees c. Elements:  Integrity and ethical values of mgt  Structure of the organization  Participation of the organization’s BOD and the audit committee  Management’s philosophy and operating style  Procedures for delegating responsibility and authority  Management’s methods for assessing performance  External influences  Organization’s policies and practices for managing human resources Risk Assessment a. Procedure done by an organization to identify, analyze, and manage risks relevant to financial reporting Information and Communication a. Refers to the accounting information system which consists of the records and methods used to initiate, identify, analyze, classify, and record the organization’s transactions and to account for the related assets and liabilities b. Elements:  Identify and record all valid economic transactions  Provide timely, detailed information  Accurately measure financial values  Accurately record transactions Monitoring a. Process by which the quality of internal control design and operation can be assessed Control Activities a. Actions that have been established by policies and procedures b. Help ensure that management’s directives regarding internal control are carried out c. Categories:

Physical Controls

IT Controls

(human activities)

(automated systems)

Transaction Authorization - all material transactions processed by the information system are valid and in accordance with mgt objectives Segregation of duties - minimize incompatible functions

Application controls - application specific; ensures the validity, completeness, and accuracy of financial transactions General controls - applies to all systems

Supervision - compensating control; assumes tht the firm employs competent and trusworthy personnel Accounting Records - source documents, journals, and legers; capture the economic essence of transactions; provides an audit trail of economic events Access control - ensures that only authorized personnel have access to the firm's assets Independent Verification - indepedent checks of the accounting system to identify errors and misrepresentations

DMOS