...due to the negative impact on the market efficiency. As a result, COSO, the Committee of Sponsoring Organizations of the Treadway Commission, was formed in 1985. It has published several comprehensive frameworks to help organizations to improve business operation and governance and to avoid fraud. The aim of this report was to study the development of COSO, including its history and main frameworks and guidance regarding internal control, enterprise risk management and fraud deterrence. The report interpreted the three areas under COSO framework with their key compositions and most recent updates. After the detailed interpretation, conclusion and recommendations were given. Keywords: Fraudulent Financial Reporting, COSO, Internal Control, ERM, Fraud Introduction and Background Financial information is a significant and unique composition of the world of business. Analysis on financial information can always help users to make business decisions. However, driven by short-term profit and specific business purposes, companies would take the risk of releasing fraudulent financial reporting. Fraudulent information would fail to lead to good business decisions. Back to 1970s, due to the occurrence of questionable corporate political campaign practices like the Watergate...
Words: 3530 - Pages: 15
...Office of the New York State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT M ANAGEMENT GUIDE Management’s Responsibility for Internal Controls Thomas P. DiNapoli State Comptroller For additional copies of this report contact: Division of Local Government and School Accountability 110 State Street, 12th floor Albany, New York 12236 Tel: (518) 474- 4037 Fax: (518) 486- 6479 or email us: localgov@osc.state.ny.us www.osc.state.ny.us October 2010 Table of Contents Who’s Responsible.............................................................................................................. 2 The Origin - Committee of Sponsoring Organizations ......................................................... 4 Integrated Internal Control Framework - The Big Picture ..................................................... 5 The Five Essential Elements of the Internal Control Framework ........................................... 6 Limitations of Internal Controls ..........................................................................................15 The Impact of Information Technology ...............................................................................16 The Role of Internal Auditors and Audit Committees ..........................................................17 Conclusion ....................................................................................................................... 20 Additional Resources...
Words: 8114 - Pages: 33
...Evaluating and Improving Internal Control in Organizations Internal control is a crucial aspect of an organization’s governance system and ability to manage risk. It is also fundamental to supporting the achievement of an organization’s objectives and creating, enhancing, and protecting stakeholder value. High-profile organizational failures typically lead to the imposition of additional rules and requirements, as well as to subsequent time-consuming and costly compliance efforts. However, this obscures the fact that the right kind of internal controls—enabling an organization to capitalize on opportunities while offsetting the threats—can actually save time and money and promotes the creation and preservation of value. Effective internal control also creates a competitive advantage, as an organization with effective controls can take on additional risk. Despite the existence of sound internal control guidelines, it is often the application of such guidelines that fails or could be further improved in many organizations. With the publication, the Professional Accountants in Business (PAIB) Committee aims to provide a practical guide focused on how professional accountants in business can support their organization in evaluating and improving internal control as an integral part of its governance system and risk management. The guidance is complementary to existing internal control guidelines and is based on those internal control matters that often cause difficulties...
Words: 1324 - Pages: 6
...CONTROL AND AIS (Version 1 – Brief, just for the exam) Overview of Control Concepts * Internal Control - plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency and encourage adherence to prescribed management procedures. * Management Control - broader than internal control 1. Integral part of management responsibilities. 2. Is designed to reduce errors and irregularities and achieve goals 3. Is personnel oriented and seeks to help employees attain company goals by following policies. * Administrative Controls - help ensure operational efficiency and adherence to managerial policies. * Accounting controls - safeguard assets and ensure the reliability of accounting records. * Internal control structure - policies and procedures established to provide reasonable assurance that the organization's specific objectives will be achieved. 1. Control environment 2. Accounting system 3. Control procedures * Internal control classifications 1. Preventive, detective, corrective 2. Feedback, feedforward 3. General, application 4. Input, processing and output COSO - Committee of Sponsoring Organizations * Internal control - process implemented by management, the BOD, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to: ...
Words: 5228 - Pages: 21
...Overview of PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements Provided for use with Auditing and Assurance Services: An Integrated Approach, 12th edition Alvin A. Arens, Randal J. Elder, Mark A. Beasley Pearson Prentice Hall, Inc. INTRODUCTION The 12th Edition of Auditing and Assurance Services: An Integrated Approach, includes extensive coverage of key provisions of the Sarbanes-Oxley Act (the Act) and related Public Company Accounting Oversight Board (PCAOB) standards and rules applicable to the audits of financial statements and internal control over financial reporting for public companies. At the time the 12th Edition was released in March 2007, the PCAOB had issued Auditing Standard Nos. 1-4. On May 24, 2007, the PCAOB issued Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements (AS5). Subject to SEC approval, AS5 is effective for audits of fiscal years ending on or after November 15, 2007. AS5 supersedes PCAOB Auditing Standard No. 2 (AS2), An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, which was issued in June 2004. The PCAOB and the Securities and Exchange Commission (SEC) have closely monitored the implementation of AS2 to evaluate the effectiveness of public company auditors in applying the provisions to audits...
