chapter 4 internal controls copyright © 2010 by the mcgraw-hill companies, inc. all rights...
TRANSCRIPT
![Page 1: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/1.jpg)
Chapter 4Chapter 4
Internal Controls
Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin
![Page 2: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/2.jpg)
OutlineOutline
• Objectives
• Definition of internal control
• Internal control purposes
• Risk exposures
• COSO frameworks
• Examples
4-2
![Page 3: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/3.jpg)
ObjectivesObjectives
When you finish this chapter, you should be able to:– Define “internal control” and explain its importance in the
accounting information system
– Explain the basic purposes of internal control
– Describe and give examples of various kinds of risk exposures
– Conduct a comprehensive risk assessment
– Summarize and explain the importance of the COSO documents on internal control
– Critique existing internal control systems and design effective internal controls
4-3
![Page 4: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/4.jpg)
Definition of internal controlDefinition of internal control
Most definitions of internal control contain four common elements:– Internal control is a
process– Internal controls are
designed to provide reasonable assurance
– Internal control necessarily involves people in the organization
– Internal controls provide that reasonable assurance in a few common areas
4-4
![Page 5: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/5.jpg)
Internal control purposesInternal control purposes
Broadly speaking, internal controls should help organizations:– Safeguard their assets– Ensure the reliability of financial statements– Promote operating efficiency– Encourage compliance with management’s
directives
4-5
![Page 6: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/6.jpg)
Risk exposuresRisk exposures
One good way to start designing internal
controls is to think about an organization’s
risks. Among the many good ways to
think about risk is Brown’s taxonomy.
4-6
![Page 7: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/7.jpg)
Risk exposuresRisk exposures
• Operational risk– Systems risk: related to
information technology– Human error risk: people
in the organization might make mistakes
• Financial risk– Market risk: changes in
stock prices, investment values, interest rates
– Credit risk: customers’ unwillingness or inability to pay their debts
– Liquidity risk: insufficient cash to pay debts
4-7
![Page 8: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/8.jpg)
Risk exposuresRisk exposures
• Hazard riskOfficers’ and directors’
liability: people might break laws, resulting in personal penalties
• Strategic risks– Legal and regulatory
risk: people might break laws, resulting in penalties for the organization
– Business strategy risk: poor decision making related to market competition
4-8
![Page 9: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/9.jpg)
COSO frameworksCOSO frameworks
The Committee of Sponsoring Organizations
of the Treadway Commission (COSO)
developed frameworks related to internal
control (1985) and enterprise risk
management (2004).
4-9
![Page 10: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/10.jpg)
COSO frameworksCOSO frameworks
Internal Control: Integrated Framework– Control environment:
the tone at the top– Risk assessment:
using a taxonomy to identify organizational risks
– Control activities: actual responses to risk.
• Preventive, detective, corrective
• General, application
– Information and communication: keeping people informed
– Monitoring: periodic reviews and updates
In 2006, COSO published “Internal Control over Financial Reporting—Guidance for Smaller Public Companies” to provide
suggestions for implementing Internal Control: Integrated Framework.
4-10
![Page 11: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/11.jpg)
COSO frameworksCOSO frameworks
Enterprise Risk Management: Integrated Framework– Internal environment:
tone at the top– Objective setting:
organizational goals• Strategic• Reporting• Operations• Compliance
– Event identification: what can happen that may impede goals
• Internal• External
– Risk assessment: likelihood and impact
• Inherent• Residual
4-11
![Page 12: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/12.jpg)
COSO frameworksCOSO frameworks
Enterprise Risk Management: Integrated Framework (continued)– Risk response:
generic ways to deal with risk
• Avoid• Accept• Reduce• Share
– Control activities: specific procedures for responding to risk
– Information and communication: keep people informed about what’s happening with risk and the plan
– Monitoring: Ongoing activities and / or separate evaluations that ensure the plan is updated as needed
4-12
![Page 13: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/13.jpg)
ExamplesExamples
Although every organization’s approach to
internal control is slightly different, certain
controls are common in many
organizations. The following slides
contain some examples.
4-13
![Page 14: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/14.jpg)
ExamplesExamples
• Adequate documentation
• Background checks
• Back-up computer files
• Back-up power supplies
• Bank reconciliation
• Batch control totals
• Data encryption
• Document matching
• Edit checks
4-14
![Page 15: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/15.jpg)
ExamplesExamples
• Firewalls
• Insurance and bonding
• Internal audits
• Limit checks
• Lockbox systems
• Physical security
• Preformatted data entry screens
• Prenumbered documents
• Restrictive endorsements of checks
4-15
![Page 16: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/16.jpg)
ExamplesExamples
• Daily deposit of cash receipts
• Segregation of duties
• User training
All internal controls
have associated costs
—financial,
operational and
behavioral. The key
is ensuring that the
benefits outweigh the
costs.
4-16
![Page 17: Chapter 4 Internal Controls Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649dc45503460f94ab6cdb/html5/thumbnails/17.jpg)
4-17