internal control.pptx

8/17/2019 Internal Control.pptx

1/33


2/33

InternalControl


3/33

Internal control refers tothe plan of organization and all thecoordinated methods and measuresadopted within an organization oragency to safeguard assets, check theaccuracy and reliability of its

accounting data, and encourageadherence to prescribed managerial

policies. – Section 12 of !" #o. 1$%%, asamended


4/33

1. &o safeguard the assets of the'rm.

2. &o ensure the accuracy andreliability of accounting records andinformation.

. &o promote e(cient, e)ecti*e,

and economical in the 'rm+soperations.

$. &o comply with laws andregulations.

%. &o measure adherence with


5/33

odifying-ssumptions

ManagementResponsibility

Reasonable Assurance

Methods of DataProcessing

LimitationsExposures and Risk


6/33

imitations• &he possibility of

s

• Circum*ention

• anagement o*erride

• Changing conditions


7/33

odifying-ssumptions






8/33


9/33

odifying-ssumptions






10/33

anagement /esponsibilit“Management utilizes internalcontrol to regulate and guidethe rm’s operations.”


11/33

odifying-ssumptions






12/33

ethods of "ata

!rocessing“Internal control shouldachieve the objectivesregardless of the data

processing method used.”


13/33

odifying-ssumptions






14/33

posures and /isks3undesirable e*ents4

• -ttempts at unauthorized access to the'rm+s assets.

• 5raud perpetuated by persons inside and

outside of the 'rm.

• rrors due to employee incompetence.

• 5aulty computer programs andcorrupted input data.

•

ischie*ous acts by hackers and threatsfrom other computer *iruses.


15/33

posures and/isks3undesirable e*ents4

-bsence or weakness ofcontrol

• "estruction ofassets

• &heft of assets• Corruption of

information or theinformation

system• "isruption of the

information


16/33

e*els of control (PD ontrol!

1. Pre*enti*e Controls

irst line of defense in the controlstructure.

&hese are passi*e techni6uesdesigned to reduce the fre6uencyof occurrence of undesirable

e*ents.


17/33

2. Detecti*e Controls

&hese are the de*ices,techni6ues, and proceduresdesigned to identify and eposeundesirable e*ents that eludepre*enti*e controls.

!econd line of defense in the controlstructure.


18/33

. orrecti*e Controls &hese are actions taken tore*erse the e)ects of errors

detected in the pre*ious step.

"etecti*e control 7correcti*e control ha*ean importantdistinction between

them.


19/33


20/33

ontrolEn"ironment

Risk Assessment

ontrol Acti"ities

Monitoring

Informationand

ommunication

ComponentsofInternalControl


21/33

Control n*ironmentIt integrates all internal control system which impacts on its structural aoperational framework.

It sets the tone for the organization and in8uences the control awarene9f its management and employees.

lements of Control n*ironment• Integrity and ethical *alues of management• Structure of organization• !articipation of the organization+ s board of directors and

audit committee• anagement+s philosophy and operating style• !rocedures for delegating responsibility and authority• anagemnt+s method for assessing performance• ternal in8uences, such as eaminations by regulatory agencies• &he organization+s policies and practices fro managing its human resources


22/33

ontrolEn"ironment

Risk Assessment

ontrol Acti"ities

Monitoring

Informationand

ommunication



23/33

/isk -ssessmentIt is the o*erall process of risk

identi'cation, analysis and e*aluation toascertain eisting and potential risks anddetermine the appropriate response thatmay a)ect the successful achie*ement ofagency ob:ecti*es.

"in simpler terms# It is the process inwhich organizations identify, analyze, andmanage risks rele*ant to 'nancial

reporting.

/isk can arise or change from circumstances such as;• -doption of a new accounting principle that may impact operations,• &he introduction of new product lines or acti*ities with which the organization has little eperience,• Signi'cant and rapid growth that strains eisting internal controls,etc.


24/33

Risk Identi#cation &his refers to the identi'cation of opportunitiesand threats to the achie*ement of the controlob:ecti*es.

Risk Analysis &his is the systematic use of information toidentify sources and to estimate the risk

Risk E"aluation &his is the process of e*aluating thesigni'cance of the risk and assessing thelikelihood of its occurrence.


25/33

ontrolEn"ironment

Risk Assessment

ontrol Acti"ities

Monitoring

Informationand

ommunication



26/33

Information and CommunicationInformation and communication are *ital in

attaining the control ob:ecti*es. &hey go handin hand and cut across all other internalcontrol components. /ele*ant informationmust be communicated throughout theagency, as well as to its network oforganizations and sectors.

-n e)ecti*e -ccounting information system will;• Identify and record all *alid 'nancial transactions• !ro*ide timely information about the transactions in

su(cient detail to permit proper classi'cation and'nancial reporting

• -ccurately measure the 'nancial *alue of

transactions so their e)ects can be recorded in the'nancial statements

• -ccurately record transactions in time period inwhich they control


27/33

ontrolEn"ironment

Risk Assessment

ontrol Acti"ities

Monitoring

Informationand

ommunication



28/33

onitoring• &he process by which the 6uality of

internal control design and operation canbe assessed.

• &his may be accomplished by separateprocedures or by ongoing acti*ities.

Ongoing monitoring

occurs in the course ofoperations. It is built into thenormal, recurring acti*ities ofan agency and in all its units.It is performed regularly andon a real


29/33

ontrolEn"ironment

Risk Assessment

ontrol Acti"ities

Monitoring

Informationand

ommunication



30/33

Control -cti*ities

&hese are the policies and proceduresused to ensure that appropriate actionsare taken to deal with the organization+sidenti'ed tasks.

Control -cti*ities

I& Controls !hysical Controls

ategories of ontrol Acti"ities


31/33

I$ ontrols

• &hey relate speci'cally to the computer en*ironment.

Two broad groups: 1. =eneral Controls – pertain to entity


32/33

hysical ontrols

• &hey relate primarily to the human acti*ities

employed in accounting systems. &hese acti*itiescould be purely manual or they may in*ol*e thephysical use of computers to record transactions orupdate accounts.

egories of Physical Control Activities

. %ransaction &uthorization

. !egregation of (uties

. !upervision

. &ccounting records

. &ccess ,ontrol

-. Independent erication

&ransaction-uthorization ensuresthat all materialtransactions processedby the informationsystem are *alid and in

accordance with themanagement+sob:ecti*es

Segregation of duties in*ol*e

the di*ision of the key dutiesand responsibilities amongdi)erent people to reduce therisk of error or fraud. &hisincludes separating theassignment of responsibilities

for processing, re*iewing,recording, custody andappro*al>authorization ofcertain transactions.

%b&ecti"es of 'egregation ofDuties

1. &o separate the authorizationfor a transaction from theprocessing of the transaction. 2. &o separate the responsibilityfor the custody of the assetsfrom the record


33/33

internal control.pptx

Documents