Words: 3261 - Pages: 14
...Running head: Internal Control and Risk Evaluation Internal Control and Risk Evaluation The purpose of this brief is to identify and analyze possible risks, internal control points, design internal controls, evaluate the application of internal controls and discuss other outside controls, that Kudler Fine Foods may need to upgrade the computer systems. Analysis of Risks of Computer Systems After reviewing the previous flowcharts it is recommended that Kudler Fine Foods automate more of its accounts payable, accounts receivable, inventory, and payroll processes and standardize these processes across all Kudler locations. Therefore, increased computer controls will be needed to ensure the security of data. Computer data could be compromised if proper computer controls are not in place. Risks include theft of confidential and sensitive information stored on computer servers such as company bank account information or personnel records of Kudler clientele and staff. If proper internal controls are not implemented breaches of sensitive data stored in folders that are accessible through the Internet will be exposed through file sharing software with the other Kudler locations. Identify risks and internal control points Identifying risks and internal controls are imperative when information systems are used extensively throughout the fundamental business processes. Information systems general controls are the policies and procedures that apply to all...
Words: 1267 - Pages: 6
...Checklist for Evaluating Internal Controls Lisa Cook ACC 544 October 31, 2011 Bret Mann Checklist for Evaluating Internal Controls Internal Control is to assist companies with reviewing and assessing its accountability within the organization. Internal controls are best practices for an organization that sets the tone and its main purpose is reducing business risk by controlling loss because of the misuse of the company’s assets. Fraud is sure to be detected through internal controls as well as help with the accuracy of its financial reporting. This analysis will provide a comprehensive checklist for evaluating internal controls and show how to apply the checklist to outline phases of the control evaluation. Evaluating Internal Controls Checklists The Committee of Sponsoring Organization (COSO) defines controls as the “process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: * Reliability of financial reporting. * Effectiveness and efficiency of operations. * Compliance with applicable laws and regulations. Internal control is designed to achieve objectives in various categories” (Louwers, et al, 2007, p. 149). The purpose for an internal control checklist is to analyze the efficiency of the organization’s controls in place, document the controls, and make recommendations and necessary improvements. Management...
Words: 785 - Pages: 4
...perform a SOX Section 404 consulting engagement. We are pleased to confirm our acceptance and our understanding of this consulting engagement by means of this letter. Our consultancy will be conducted with the objective of our expressing an opinion on the financial statements. This letter provides information and considerations related to our services under the SOX Section 404 consulting engagement, including: 1. Difference between a financial statement audit and an internal control consulting engagement; 2. Significant regulations and guidelines related to audits of internal control; 3. Internal control risks identified within Apollo Shoes, Inc.; 4. Relationship between internal controls and the audit process; and 5. Brief synopsis of auditor’s responsibility in detecting and reporting fraud. 1. Financial Statement Audit vs. Internal Control Consulting Engagement The following information provides details regarding the differences between a financial statement audit and an internal control consulting engagement: Financial Statement Audit During a financial statement audit, companies are asked to provide their financial statements, which gives information about their performance and financial position. Users of the financial statements, such as shareholders, investors, creditors and banks rely on the financial statements to be fairly presented and free of material misstatements. To strengthen the user’s...
Words: 1495 - Pages: 6
...Internal Audit Guidebook Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way 2012 Internal audit guidebook 1 Contents Page Introduction 2 Common service delivery methodology 6 Determine client needs 8 Scope and arrange work 10 Plan 13 Analyze and assess 20 Report and recommend 28 Implement 32 Evaluate 33 Determine business and technology context 36 Manage engagement performance, quality and risk 38 Communicate and enable change 40 Appendix 42 Internal audit engagement checklist 43 © Grant Thornton LLP. All rights reserved. Updated August 1, 2012 Internal audit guidebook 2 Introduction What is internal audit? The Institute of Internal Auditors (IIA) defines internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (1010) An internal audit objectively assesses the management of risks that a company faces. (2100 series) The aim is to • understand the current state, • assess the current state using appropriate standards and criteria, and • develop findings and recommendations...
Words: 15851 - Pages: 64
...free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material aspects, in accordance with an applicable financial reporting framework * To report on the financial statements and communicate in accordance with the auditor’s findings Audit Process Overview: * Step 1: Client Acceptance and Retention * Step 2: Risk Assessment (Through understanding client business environment and operations Assess risks of material misstatement Assess Audit Risk) * Step 3: Audit Procedures Planning * Step 4: Test of controls (IF reliance on controls) * Step 5: Perform substantive tests * Step 6: Audit Completion and Reporting Financial Statement Assertions: * Assertions are representations made by management, explicit or otherwise, that are embodied in F/S, as used by auditor to consider the different types of potential misstatements that may occur * Focus on assertions as: * Different risks result in different risks of misstatements affect different assertions (transactions and account balances can be misstated in different ways with different assertions being affected, eg. Fictitious credit sales Occurrence) * Depending on...
