Chapter 9: Internal Controls

Internal control

Internal control minimizes risk and helps a company achieve its objectives

Good internal control ensures:

Reliability of information

Safeguarding of assets

Compliance

Efficiency of operations

Regulatory Background

Foreign corrupt practices (FCPA)

Prevent companies from bribing foreign officials to obtain business

Requires all publicly owned corporations to maintain a system of internal accounting controls

Sarbanes- Oxley

Prevent financial statement fraud

COBIT framework

Meeting stakeholder needs

Covering the enterprise end to end

Applying a single, integrated framework

Enabling a holistic approach

Separating governance from management

COSO framework

5 components to the COSO-IC framework

Control environment- tone at the top

Risk assessment

What can go wrong

Existing control activities

How we minimize our risk

Information and communication

How we communicate internally and externally what we expect

Monitoring activities

How does management oversee the controls

Internal environment

Managements philosophy, operating style, and risk appetite

Commitment to integrity, ethical values, and competence

Internal control oversight by Board of Directors

Organizing structure

Methods of assigning authority and responsibility

Human resource standards

What is the role of management

Integrity and ethics

Management attitude

Hiring competent and ethical employees

Good organizational structure with clear reporting lines, authority and responsibility

Holding managers and employees accountable

What is the role of the board?

The boards role is one of oversight

Objective setting

Strategic objectives

High level goals

Operations objectives

Effectiveness and efficiency of operations

Reporting objectives

Improve decision making and monitor performance

Compliance objectives

Compliance with applicable laws and regulations

Event identification

Identifying incidents both external and internal to the organization that could affect the achievement of the organization's objectives

Risk assessment

Types of risk

Inherent: Risk that exists before plans are made to control it

Residual: Risk that is left over after you control it

Risk response

Reduce

Implement effective internal controls

Accept

Do nothing, accept likelihood, and impact of risk

Share

Buy insurance, outsource, or hedge

Avoid

Do not engage in the activity

Control activities

Are procedures to minimize risk of accounting problems

What are 2 types of fraud?

Misappropriation of assets

Financial statement fraud

For fraud to occur, these 3 conditions must be present

Pressure

Opportunities

Rationalization

Functions of internal controls

Preventive controls

Deter problems from occurring

Detective controls

Discover problems that are not prevented

Corrective controls

Identify and correct problems; correct and recover from the problem

Levers of control

Belief system

Help employees understand mission and vision

Boundary system

Establishing the boundaries of ethical employee behavior

Diagnostic control system

Measure, monitors, and compares actual performance to goals

Interactive control system

Focus attention on strategic issues