College papers help


Internal control over financial reporting case study

In Hellenistic Egypt there was a dual administration, with one set of bureaucrats charged with collecting taxes and another with supervising them.

Definitions[ edit ] There are many definitions of internal control, as it affects the various constituencies stakeholders of an organization in various ways and at different levels of aggregation. Under the COSO Internal Control-Integrated Framework, a widely used framework in not only the United States but around the world, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

  1. Describing internal controls[ edit ] Internal controls may be described in terms of.
  2. Each major entity in corporate governance has a particular role to play.
  3. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. Personnel benefits committee[ edit ] The role and the responsibilities of the personnel benefits, in general terms, are to.
  4. It is the foundation for all other components of internal control. Audit committee[ edit ] The role and the responsibilities of the audit committee, in general terms, are to.

COSO defines internal control as having five components: Control Environment-sets the tone for the organization, influencing the control consciousness of its people.

It is the foundation for all other components of internal control.

Navigation menu

Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities Control Activities-the policies and procedures that help ensure management directives are carried out. Monitoring-processes used to assess the quality of internal control performance over time.

The COSO definition relates to the aggregate control system of the organization, which is composed of many individual control procedures. Discrete control procedures, or controls are defined by the SEC as: A control may exist within a designated function or activity in a process. Controls have unique characteristics — for example, they can be: Controls within a process may consist of financial reporting controls and operational controls that is, those designed to achieve operational objectives.

Control itself exists to keep performance or a state of affairs within what is expected, allowed or accepted. Control built within a process is internal in nature. It takes place with a combination of interrelated components — such as social environment effecting behavior of employees, information necessary in control, and policies and procedures. Internal control structure is a plan determining how internal control consists of these elements. Internal controls help ensure that processes operate as designed and that risk responses risk treatments in risk management are carried out COSO II.

In addition, there needs to be in place circumstances ensuring that the aforementioned procedures will be performed as intended: Roles and responsibilities in internal control[ edit ] According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to affect control. Also, all personnel should be responsible for communicating upward problems in operations, non-compliance with the code of conduct, or other policy violations or illegal actions.

Each major entity in corporate governance has a particular role to play: Management[ edit ] The Chief Executive Officer the top manager of the organization has overall responsibility for internal control over financial reporting case study and implementing effective internal control.

More than any other individual, the chief executive sets the " tone at the top " that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way internal control over financial reporting case study controlling the business.

Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility.

Board of directors[ edit ] Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive.

They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfil their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal control over financial reporting case study audit functions, is often best able to identify and correct such a problem.

Auditors[ edit ] The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts.

They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control.

They may also review Information technology controlswhich relate to the IT systems of the organization. There are laws and regulations on internal control related to financial reporting in a number of jurisdictions. To provide reasonable assurance that internal controls involved in the financial reporting process are effective, they are tested by the external auditor the organization's public accountantswho are required to opine on the internal controls of the company and the reliability of its financial reporting.

Audit committee[ edit ] The role and the responsibilities of the audit committee, in general terms, are to: Review significant findings or unsatisfactory internal audit reports, or audit problems or difficulties encountered by the external independent auditor. Monitor management's response to all audit findings; e Manage complaints concerning accounting, internal accounting controls or auditing matters; f Receive regular reports from the Chief Executive Internal control over financial reporting case study, Chief Financial Officer and the Company's other Control Committees regarding deficiencies in the design or operation of internal controls and any fraud that involves management or other employees with a significant role in internal controls; and g Support management in resolving conflicts of interest.

Personnel benefits committee[ edit ] The role and the responsibilities of the personnel benefits, in general terms, are to: They also ensure that benefit-related performance measures are properly used by the management of the organization. Operating staff[ edit ] All staff members should be responsible for reporting problems of operations, monitoring and improving their performance, and monitoring non-compliance with the corporate policies and various professional codes, or violations of policies, standards, practices and procedures.

Their particular responsibilities should be documented in their individual personnel files. In performance management activities they take part in all compliance and performance data collection and processing activities as they are part of various organizational units and may also be responsible for various compliance and operational-related activities of the organization. Staff and junior managers may be involved in evaluating the controls within their own organizational unit using a control self-assessment.

