Management and Organizational Studies 3363A/B Chapter 9: MOS 3363 - Chapter 9

6 Pages
Unlock Document

Management and Organizational Studies
Management and Organizational Studies 3363A/B
Michelle Loveland

Internal Controls and Control Risk What is an Internal Control? • Internal Control is a system of policies and procedures designed to provide management with reasonable assurance that the company will achieve its objectives and goals. • There are three broad objectives in designing an effective internal control system: o Reliability of financial reporting. o Efficiency and effectiveness of operations. o Compliance with laws and regulations. Management Objectives • Maintain Reliable Control Systems • Safeguarding Assets • Optimizing the use of resources • Preventing and detecting error and fraud Auditors Objectives • Evaluation of internal control and the associated control risk is part of the audit planning process • CAS 315 requires that the auditor consider relevant controls, which are internal controls that are relevant to the financial statement audit • The auditor is mainly concerned with the controls that are relevant to the entity’s ability to record, process and summarize and report the financial data consistent with management’s assertions • The accuracy of the results of the accounting system is heavily dependent upon the accuracy of the inputs and processing • If the auditor identifies risks that cannot be effectively tested, the auditors must understand those controls and address those risks, and then test those controls if reliance is intended • After considering the potential for misstatements at the detailed assertion level for transactions and account balances, the auditor must step back and look at the statements as a whole Studying Internal Control • Management is responsible for designing, implementing and evaluating controls • The auditor can provide reasonable (but not absolute) assurance, based on the tests they conduct • Effectiveness depends upon the competency and dependability of individuals (or systems) executing the controls • Most internal control can be overridden using collusion, or if there is a poor segregation of duties Fraudulent Financial Reporting • This is the intentional misstatement or omission of amounts or disclosure of financial statements to deceive users o Earnings Management – the purpose is to help management achieve earning targets o Income Smoothing – Revenues and expenses are shifted across accounting periods to reduce fluctuations in earnings Fraud Triangle • Incentives/Pressures • Opportunities • Attitudes/Rationalization o Much higher when all three are present o Applies to both fraudulent financial reporting as well as misappropriation of assets COSO Framework • COSO: Committee Of Sponsoring Organizations • COSO identifies five components of internal control that need to be in place and integrated to ensure the achievement of each of the objectives. They are: 1. The control environment; 2. Risk assessment; 3. Control activities; 4. Information and communication; and 5. Monitoring. 1. The Control Environment • Actions, policies and procedures that reflect the overall attitudes of top management, directors and owners of an entity about controls • The essence of an effectively controlled organization lies in the attitude of its management • Control environment factors are assessed as part of the knowledge of business and are used to develop the client risk profile • The auditor must consider the key components of the control environment: o Board of Directors and Audit Committee o Organizational Structure o Management Philosophy and Operating Style o HR Policies and Procedures o Management Control Methods o Systems Development Methodology o Reaction to External Influences o Internal Audit • Board of Directors and Audit Committee o Board should have independent directors o Audit Committee should be independent and have competence in financial reporting • Organizational Structure o Firm structure should be appropriate for planning, directing and controlling operations o Responsibility assignments should be clear • Management Philosophy and Operating Style o Ethically and honest behaviour should be encouraged • HR Policies and Procedures o Should ensure trustworthy and competent employees o Compensation should motivate employees to maintain competence and honesty • Management Control Methods o Firm should implement effective budgeting systems o Firms should also have proper monitoring activities (internal controls) • Systems Development Methodology o Policies and procedures for selecting, deploying and maintain IT systems • Reaction to External Influences o Management must have the ability to respond to changes in the external environment • Internal Audit o The internal audit function should report to the audit committee to maintain independence 2. Risk Assessment • How the client responds to risks • Risk Assessment involves management’s identification and risks relevant to the preparation of financial statements in conformity with GAAP • Management needs to identify risks, estimate their significance, assess the likelihood of occurrence, and develop action plans to reduce these risks to an acceptably low level. • The auditor’s goal is to obtain sufficient information about the entity’s risk assessment process to understand how management: o Considers risks relevant to financial reporting objectives and o Decides what to do to address those risks. 3. Control Activities • The policies and procedures that help ensure necessary actions are taken to address risks in the achievement of the entity’s objectives. • Control activities are also known as application controls. • Look for: o Adequate segregation of duties o Proper authorization of transactions and activities o Adequate documents and records o Physical and logical control over assets and records o Independent checks of performance and recorded data 4. Information and Communication • The auditor must determine: o The major classes of transactions of the entity; o How those transactions are initiated and recorded; o What accounting records exist and their nature; o How the system captures other events that are significant to the financial statements; o The nature and details of the financial reporting process followed, including procedures to enter transactions and adjustments in the general ledger. 5. Monitoring • Deals with the ongoing or periodic assessment of the quality of inter
More Less

Related notes for Management and Organizational Studies 3363A/B

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.