Words: 7274 - Pages: 30
...Justification for an Internal Control System Companies must mitigate risk to achieve maximum profitability. Mitigating the risk can be accomplished by implementing controls. While insurance and portfolio approaches are important control strategies, they are only single components of an overall risk management plan. Implementing an internal control system will assist management in monitoring and deterring risk. Current Controls The current approaches of insurance and portfolio are valid controls. One way to mitigate risk is to transfer some of the risk to a third party. The third party willingly accepts the risk for a fee or premium. This approach is called insurance. However, this approach is limited and considered reactive as it does nothing to deter harm to company assets. In addition, there are only certain risks that insurance companies are willing to take on and others that simply cannot be insured (McCarthy & Flynn, 2004). With the portfolio approach, all departments are treated as one unit so that interrelated risks can be identified and put “in the context of all the other risks and the company’s business strategy” (McCarthy & Flynn, 2004, pg. 255). However, it does little to deter risk. Internal Control System An internal control system is an ongoing process that ensures compliance with laws and regulations, reliable financial reporting and efficient and effective operations of an organization. According to Ratcliffe and Landes (2009), “an effective system...
Words: 522 - Pages: 3
...Internal Control FAQ What is Internal Control? Internal control is the integration of the activities, plans, attitudes, policies, and efforts of the employees of a department working together to provide reasonable assurance that the department will achieve its mission. More simply, internal control is what a department does to see that the things they want to happen willhappen…and the things they don’t want to happen won’t happen. Why are internal controls important? The overall purpose of internal control is to help a department achieve its mission and accomplish certain goals and objectives. An effective internal control system helps a department to: * Promote orderly, economical, efficient and effective operations. * Produce quality products and services consistent with the department’s mission. * Safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud. * Promote adherence to statutes, regulations, bulletins and procedures. * Develop and maintain reliable financial and management data, and accurately report that data in a timely manner. What are the components of an internal control system? The Committee of Sponsoring Organizations (COSO) internal control framework identifies five inter-related components: Control Environment: The control environment, sometimes referred to as “tone at the top”, is the foundation for all other components of internal control. The control environment is influenced by management’s...
Words: 1405 - Pages: 6
...MEMO To: Andrey Simonov From: Vivian Jeansonne Subject: Internal Controls and the Auditing of Internal Controls Date: March 19, 2013 _________________________________________________ The Internal Control—Integrated Framework, published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations” (Douglas). Internal controls are a very important aspect of a business which involves people at every level of an organization working together to achieve the same objectives. The three categories stated above address the different needs of a company and allow a specific focus in order for these needs to be met. The most important internal control to implement is over financial reporting. This involves preparing the financial statements so that they are presented fairly and accurately based on generally accepted accounting principles and any other financial reporting framework used by management (Landes & Ratcliffe). Fair presentation is when the accounting principles chosen by management have general acceptance and are appropriate in the circumstances. Financial statements must also reflect underlying transactions...
Words: 1334 - Pages: 6
...Internal Control Topic List 1. What is internal control? 2. Components of internal control 3. Information about controls Learning outcomes On completion of this section you should be able to: • State the reasons for organisations having effective systems of controls • Identify factors which contribute to an effective control environment • Identify the components of internal control in both manual and IT environments • Identify types of control activity • Distinguish between general controls and application controls • Identify inherent limitations of a system of internal controls • Specify the composition of an audit committee Internal Control [pic] Internal control: ‘The process designed, implemented and maintained by those charged with governance*, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to:- • Effectiveness and efficiency of operations • Reliability of financial reporting, • Compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control. A key audit question is: “How does management control the business?” *Usually directors - remember the difference between exec and non-exec Company Objectives • To ensure it correctly reports its financial position to shareholders • To ensure it operates effectively and...
Words: 2434 - Pages: 10
...RUNNING HEAD: Internal Controls and Maintaining Company Morale FINAL PAPER DEVELOPING AND IMPLEMENTING EFFECTIVE INTERNAL CONTROLS AND MAINTAINING EMPLOYEE MORALE By Melissa P. Abbey EM 290D DIRECTED STUDEY IN MANAGEMENT Submitted To Professor Donovan A. McFarlane, D.B.A. FREDERICK TAYLOR UNIVERSITY Moraga, California September 25, 2013 Abstract This report explores the aspects and importance of effective internal controls and how to maintain positive employee morale while developing and implementing organizational processes. The author explores various concepts and components of internal controls and the relationship of implementing effective controls while maintaining positive employee morale. Using a variety of resources including academic journals and electronic resources-informational sites, the author outlines standard components for developing effective internal controls and strategies for implementation in order to maintain positive employee morale. Keywords: Internal Controls, risk management, policies and procedures, organizational structure and culture, roles and responsibilities communication, collaboration, risk assessment, monitoring. Introduction All Organizations, no matter the size should have some type of internal controls in place. Although broad in scope, internal controls are intended to prevent companies from securing financial risk or wrongdoing and increase the chances of success while obtaining a specific objective; any business...
Words: 1297 - Pages: 6