Financial statement risk assessment following the COSO framework: An instructional case study

Limitations[ edit ] Internal control can provide reasonable, not absolute, assurance that the objectives of an organization will be met.

The concept of reasonable assurance implies a high degree of assurance, constrained by the costs and benefits of establishing incremental control procedures. Effective internal control implies the organization generates reliable financial reporting and substantially complies with the laws and regulations that apply to it. These factors are outside the scope of internal control; therefore, effective internal control provides only timely information or feedback on progress towards the achievement of operational and strategic objectives, but cannot guarantee their achievement.

Describing internal controls[ edit ] Internal controls may be described in terms of: Objective or assertions categorization[ edit ] Assertions are representations by the management embodied in the financial statements. Further such fixed assets must be disclosed and represented correctly in the financial statement according to the financial reporting framework applicable to the company.

Controls may be defined against the particular financial statement assertion to which they relate.

Internal control

Accounts and disclosures are properly described in the financial statements of the organization. Only valid or authorized transactions are processed.

Assets are the rights of the organization and the liabilities are its obligations as of a given date. All transactions are processed that should be. Transactions are valued accurately using the proper methodology, such as a specified means of computation or formula.

For example, a validity control objective might be: Activity categorization[ edit ] Control activities may also be explained by the type or nature of activity. These include but are not limited to: Segregation of duties — separating authorization, custody, and record keeping roles to prevent fraud or error by one person. Authorization of transactions — review of particular transactions by an appropriate person. Retention of records — maintaining documentation to substantiate transactions.

Supervision or monitoring of operations — observation or review of ongoing operational activity. Physical safeguards — usage of cameras, locks, physical barriers, etc. Top-level reviews — analysis of actual results versus organizational goals or plans, periodic and regular operational reviews, metrics, and other key performance indicators KPIs.

IT general controls — Controls related to: IT application controls — Controls over information processing enforced by IT applications, such as edit internal control over financial reporting case study to validate data entry, accounting for transactions in numerical sequences, and comparing file totals with control accounts. Control precision[ edit ] Control precision describes the alignment or correlation between a particular control procedure and a given control objective or risk.

A control with direct impact on the achievement of an objective or mitigation of a risk is said to be more precise than one with indirect impact on the objective or risk. Precision is distinct from sufficiency; that is, multiple controls with varying degrees of precision may be involved in achieving a control objective or mitigating a risk.

Precision is an important factor in performing a SOX 404 top-down risk assessment.

After identifying specific financial reporting material misstatement risks, management and the external auditors are required to identify and test controls that mitigate the risks. This involves making judgments regarding both precision and sufficiency of controls required to mitigate the risks. Entity-level controls are identified to address internal control over financial reporting case study risks. However, a combination of entity-level and assertion-level controls are typically identified to address assertion-level risks.

This typically involves identifying scenarios in which theft or loss could occur and determining if existing control procedures effectively manage the risk to an acceptable level. For example, automating controls that are manual in nature can save costs and improve transaction processing.

If the internal control system is thought of by executives as only a means of preventing fraud and complying with laws and regulations, an important opportunity may be missed. Internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.

Continuous controls monitoring[ edit ] Advances in technology and data analysis have led to the development of numerous tools which can automatically evaluate the effectiveness of internal controls. Used in conjunction with continuous auditingcontinuous controls monitoring provides assurance on financial information flowing through the business processes.

  • Controls have unique characteristics — for example, they can be;
  • In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct;
  • However, a combination of entity-level and assertion-level controls are typically identified to address assertion-level risks;
  • Continuous controls monitoring[ edit ] Advances in technology and data analysis have led to the development of numerous tools which can automatically evaluate the effectiveness of internal controls;
  • Activity categorization[ edit ] Control activities may also be explained by the type or nature of activity;
  • More than any other individual, the chief executive sets the " tone at the top " that affects integrity and ethics and other factors of a positive control environment.