acct 316 acct 316 acct 316 control and accounting information systems 7 uaa – acct 316 accounting...

Download Acct 316 Acct 316 Acct 316 Control and Accounting Information Systems 7 UAA – ACCT 316 Accounting Information Systems Dr. Fred Barbee Chapter

Post on 11-Jan-2016




6 download

Embed Size (px)


  • Control and Accounting Information SystemsUAA ACCT 316 Accounting Information SystemsDr. Fred Barbee7Chapter

  • Introduction to Internal Control

  • Internal Control . . .Can an information system operate without internal controls?Perhaps.Will the organization attain its objectives?Perhaps.

  • Why Internal Control?

  • Why Controls . . . To Ensure system goals are achieved

    To Lessen the risk of unwanted outcomes

  • Controls . . . What are the goals that internal control is designed to achieve?What are the typical business risks that the organization should try to avoid?

  • What are the goals that internal control is designed to help achieve?


  • Internal Control GoalsThe National Commission on Fraudulent Financial ReportingAppointed

    The Committee of Sponsoring Organizations (COSO)To study internal control

  • Internal Control GoalsCOSO entity objectives . . .Operations - relating to effective and efficient use of an entitys resources.Financial Reporting - relating to preparation of reliable financial reports.Compliance - relating to the entitys compliance with applicable laws and regulations.

  • What are the typical business risks that an organization should try to avoid?Question

  • What is Risk?The dictionary defines risk as . . .What is an exposure?Hazard; peril; exposure to loss or injury.

  • Exposure . . . . . . the potential financial effect of an event multiplied by its probability of occurrence.

    Potential Financial Effect of an Event

    Probability of Occurrence



  • Risk AnalysisTHREATEXPOSURERISKEXPECTED LOSS**=Internal Controls

  • Controls . . . An exposure consists of the potential financial effect of an event multiplied by its probability of occurrence.$5,000,000X5%=$250,000

    Potential Financial Effect of an Event

    Probability of Occurrence


  • Direct Material VariancesAn example of a control system in accounting

  • Common Business Exposures

  • Common Business ExposuresBusinessExposures

  • Common Business ExposuresBusinessExposures

  • What are the legal responsibilities of management?Or, what are we supposed to do?

  • The SEC . . .The establishment and maintenance of a system of internal controls is an important management obligation.

  • The SEC . . .A fundamental aspect of managements stewardship responsibility is to provide shareholders with reasonable assurance that the business is adequately controlled.

  • The SEC . . .Additionally, management has a responsibility to furnish shareholders and potential investors with reliable financial information on a timely basis.

  • Legal ResponsibilitiesManagement is legally responsiblefor establishing and maintaining an adequate system of internal control.

  • The SEC . . .An adequate system of internal control is necessary to managements discharge of these obligations.

  • OK, so what if management doesnt do this. What then?

  • Enter . . .


  • FCPA Legal RequirementMake and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the transactions of the registrant and the disposition of its assets.

  • FCPA Legal RequirementDesign and maintain a system of internal accounting controls sufficient to provide reasonable assurances that certain specified objectives are met.

  • The Internal Control Structure . . .What is Internal Control?

  • Standards of Field WorkThe Field Work standards are so named because they pertain primarily to the conduct of the audit at the clients place of business; that is, in the field.

  • Second Standard of Field WorkA sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.

  • Defining Internal ControlReviewing the Literature

  • 1949 Committee on Auditing ProcedureA system of internal control should be designed to achieve objectives that are both operational and accounting in nature.

  • Defining Internal ControlThe 1958 definition was the first to differentiate between accounting controls and administrative controls, A distinction that is very important to independent auditors.

  • In 1963, chapter 5 of Statement on Auditing Procedure No. 33 attempted to clarify the distinction between administrative and accounting controls, stating that the independent auditor is primarily concerned with the latter when applying generally accepted auditing standards.

  • After 1963, there continued to be confusion concerning the scope of the auditors responsibility as it related to safeguarding of assets and the reliability of financial statements.

  • So . . . What is Internal Control?

  • Cohen Commission ReportPublished annual reports should contain a report in which corporate management discloses the condition of the companys internal control system.

  • Internal ControlSome Recent Additions

  • Internal Control . . .Information Systems Audit and Control Foundation Control Objectives for Information and Related Technology COBIT


    Audience:Management; Users; IS Auditors

    Focus:Information Technology


    Size:187 Pages 4 Documents

  • A set of processes including policies, procedures, practices, and organizational structure.Internal Control Viewed as:

  • Internal Control ObjectivesEffective & efficient operationsConfidentialityIntegrity & availability of informationReliable financial reportingCompliance with laws and regulations

  • Internal Control . . .Institute of Internal Auditors Research Foundations Systems Auditability and Control (SAC)

  • Systems Auditability and Control

    Audience:Internal Auditors

    Focus:Information Technology


    Size:1,193 pages in 12 modules

  • Internal Control Viewed as . . .Set of processes, subsystems, and people.

  • Internal Control ObjectivesEffective & efficient operationsReliable financial reportingCompliance with laws and regulations

  • Internal Control . . .The Committee of Sponsoring Organizations of the Treadway Commission Internal Control Integrated Framework

  • COSO


    Focus:Overall Entity


    Size:353 pages in 4 volumes

  • Internal control viewed as a process.COSO

  • Internal control objectives:Effective and efficient operationsReliable financial reportingCompliance with laws and regulationsCOSO

  • Internal Control . . .American Institute of Certified Public Accountants Consideration of the Internal Control Structure in a Financial Statement Audit (SAS 55)

  • SAS 55 & SAS 78

    Audience:External Auditors

    Focus:Financial Statement


    Size:63 pages in 2 documents

  • SAS 55/78Internal control viewed as a process.

  • SAS 55/78Internal control objectives:Effective and efficient operationsReliable financial reportingCompliance with laws and regulations

  • National Commission on Fraudulent Financial ReportingThe Treadway Commission

  • Treadway CommissionEmphasized the importance of internal control. Specifically . . .The control environment;Codes of conduct;Audit committees; andThe internal audit function

  • Treadway CommissionThe commission reaffirmed the Cohen Commissions call for management reports on the effectiveness of its internal controls.

  • COSO Report . . .COSOs final report Internal Control Integrated Framework was issued in September 19924 volumes453 pagesThousands of hours of work

  • COSO Report . . .Provides a common definition of internal control to meet the needs of diverse users.Provides a framework against which entities can assess and improve their internal control systems.

  • Internal Control . . .The COSO Definition

  • Internal control is a process, effected by an entitys board of directors, management, and other personnel, COSO

  • designed to provide reasonable assurance regarding the achievement of objectives in the following categories:COSO

  • Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations.COSO

  • Key ConceptsInternal control is a process. It is a means to an end, not an end in itself.Internal control is effected by people. Its not merely policy manuals and forms, but people at every level of an organization.COSO

  • Key ConceptsInternal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board.Internal control is geared to the achievement of objectives in one or more overlapping categories.COSO

  • It consists of several interrelated components, with integrity, ethical values;competence, and the control environment, serving as the foundation for the other components.COSO

  • Cosos ComponentsControl EnvironmentRisk AssessmentControl Activiti


View more >