ACC 450 Chapter 11

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Reasonable Assurance

A company should develop internal controls that provide reasonable, but not absolute, assurance that the financial statements are fairly stated.

Section 404(a) of the Sarbanes-Oxley Act requires management of all public companies to issue an internal control report that includes the following:

A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year

The control activities generally fall into the following five types, which are discussed next:

Adequate separation of duties Proper authorization of transactions and activities Adequate documents and records Physical control over assets and records Independent checks on performance

Auditor's Controls Over Classes of Transactions

Auditors emphasize internal control over classes of transactions rather than account balances because the accuracy of accounting system outputs (account balances) depends heavily on the accuracy of inputs and processing (transactions). Auditors are primarily concerned with the transaction-related audit objectives discussed in Chapter 6 when assessing internal controls over financial reporting.

Auditor's Controls Over the Reliability of Financial Reporting

Auditors focus primarily on controls related to the first of management's internal control concerns: reliability of financial reporting. Financial statements are not likely to correctly reflect GAAP or IFRS if internal controls over financial reporting are inadequate. Unlike the client, the auditor is less concerned with controls that affect the efficiency and effectiveness of company operations, because such controls may not influence the fair presentation of financial statements. Auditors should not, however, ignore controls affecting internal management information, such as budgets and internal performance reports. These types of information are often important sources used by management to run the business and can be important sources of evidence that help the auditor decide whether the financial statements are fairly presented. If the controls over these internal reports are inadequate, the value of the reports as evidence diminishes.

Commitment to Competence

Competence is the knowledge and skills necessary to accomplish tasks that define an individual's job. Commitment to competence includes management's consideration of the competence levels for specific jobs and how those levels translate into requisite skills and knowledge. If employees are competent and trustworthy, other controls can be absent, and reliable financial statements will still result. Incompetent or dishonest people can reduce the system to a shambles—even if there are numerous controls in place. Honest, efficient people are able to perform at a high level even when there are few other controls to support them. However, even competent and trustworthy people can have shortcomings. For example, they can become bored or dissatisfied, personal problems can disrupt their performance, or their goals may change. Because of the importance of competent, trustworthy personnel in providing effective control, the methods by which persons are hired, evaluated, trained, promoted, and compensated are an important part of internal control.

The COSO internal control components include the following:

Control environment Risk assessment Control activities Information and communication Monitoring

Managements Operating Effectiveness of Controls

In addition, management must test the operating effectiveness of controls. The testing objective is to determine whether the controls are operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively. Management's test results, which must also be documented, form the basis for management's assertion at the end of the fiscal year about the controls' operating effectiveness. Management must disclose any material weakness in internal control. Even if only one material weakness is present, management must conclude that the company's internal control over financial reporting is not effective. The SEC requires management to include its report on internal control in its annual Form 10-K report filed with the SEC

Inherent Limitations

Internal controls can never be completely effective, regardless of the care followed in their design and implementation. Even if management can design an ideal system, its effectiveness depends on the competency and dependability of the people using it.

Accountability

Management and the board of directors are responsible for communicating expectations and holding individuals accountable for internal control duties. The effectiveness of this process depends on the other subcomponents discussed above. For example, management must set the appropriate tone and put in place appropriate structures and reporting lines in order to hold individuals accountable. Incentives should be provided for employees to fulfill their internal control duties.

Managements Design of Internal Control

Management must evaluate whether the controls are designed and put in place to prevent or detect material misstatements in the financial statements. Management's focus is on controls that address risks related to all relevant assertions for all significant accounts, transactions, and disclosures in the financial statements. This includes evaluating how significant transactions are initiated, authorized, recorded, processed, and reported to identify points in the flow of transactions where material misstatements due to error or fraud could occur.

Establishing Internal Control

Management, not the auditor, must establish and maintain the entity's internal controls.

Auditor Responsibilities for Understanding Internal Control

One of the principles in AICPA auditing standards is that the auditor "identifies and assesses risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity's internal control."1 Auditing standards require the auditor to obtain an understanding of internal control relevant to the audit on every audit engagement. Auditors are primarily concerned about controls over the reliability of financial reporting and controls over classes of transactions.

Board of Director or Audit Committee Participation

The board of directors is essential for effective corporate governance because it has the ultimate responsibility to make sure management implements proper internal control and financial reporting processes. An effective board of directors is independent of management, and its members oversee management's activities. Although the board delegates responsibility for internal control to management, the board must exercise oversight of the design and performance of controls. An active and objective board can reduce the likelihood that management overrides existing controls.

Organizational Structure

The entity's organizational structure defines the existing lines of responsibility and authority. As shown in the COSO cube in Figure 11-2 (p. 347), the organizational structure can consist of the entity level, divisions, operating units, and functions within those units, and controls operate at each of these levels. By understanding the client's organizational structure, the auditor can learn the management and functional elements of the business and perceive how controls are implemented.

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework

The internal control framework used by most U.S. companies

Chart of accounts

a listing of all the entity's accounts that classifies transactions into individual balance sheet and income statement accounts

Internal control

a process designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: (1) reliability of reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations

Collusion

an act of two or more employees who conspire to steal assets or misstate records

Specific authorization

case-by-case approval of transactions not covered by companywide policies

General authorization

companywide policies for the approval of all transactions within stated limits

Entity-level controls

controls that have a pervasive effect on the entity's system of internal control; also referred to as company-level controls

General controls

controls that relate to all parts of the IT function and affect many different software applications

Application controls

controls typically at the business process level that apply to processing transactions, such as the inputting, processing, and outputting of sales or cash receipts

Independent checks

internal control activities designed for the continuous internal verification of other controls

In response, the exchanges will not list any security from a company with an audit committee that

is not comprised solely of independent directors. is not solely responsible for hiring and firing the company's auditors. does not establish procedures for the receipt and treatment of complaints (e.g., "whistleblowing") regarding accounting, internal control, or auditing matters. does not have the ability to engage its own counsel and other advisors. is inadequately funded.

Risk assessment

management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework

Monitoring

management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed

Control activities

policies and procedures, in addition to those included in the other four components of internal control, that help ensure that necessary actions are taken to address risks in the achievement of the entity's objectives; they typically include the following five specific control activities: (1) adequate separation of duties, (2) proper authorization of transactions and activities, (3) adequate documents and records, (4) physical control over assets and records, and (5) independent checks on performance

COSO principles

represent the fundamental concepts related to each of the five components of internal control; all principles must be functioning for controls to be effective

Section 404(b) of the Sarbanes-Oxley Act

requires that the auditor report on the effectiveness of internal control over financial reporting.

Separation of duties

separation of the following activities in an organization: (1) custody of assets from accounting, (2) authorization from custody of assets, (3) operational responsibility from record-keeping, and (4) IT duties from outside users of IT

Control environment(Umbrella)

the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity

Those charged with governance

the person(s) with responsibility for overseeing the strategic direction of the entity and its obligations related to the accountability of the entity, including overseeing the financial reporting and disclosure process

Information and communication

the set of manual and/or computerized procedures that initiate, record, process, and report an entity's transactions and maintain accountability for the related assets


Ensembles d'études connexes

NCLEX Questions & Explanations (PT 2)

View Set

Different Perspectives on Nationalism

View Set

PHARMACOLOGY PEDIATRIC FINAL HESI EVOLVE

View Set

First Semester Study Guide - AP Chem - Buck

View Set

Introduction to Computers Part 2

View Set