Understanding Internal Controls and the COSO Framework

Slide Note
Embed
Share

Internal controls play a vital role in organizations, providing reasonable assurance on achieving objectives. The COSO framework outlines the five integrated components of internal control, emphasizing the importance of control environment, risk assessment, control activities, information, and monitoring. Management holds a fundamental responsibility in developing and maintaining effective internal controls to ensure effectiveness, efficiency, safeguarding of assets, and compliance. Internal controls are dynamic and adaptable processes built into operations, aimed at preventing risks and ensuring reliability and transparency in reporting.


Uploaded on Aug 09, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Internal Controls Agenda: Basics of Internal Controls what are they? COSO framework Practical applications to your current processes 1

  2. Internal Control Basics What are internal controls? 2

  3. Connect What are you trying to achieve? Objectives What might thwart our efforts? Risks How can we manage risk? Controls 3

  4. Internal Control INTERNAL CONTROL is a process, effected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to: Effectiveness Efficiency Safeguarding assets Operations Reliability Timeliness Transparency Reporting Compliance With regulatory environment Management has a fundamental responsibility to develop and maintain effective internal control. 4

  5. Internal Control INTERNAL CONTROLS are Built into operations Not one single event Dynamic Continuous Only you can prevent forest fires Effected by people Able to provide reasonable assurance Not absolute assurance To the entire entity or to a particular division, business process, etc. Adaptable 5

  6. COSO Framework What are the five integrated components of internal control? 6

  7. Updated COSO Framework At all levels of the organization The COSO cube 5 integrated components 7

  8. COSO cube 5 Integrated Components Control Environment for Financial Reporting E ntity-Level C ontrols C ontrol E nvironment Fraud C ontrols, including C ontrols O ver Management O verride R isk Assessment and R elated Policies Monitoring C ontrols Financial Statement C lose Process Information Systems Financial Statements Transactions C ontrol Activities, Including Fraud C ontrols 8

  9. COSO cube 5 Integrated Components Risk assessment should occur at the business process level as well as the entity level. Four Primary Factors Grading Filter 1. Materiality of the amounts Large dollars/transaction High volume of transactions Significant impact on key ratios or disclosures 2. Complexity of the process Limited internal skills Multiple data handoffs Highly technical in nature 3. History of accounting adjustments Accounting errors Valuation adjustments, etc. 4. Propensity for change in Business processes or controls Related accounting Process-level Risk Assessment Risk Assessment High Medium Low 9

  10. COSO cube 5 Integrated Components Risk Mapping Consider the organization s risk tolerance and risk appetite related to the risk response IV 1 III Impact 2 II I Impact (I) A B C D E F Likelihood (L) LOW MODERATE HIGH Impact: I Marginal; II Material; III Severe; IV Catastrophic Likelihood: A Almost Impossible ; B Remote; C Low; D Reasonably possible; E Probable; F Very High 10

  11. COSO cube 5 Integrated Components Risk Strategies Mitigation Improve controls to reduce likelihood/impact Transfer Avoidance Do not proceed! Shift responsibility to an external party Creation Seek risk activities strategically to maximize opportunities Acceptance Accept the risk! 11

  12. COSO cube 5 Integrated Components Preventive Control Prevents the occurrence of a negative event in a proactive manner Examples: Approval for purchase > $5,000 Passwords for access to Banner Petty cash held in lockbox Security and surveillance systems Pre-numbered checks Detective Control Detect the occurrence of a negative event after the fact in a reactive manner Examples: Supervisor review & approval Report run showing user activity Reconcile petty cash Physical inventory count Review missing/voided checks 12

  13. COSO cube 5 Integrated Components Control Activities If a weakness or limitation exists within the control environment, a compensatingcontrol may be relied upon to mitigate the risk Can be preventive or detective Example: A unit does not have the staff resources to establish an adequate segregation of duties. Potential compensating controls could include: o Automation of certain transaction data that cannot be altered by the staff o Manager review of detailed summary reports of the transactions initiated by the staff o Peer staff and/or manager selects a sample of transactions and vouches back to supporting documentation 13

  14. COSO cube 5 Integrated Components Control Activities Require action to be taken by employees, e.g., Obtain supervisor s approval for overtime Reconcile bank accounts Match receiving to POs Built into network infrastructure and software applications, e.g., Passwords Data entry validation checks Batch controls Manual Control Automated Control 14

  15. COSO cube 5 Integrated Components 4. Information and Communication Information is necessary to carry out internal control responsibilities to support achievement of objectives Communication: the continual, iterative process of providing, sharing, and obtaining necessary information Internal and external Information should be timely, accessible, and allow for successful control actions Key: To communicate the right information to the right people at the right time 15

  16. COSO cube 5 Integrated Components Information & Communication Things to communicate: Initiatives Goals Changes Opportunities Feedback Questions Answers Policies Procedures Standards Expectations 16

  17. COSO cube 5 Integrated Components Testing Control Processes Identify transactions to be tested key controls applicable standards to test the transactions (i.e., criteria to judge compliance effectiveness) Determine appropriate type of testing extent of testing Create test plan Conduct tests for effectiveness Document testing and results Assess test results Communicate findings, recommendations 17

  18. Practical Implications How can you incorporate internal controls within your current processes? 18

Related


More Related Content