Top Banner

of 51

0508 Int Cntrl Muller

Oct 06, 2015

Download

Documents

Gaby

0508 Int Cntrl Muller
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • SOX for EveryoneBrief History of Internal Control, SOX, and Fundamentals of Control Frameworks

    Source: Brinks Modern Internal Auditing, Robert Moeller, Wiley Publishing

  • Agenda for TodayWhat is internal control and why is it important for governmental entities?History of internal control leading up to SOXCOSO frameworkFundamentals of internal control and control systemsWrap up

  • What is Internal Control?What is internal control?General procedures for a well-managed, well-functioning businessComponents includeAccomplishes its missionProduces accurate, reliable dataComplies with laws and corporate policiesResults in economical/efficient use of resourcesProvides for safeguarding of assets

  • Internal Control and Governmental EntitiesHow do Internal Control objectives translate into government objectives?Increase the publics confidence level in government operations.Increase managements accountability for financial reporting and information disclosed to the public. Reveal the critical need for managements well-defined job requirements.Reduce fraud and increase accountability.Source: http://www.governmentauditors.org/content/view/273/123/

  • Internal Controls Standards: Background DevelopmentsEarliest definition of internal control:The organizations plan and actions to safeguard its assets, operate efficiently, adhere to policies, and accurately and reliably produce accounting data

  • Internal Controls Standards: Background Developments ContinuedForeign Corrupt Practices Act (FCPA)Response to Watergate scandalRequired management toMaintain accurate books and records,Implement a system of internal controlAlso prohibited bribesExcludes grease payments to minor officialsCreated a flurry of activity to comply, today is seen primarily as anticorruption

  • Efforts Leading to the Treadway CommissionCohen Commission (an AICPA commission)Recommended that management report on internal controls and auditors opine on fairness of managements assertionResulted in criticism from external auditors; lack of consistent definitions regarding internal controls, adequate, etc.FEI endorsed the Cohen recommendationAs a result, some CEO management letters discussed internal control; some letters included negative assurance

  • Efforts Leading to the Treadway Commission ContinuedSEC 1979 proposalBased on Cohen Commission and FEICalled for mandatory management reports on internal controlAgain controversy and criticism centered on lack of a clear definition of internal accounting controlSEC dropped the proposal, but it established a need for a management report on internal control as part of required SEC filings

  • Efforts Leading to the Treadway CommissioncontinuedSAS No. 55 (Stmnt. On Auditing Stds.)Issued by the AICPADefined internal control in terms of theControl environmentAccounting systemControl proceduresManagements view of internal control is broader and encompasses the entire control systemExternal auditors focus on internal control related to financial statements

  • Efforts Leading to the Treadway Commission ContinuedTreadway Committee (National Commission on Fraudulent Reporting)Late 1970s and early 1980s were a period of high inflation, high interest rates, many business failures despite the company having reported adequate earningsCongress proposed but didnt pass bills to correct the business and audit failuresTreadway Commission formed to identify fraud factors and propose recommendations

  • Efforts Leading to the Treadway CommissionContinuedTreadway Committee, continuedAgain, a call for management reports on the effectiveness of internal controlMost important contribution of Treadway was raising level of concern and attention directed toward reporting on internal controlFCPA, Cohen Commission, SEC 1979 Report, SAS No. 55 and Treadway CommissionOccurred almost in a parallel fashion over a period of 20 and helped redefine internal control

  • Sarbanes-Oxley ActSarbanes-Oxley ActPassed in 2002Most significant overhaul to public accounting, corporate governance and financial reporting since 1930sEstablished regulatory rules for public accounting firms, auditing standards, and corporate governancePCAOB established to oversee public accounting firms and to establish auditing standards

  • Sarbanes-Oxley ActContinuedSection 101Establishes PCAOBNon-profit, private-sector corporationPCAOB consists of 5 members appointed by the SECAICPA no longer establishes Statements on Auditing Standards or GAASPCAOB now oversees all audits of SEC-reporting corporations

  • Sarbanes-Oxley ActContinuedSection 201Establishes new rules regarding auditor independence and prohibited practicesLimitations include financial information system design and implementation, internal audit outsourcing, and other servicesTax and other non-prohibited services may be performed by the external auditor if approved in advance by the audit committee

  • Sarbanes-Oxley ActContinuedSection 301Mandates that all audit committee members be independentExternal auditor reports to, is overseen by, and is compensated by the audit committee

  • Sarbanes-Oxley ActContinuedSection 302Requires that the CEO and CFO certify quarterly and annual financial reportsSOX imposes criminal fines or jail time on violators

