Chapter 4
IDENTIFYING RISKS
AND CONTROLS
IN BUSINESS
PROCESSES
Internal Control and
Accountants’ Roles
Accountants as
Managers –
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
Management to prepare a
statement describing and
assessing the company’s
internal control system
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
Annual reports of public
companies to include:
(1) a statement that
management is
responsible for internal
controls over financial
reporting,
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
Annual reports of public
companies to include:
(2) a statement
identifying the
framework used by
management to
evaluate internal
controls,
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
Annual reports of public
companies to include
(3) an assessment of
internal controls and
disclosure of any
material weaknesses,
and
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
Annual reports of public
companies to include:
(4) a statement that a
public accounting firm
has issued an
attestation report on
management’s
assessment of internal
control.
Internal Control and
Accountants’ Roles
Accountants as
Users –
Must understand a
company’s internal
controls to apply them
correctly.
Internal Control and
Accountants’ Roles
Accountants as
Designers of internal
control procedures –
Must understand a
company’s internal
controls in working to
achieve to compliance
with regulations and
company objectives and
to minimize risks
Internal Control and
Accountants’ Roles
Accountants as
Evaluators – must understand
internal control systems to:
Help develop management’s
report that assesses
internal controls (as
internal auditors)
Prepare an attestation to
management’s statement
about internal control (as
external auditors)
Conduct the audit of a
company’s financial
statements (as external
auditors)
Framework for Studying
Internal Control
Components of internal
control (the COCO
Report)
Internal control
objectives
Risk assessment
Framework for Studying
Internal Control
The COSO Report:
5 interrelated
components of internal
control:
Control environment
Risk assessment
Control activities
Information and
communication
Monitoring
Internal Control
Components and
Objectives
Internal control:
Execution objectives –
2 execution objectives for
the revenue cycle:
Ensure proper delivery of
goods and services
Ensure proper collection
and handling of cash
2 execution objectives for
the acquisition cycle:
Ensure proper receiving of
goods and services
Ensure proper payment
and handling of cash
Internal Control
Components and
Objectives
Internal control:
Information system
objectives Focus on recording,
updating, and reporting
accounting information
Important for ensuring
effective execution of
transactions
Internal Control
Components and
Objectives
Internal control:
Asset protection
objectives Focus on safeguarding
assets to minimize risk
of theft or loss of
assets
Internal Control
Components and
Objectives
Internal control:
Performance objectives –
Focus on achieving
favorable performance
of an organization,
person, department,
product, or service
Established to ensure
effective operations
KEYTERMS
Application controls
Control activities
Control environment
Execution risk
General controls
Information system risks
Input controls
KEYTERMS
Internal controls
Performance reviews
Recording risks
Risk assessment
Segregation of duties
Update risks
Workflow controls
0
