Matakuliah Tahun : Manajemen Kinerja Sistem Komputer : Feb - 2010 04. Internal Control Over Transactions Pertemuan 07-08 04. Internal Control over Transactions 01. Internal Control Concepts Figure 4.1 To illustrate what is included in internal control, figure 4.1 shows management's activities divided into two groups : management decision processes and internal control. Figure 4.2 • Figure 4.2 shows a conceptual diagram of the expected decision error cost and risk premium decreasing with increasing internal control "quality". • Figure 4.2 also shows internal control operating costs rising as internal quality increases. Figure 4.3 • Figure 4.3 shows the vice presidents for Operations, Marketing, and Human resources having primary authorization duties, authorization acquisition, production, and sale of goods and services comprising the core process of the firm. The FCPA incorporates four important requirements for internal controls regarding accounting information : • Transactions are executed in accordance with management's general or specific Authorization. • All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts, and in the proper accounting period so as to permit preparation of financial statements in accordance with GAAP. • Access to assets and records is permitted in accordance with management 's authorization. • Recorded assets are compared with existing assets at reasonable intervals and appropriate action is taken regarding any differences. 02. COSO Internal Control Framework 03. Two Examples: Materials Acquisition and Derivatives Materials Acquisition. • Traditional Processes. – Figure 4.4 diagrams traditional business processes and measurement and compliance processes for a producer (your company) and its supplier. • Re-engineered Processes – Figure 4.5 diagrams material acquisition for re-engineered processes based on a business or alliance with the supplier, electronic data interchange (EDI), and enterprise software. Derivatives Figure 4.6 shows five parties within the firm, the outside (counter) party with whom interest payments are exchanged, and the underlying basis information (LIBOR) that fluctuates over time. 04. Financial Misstatements: Errors and Fraud Three broad categories of Misstatement : • • • 1. Errors by employees or management -- accidental misstatement in sensing measurement, classification, or calculation, or omission from display. 2. Misappropriation fraud -- intentional misstatement of recorded amounts by employees, ordinarily accompanied by theft of company assets such us cash, inventory, or fixed assets. 3. Misrepresentation fraud -- internal overstatement of record assets, understatement of record liabilities, or useof improper accounting methods or biased accounting estimates with the intent of overstating a performance measure such us net income or an activity base such as total assets or equity. Figure 4.7 • Figure 4.7 classifies each as to intent , person (s) responsible, whether assets are missing, and expected effect on net assets and net income. Internal Control Design In concept, the most important single control against error and both types of fraud is the initial recording of assets as they are acquired by the firm, such us revenues due the firm for a sale on account. Empirical data on Fraud. • Aggregate data to evaluate the seriousness of accidental data processing mistakes are difficult to obtain. • Empirical data on the relative incidence and magnitude of employee fraud are also limited. • The KPMG survey also shows that poor internal controls were the most frequently mentioned factor allowing frauds to occur (about 60 percent), while factors affecting inherent limitations of internal control reliance by management were also important. 05. Informing Yourself about Internal Control Internal Auditors • For your own company, you can hire an internal auditor to act as your monitoring agent. • Monitoring activities by internal auditors are an especially important part of internal control because of the investigative competence and independent point of view that internal auditors can bring to the evaluation of business processes. • Figure 4.3 showed the internal auditor reporting to the president and chief executive officer. External Auditors • You can also obtain information about the effectiveness of internal control in your own firm from your external auditor hired to audit your financial statement. 06. An Internal Information Risk Model Stringency Management's objectives regarding internal control are likely to be more stringent than those of outsider. – As an example , external auditors are responsible for detecting and correcting material misstatements where "material" might be 5 to 10 percent of the firm's earnings. – From management's prospective, an error of 1 percent or even 0.5 percent of earnings might be important enough to initiate follow-up actions.