Scribd Logo
Carica

Benvenuto in Scribd!

  • Chapter 3 and 4

    Caricato da

    Sunny Mae
    129 visualizzazioni4 pagine
    1. Internal controls are processes put in place by an organization's management and staff to provide reasonable assurance about achieving objectives relating to operations, reporting, and compliance. 2. The document discusses COSO's internal control framework, which defines five components of an effective internal control system: control environment, risk assessment, control activities, information and communication, and monitoring activities. 3. Enterprise risk management involves identifying, assessing, and managing risks across an organization in a way that is aligned with the entity's risk tolerance and appetite.

    Descrizione originale:

    AIS notes

    Titolo originale

    chapter 3 and 4

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    1. Internal controls are processes put in place by an organization's management and staff to provide reasonable assurance about achieving objectives relating to operations, reporting, and compliance. 2. The document discusses COSO's internal control framework, which defines five components of an effective internal control system: control environment, risk assessment, control activities, information and communication, and monitoring activities. 3. Enterprise risk management involves identifying, assessing, and managing risks across an organization in a way that is aligned with the entity's risk tolerance and appetite.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    129 visualizzazioni4 pagine

    Chapter 3 and 4

    Caricato da

    Sunny Mae
    1. Internal controls are processes put in place by an organization's management and staff to provide reasonable assurance about achieving objectives relating to operations, reporting, and compliance. 2. The document discusses COSO's internal control framework, which defines five components of an effective internal control system: control environment, risk assessment, control activities, information and communication, and monitoring activities. 3. Enterprise risk management involves identifying, assessing, and managing risks across an organization in a way that is aligned with the entity's risk tolerance and appetite.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    CHAPTER 3: Internal Controls