  • Sarbanes-Oxley ActContinuedSections 304 and 305Designed to eliminate or limit seemingly outrageous behaviorEarnings restatements may require CEO and CFO to return bonuses based on bogus numbersBlackout periods related to trading in 401K and pension plans apply equally to all employeesRevised rules related to attorney reporting of corporate misconductControversial due to attorney-client privilege

  • Sarbanes-Oxley ActContinuedSection 404Makes management responsible for acknowledging its responsibility for establishing and maintaining internal controlMakes management responsible for an annual assessment of internal controls

  • Sarbanes-Oxley ActContinuedOther sections of Title IVRequire the company to adopt a code of ethics for senior officersRequire a financial expert on the audit committeeMandate companies to provide information about material financial statement issues to investors ASAP

  • Sarbanes-Oxley ActContinuedOther Titles of SOXMandate workpaper retention policiesProvide whistleblower protectionRequire CEO and CFO to personally certify that the financial reports are fairly presented Personal penalties for knowingly falsifying (not corporate responsibility)

  • REVIEWUnder the 2002 Sarbanes-Oxley Act, _____________ must certify the effectiveness of the companys internal controls each year. If they sign off on ineffective controls, they could _______________.a.CFOs and CEOs; face civil and criminal penalties.b.CFO; face civil penalties.c.CEO; get fired.d.External auditor; face the Audit Committee.

  • REVIEWThe primary responsibility for overseeing the establishment and administration of internal control rests witha.The external auditor.b.The controller.c.The internal auditor.d. Senior management.

  • COSO Internal Control Framework

    Common framework for the definition of internal control and procedures to evaluate controlsProcess affected by BOD, management and others to provide reasonable assurance regarding achieving effective and efficient operations, reliable financial reporting, and compliance with lawsReleased in 1992 and has become widely accepted

  • COSO Internal Control FrameworkContinued

    COSO FrameworkPyramid with 5 layered and interconnected components comprise the overall control systemControl environment: foundationRisk assessment, control activities and monitoring are layered on top of the foundationThe 5th element is an interface channel between the other 4 layers: communication and information

  • COSO Internal Control Framework Continued Source: COSOs Internal Control Integrated framework

  • COSO Internal Control FrameworkContinuedInternal control environmentHas a pervasive influence on the organizationReflects the attitude, awareness and actions of the BOD, management and others regarding the importance of internal controlHistory and culture play important rolesTone at the top

  • COSO Internal Control FrameworkContinuedInternal control environmentIntegrity and ethical valuesStrong code of conduct communicated throughout the organizationCommitment to competenceAdequate training, supervision, job descriptionsBOD and audit committeeIndependent audit committee

  • COSO Internal Control FrameworkContinuedInternal control environmentManagements philosophy and operating styleRisk taker/conservative, seat of the pants/careful plannerOrganizational structureCentralized/decentralized, reporting relationships

  • COSO Internal Control FrameworkContinuedInternal control environmentHuman resources policies and practicesRecruitment/hiring, new employee orientation, evaluation/promotion/compensation, disciplinary actions

  • COSO Internal Control FrameworkContinuedRisk AssessmentEvaluation of potential risks to the organizations ability to achieve its objectives3-step processEstimate the significance of the riskAssess its likelihoodConsider how to manage the risk or actions to take

  • COSO Internal Control FrameworkContinuedRisk AssessmentRisks from external factors include legislation, technologyRisks from internal factors include quality of hiring/trainingSpecific activity-level risks include risks related to specific new products

  • COSO Internal Control FrameworkContinuedControl ActivitiesPolicies and proceduresTop-level reviews compare results to budget or other benchmarksDirect functional or activity management entails reviewing operational reports or exception reports and taking corrective actionInformation processing entails development of new systems or access to data

  • COSO Internal Control FrameworkContinuedControl ActivitiesPolicies and procedures-continuedPhysical controls over assetsPerformance indicators entails relating operating data to financial data, and taking analytical, investigative or corrective actionSegregation of duties

  • COSO Internal Control FrameworkContinuedControl ActivitiesIntegrating risk assessment and control activitiesAppropriate control activities are established to address specific risksMay need to prune dumb controls

  • COSO Internal Control FrameworkContinuedControl ActivitiesControls over information systemsGeneral controls that ensure control over all applications (locks on door to computer center)Application controls apply to specific programsOrganization needs to consider evolving technologies and new/modified controls

  • COSO Internal Control FrameworkContinuedCommunications and InformationInformation systems can be formal or informal, internal or externalCOSO emphasized that they beStrategic, consistent with the organizations goals (not outdated)Integrated with other operations

