Chapter 4
IDENTIFYING RISKS
AND CONTROLS
IN BUSINESS
PROCESSES
Internal Control and
Accountants’ Roles
Accountants as
Managers –
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
 Management to prepare a
statement describing and
assessing the company’s
internal control system
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
 Annual reports of public
companies to include:
(1) a statement that
management is
responsible for internal
controls over financial
reporting,
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
 Annual reports of public
companies to include:
(2) a statement
identifying the
framework used by
management to
evaluate internal
controls,
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
 Annual reports of public
companies to include
(3) an assessment of
internal controls and
disclosure of any
material weaknesses,
and
Internal Control and
Accountants’ Roles
Sarbanes-Oxley Act of 2002
and Standard No. 2 of the
Public Company Accounting
Oversight Board (PCAOB)
requires:
 Annual reports of public
companies to include:
(4) a statement that a
public accounting firm
has issued an
attestation report on
management’s
assessment of internal
control.
Internal Control and
Accountants’ Roles
Accountants as
Users –
Must understand a
company’s internal
controls to apply them
correctly.
Internal Control and
Accountants’ Roles
Accountants as
Designers of internal
control procedures –
Must understand a
company’s internal
controls in working to
achieve to compliance
with regulations and
company objectives and
to minimize risks
Internal Control and
Accountants’ Roles
Accountants as
Evaluators – must understand
internal control systems to:
 Help develop management’s
report that assesses
internal controls (as
internal auditors)
 Prepare an attestation to
management’s statement
about internal control (as
external auditors)
 Conduct the audit of a
company’s financial
statements (as external
auditors)
Framework for Studying
Internal Control



Components of internal
control (the COCO
Report)
Internal control
objectives
Risk assessment
Framework for Studying
Internal Control
The COSO Report:
 5 interrelated
components of internal
control:
 Control environment
 Risk assessment
 Control activities
 Information and
communication
 Monitoring
Internal Control
Components and
Objectives
Internal control:
 Execution objectives –
2 execution objectives for
the revenue cycle:
 Ensure proper delivery of
goods and services
 Ensure proper collection
and handling of cash
2 execution objectives for
the acquisition cycle:
 Ensure proper receiving of
goods and services
 Ensure proper payment
and handling of cash
Internal Control
Components and
Objectives
Internal control:
 Information system
objectives  Focus on recording,
updating, and reporting
accounting information
 Important for ensuring
effective execution of
transactions
Internal Control
Components and
Objectives
Internal control:
 Asset protection
objectives  Focus on safeguarding
assets to minimize risk
of theft or loss of
assets
Internal Control
Components and
Objectives
Internal control:
 Performance objectives –
 Focus on achieving
favorable performance
of an organization,
person, department,
product, or service
 Established to ensure
effective operations
KEYTERMS







Application controls
Control activities
Control environment
Execution risk
General controls
Information system risks
Input controls
KEYTERMS







Internal controls
Performance reviews
Recording risks
Risk assessment
Segregation of duties
Update risks
Workflow controls