    RISKS
    INTERNAL CONTROL DEFINITION AND IMPORTANCE
    Inappropriate risk-taking behavior is at the heart of
    I. DEFINITION many fraud cases
    Internal control a process, affected by an entitys Taxonomy an organizational structure for
    board of directors, management and other knowledge
    personnel, designed to provide reasonable
    assurance regarding the achievement of objectives BROWNS TAXONOMY OF RISK:
    relating to operations, reporting, and compliance 1. Financial risks related to monetary activities
    [defined by COSO] a. Market risk changes in companys stock
    COSO Committee of Sponsoring prices, investment values, and interest rates
    Organizations of the Treadway Commission b. Credit risk customers unwillingness or
    Important Elements of the COSO definition: inability to pay amounts owed to the
    1. Internal control is a process organization
    2. Internal control necessarily involves people c. Liquidity risk possibility that a company will
    throughout the organization. not have sufficient cash and near-cash assets
    3. Internal controls are designed to provide available to meet its short-term obligations
    reasonable assurance. 2. Operational risks concern the people, assets, and
    technologies used to create value for the
    II. IMPORTANCE organizations customers
    1. Safeguarding assets a. Systems risk relates directly to information
    2. Ensuring financial statement reliability technology (IT)
    3. Promoting operational efficiency b. Human error risk possibility that people in the
    4. Encouraging compliance with organization will make mistakes
    managements directives 3. Strategic risks - relate to entitys decision-making
    Internal is also legally mandated by several process at the senior management and board of
    important pieces of LEGISLATION: directors level
    1. Foreign Corrupt Practices Act (FCPA) a. Legal and regulatory risk concerned that
    -passed by the US congress in 1977 those parties might break laws that result in
    -requires corporations covered by its financial, legal, or operational sanctions
    provision to maintain an adequate system of b. Business strategic risk comprises poor
    internal accounting controls decision making related to a companys basis
    -subject to fines and imprisonment for competing in its markets
    4. Hazard risk
    2. Sarbanes-Oxley Act of 2002 (SOX) a. Directors and officers liability
    -in response to corporate scandals of the late
    20th century COSOS INTERNAL CONTROL INTEGRATED FRAMEWORK
    Provisions related to internal controls: COSO comprises FIVE PROFESSIONAL
    Management and the external auditors must ACCOUNTING ORGANIZATIONS:
    assess the companys internal controls on an 1. American Accounting Association
    annual basis 2. American Institute of Certified Public
    Acknowledgement that the manager is personally Accountants
    and organizationally responsible for the design and 3. Financial Executives Institute
    implementations of internal controls 4. Institute of Internal Auditors
    Disclose any internal control changes if has 5. Institute of Management Accountants
    noticeable effect
    Inform the auditors and the board of directors Originally published in 1992
    audit committee of any significant problems/ Updated in 2013
    weaknesses in internal control
    Managers must personally sign the required
    certifications and reports
    Similarities and differences between the original COSO offered the following explanation of
    and updated frameworks effective internal control:
    SIMILARITIES Each of the five components and relevant
    1. Internal control definition principles is present and functioning.
    2. Objective categories: operations, reporting, Present determination that the
    and compliance components and relevant principles
    3. Components of a strong internal control exist
    plan Functioning components and
    4. Necessity for all plan components to work principles continue to exist
    together The five components operate together in an
    5. Importance of judgement in establishing integrated manner.
    sound internal control Operating together
    DIFFERENCES determination that all five
    1. Environmental changes, such as economic components collectively reduce the
    conditions and legal consideration risk of not achieving an objective
    2. Expanded objectives for operations and
    reporting INTERNAL CONTROL EXAMPLES
    3. Creation of fundamental concepts that
    supports the components 1. Adequate documentation
    4. Additional examples and approaches 2. Background checks
    3. Backup of computer files
    FIVE (5) COMPONENTS OF THE COSO INTERNAL 4. Backup of power supplies
    CONTROL INTEGRATED FRAMEWORK 5. Bank reconciliation
    1. Control Environment : establishing the tone at 6. Batch control totals
    the top 7. Data encryption
    Ensures that internal control is seen as a 8. Documentation matching
    serious, important, worthy topic 9. Echo checks
    throughout the organization 10. Firewalls
    2. Risk assessment: clarifying an organizations 11. Insurance and bonding
    risk exposures 12. Internal audits
    Identify an organizations risk exposures as 13. Limit checks
    a precursor to creating internal controls 14. Lockbox systems
    3. Control activities : developing specific controls 15. Physical security
    to address the risk exposures 16. Preformatted data entry screens
    Policies, processes, and procedures that 17. Prenumbered documentations
    will address the risks in a cost-effective 18. Restrictive endorsement and daily deposits of
    way and provide reasonable assurance checks received
    that the goal will be achieved 19. Segregation duties
    Organizations can address risks in at 20. User training
    least three ways
    1. Prevention
    2. Detection
    3. Correction
    4. Information and communication: ensuring
    stakeholders know about the internal control
    plan
    5. Monitoring process : creating a process for
    keeping the plain update and relevant
    CHAPTER 4: Management Concepts 5. Risk Response : generic ways to manage risks
    (events)
    ENTERPRISE RISK MANAGEMENT
    Management selects risk response
    Enterprise Risk Management is a process, avoiding, accepting, reducing, or
    effected by an entitys board of directors, sharing risk developing a set of
    management and other personnel, applied in actions to align risks with the entitys
    strategy setting and across the enterprise, designed risk tolerances and risk appetite
    to identify potential events that may affect the 6. Control Activities : specific ways to manage
    entity, and management risk to be within its risk risks (events)
    appetite, to provide reasonable assurance regarding Policies and procedures are established
    the achievement of an entity objectives. and implemented to help ensure the
    risk responses are effectively carried
    COSO discusses FIVE CATEGORIES OF OBJECTIVES out
    for most organizations: 7. Information and Communication : ways to
    1. Strategic share the ERM plan
    2. Operations Relevant information is identified,
    3. Reporting captured, and communicated in a form
    4. Compliance and time frame that enable people to
    5. Safeguarding of resources carry out their responsibilities
    8. Monitoring : ways to ensure the ERM plan stays
    EIGHT (8) ENTERPRISE RISK MANAGEMENT relevant
    ELEMENTS: ERM is monitored and modifications
    1. Internal Environment : overall organizational made as necessary
    attitude about ERM
    Tone of an organization NATURE OF BUSINESS PROCESS MANAGEMENT
    Sets the basis for how risk is viewed and Business Process Management:
    addressed by an entitys people (risk A business improvement strategy based on
    management philosophy and risk appetite, documenting, analyzing, and redesigning
    integrity and ethical values, and the processes for greater performance.
    environment in which they operate A systematic approach to analyzing,
    2. Objective Setting : what an organization is redesigning
    trying to accomplish Important ideas in each definition of BPM:
    Enterprise risk management ensures that Improving performance
    management has in place a process to set Promoting efficiency
    objectives and that the chosen objectives Responding to the needs of clients
    support and align with the entitys mission Analyzing processes systematically and
    and are consistent with its risk appetite strategically
    3. Event Identification : events that could interfere GENERALIZED MODEL OF BPM (suggested by
    with achieving the objectives Seppanen, Kumar, and Chandra)
    Internal and external events affecting 1. Select the process and define its boundaries.
    achievement of an entitys objectives must 2. Observe, document, and map the process steps
    be identified, distinguishing between risks and flow.
    and opportunities. 3. Collect process-related data.
    4. Risk Assessment : chance that the interfering 4. Analyze the collected data.
    events will occur 5. Identify and prioritize potential process
    Risks are analyzed, considering the improvements.
    likelihood and impact, as a basis for 6. Optimize the process.
    determining how they should be 7. Implement and monitor process improvements.
    managed.
    Why AIS students should know something about BEHAVIORAL ISSUES IN AIS
    business process management: 1. Many people are uncomfortable with change.
    1. BPM can assist managers in providing 2. Fraud is a serious problem in all types of
    accounting information that conforms to organizations.
    elements of the FASB Conceptual Framework. 3. Business today is a global endeavor.
    Managing business process can ensure 4. When elements of an AIS change, people need to
    that relevant, reliable information is be trained in new technologies, processes and
    furnished in a cost-effective way. procedures to be effective.
    2. BPM can help managers promote strong 4.
    internal control.
    3. BPM frequently involves strategic uses of
    information technology.
    4. BPM is a natural outgrowth if accountants
    intimate involvement with business processes.

    BASIC PRINCIPLES
    1. Understand how business processes interact EXPECTANCY THEORY
    with/support organizational strategy. Motivation is the product of THREE FACTORS:
    2. Move away from the weve always done it this 1. Expectancy Will I be successful?
    way mentality. 2. Instrumentality Will I be rewarded?
    3. Enlist top management support; ensure that top 3. Valence Do I value the reward?
    management can describe current business
    processed before trying to reengineer/ maintain/ Motivation = Expectancy X Instrumentality X Valence
    modify the processes. Multiplied : If just one of the three factors
    4. Managing business processes is fundamentally is zero, motivation will be zero as well.
    about people, not technology or documents.
    5. Dont rely on external consultants to the exclusion
    of internal employees; value the experience of
    people in the organization who are close to the
    process.
    6. When using consultants, make sure the task is well
    defined, with specific deliverables defined by the
    company.
    7. Communicate early; communicate often. Deal
    immediately with objections/ issues as they arise.

    Potrebbero piacerti anche