  • COSO Internal Control FrameworkContinuedCommunications and InformationCOSO suggests and SOX requires that information beTimelyAccurateCurrentAccessibleAppropriate

  • COSO Internal Control FrameworkContinuedCommunications and InformationInternal systemsMost important component may be communication from senior management, tone at the topEach person needs to know how he fits into the organization, otherwise may think errors dont matterEach person needs to know limits, what is unethical/improperCommunication must flow up and down

  • COSO Internal Control FrameworkContinuedCommunications and InformationExternal systemsInclude a mechanism to capture and act upon complaints, source of potential control issuesCommunication must flow in both directions

  • COSO Internal Control FrameworkContinuedMonitoringHistorically the role of internal auditorsCOSO expands to include ongoing assessments of and adjustments to internal control as circumstances warrantMany routine business functions are considered monitoring activities, such as reconciliations

  • COSO Internal Control FrameworkContinuedMonitoringSeparate internal control evaluations (in addition to ongoing monitoring) need to be performed periodicallyCan be done by managementIdentified internal control deficiencies (no matter how theyre identified) should be reported, investigated, and appropriately acted upon

  • REVIEWWhich of the following are elements included in the control environment?a.Organizational structure, management philosophy, and planning.b.Risk assessment, assignment of responsibility, and human resource practices.c.Competence of personnel, backup facilities, laws, and regulations.d.Integrity and ethical values, assignment of authority, and human resource policies.

  • REVIEWWhich of the following fits most directly under the control activities component of the COSO Internal Control framework? a.Company-level controls dealing with tone at the top. b.Accounting for shipping documents to ensure that all sales are recorded. c.Overall methods for assigning authority and responsibility. d.The control environment.

  • Understanding, Using, and Documenting COSO Internal ControlsSOX 404 requires that organizations understand, document, test, and evaluate internal controls of major processes and systemsCOSO is the suggested tool for this process

  • Fundamentals of Internal ControlsDefinition of a control systemThe car is an example, if the accelerator or brakes arent used properly, the car operates out of controlAn organization is similar, all the parts have to operate/be directed properly or the organization is out of controlInternal control system should attain or maintain a desired state

  • Fundamentals of Internal ControlsContinuedElements of a control systemDetector/sensor element measures the system being controlled (often the auditor)Selector or standard element is the base used to compare/evaluate whats detected (standards, best practices)Controller element changes the behavior based on comparison of detector and standardCommunications network element transmits messages between the controller element and the thing being controlled

  • Fundamentals of Internal ControlsContinuedTypes of control techniques, a combination of all 3 assure a process is operating properlyPreventive controlsLocked doors, passwordsDetective controls alert management that a problem has occurredDoor alarms, account reconciliationsCorrective controls assist in recovery from problemsInsurance policy

  • Fundamentals of Internal ControlsContinuedPreventive, detective and corrective controls operate on 3 levelsSteering: preventive controls designed to attract management attention and prompt action (respond to falling market share)Yes-No: protective controls designed to ensure adherence to a pre-established control (approvals)Post-action: requires managements after-the-fact action, may require correcting detective, preventive or corrective controls (reassign an employee, repair damaged products)

  • REVIEWControls may be classified according to the function they are intended to perform; which of the following is a detective control?a.Dual signatures on all disbursements over a specific amount.b.Recording every transaction on the day it occurs.c.Monthly bank statement reconciliations.d.Requiring all members of the internal audit staff to be CPAs.

  • REVIEWControls designed to deter undesirable events from occurring area.Preventive controls.b.Directive controls.c.Detective controls.d.Output controls.

  • WRAP UPQuestions?


Related Documents
first language arabic - Past Papers PDF - GCE Guide - First Language (0508)/0508... · Title first language arabic Author Stuart Brown Subject 0508 Created Date 20170111155525Z

first language arabic - Past Papers PDF - GCE Guide - First....

Category: Documents
Frl Overview 0508

Frl Overview 0508

Category: Documents
inst cntrl

inst cntrl

Category: Documents
Montgomery 0508

Montgomery 0508

Category: Documents
Hopewell 0508

Hopewell 0508

Category: Documents
Catalogo 0508 Rev2

Catalogo 0508 Rev2

Category: Documents
Robbinsville 0508

Robbinsville 0508

Category: Documents
Docker osc 0508

Docker osc 0508

Category: Technology
Nam cntrl chart

Nam cntrl chart

Category: Engineering
0508 Educação sanitária - Rose

0508 Educação sanitária - Rose

Category: Education
Proyecta 0508

Proyecta 0508

Category: Documents
Micro Cntrl Based Anesthesia Injectr

Micro Cntrl Based Anesthesia Injectr

Category: Documents