IMPORTANCE OF

INTERNAL CONTROL

* Chapter 3. Internal
Control Framework: COSO

.
Brinks Modern Internal Audit, Robert Moeller 7th Edition
*Understanding, implementing, evaluating and assessing
effective multiple level of internal controls is a basic
principle of internal auditing.

*What is good Internal Controls? and what are the

basic standards or concepts of Internal Controls?

*INTRODUCTION
.
* The Institute of Internal Auditors (IIA) International
Standards for the Practice of Internal Auditing, define
Controls as:
Any action taken by management, the board,
and other parties to manage risk and increase
the likelihood that established objectives and
goals will be achieved. Management plans,
organizes, and directs the performance of
sufficient actions to provide reasonable
assurance that objectives and goals will be
achieved.

* Internal Control
Framework .
* In 1934 SEC Act was enacted and right away it released SAS
No. 01 for external audit. It defined Internal Control :
...comprises the plan of enterprise and all of the
coordinate methods and measures adopted with a
business to safeguard its assets, check the accuracy
and reliability of its accounting data, promote
operational efficiency, and encourage adherence to
prescribed managerial policies.

* History of Internal
Controls Concepts .
* SAS # 01 had limited concepts in a way that it only
provide concepts of Administrative Controls
[Authorization] and Accounting Controls [Records].
* [Accounting control] comprises the plan of
enterprise and the procedures and records that are
concerned with the safeguarding of assets and the
reliability of financial records and consequently are
designed to provide reasonable assurance that:
a. Transactions are executed in accordance with
managements general or specific
authorization.

* History of Internal
Controls Concepts .
b. Transactions are recorded as necessary (1) to permit
preparation of financial statements in conformity with
generally accepted accounting principles or any other
criteria applicable to such statement and (2) to maintain
accountability for assets.
c. Access to assets is permitted only in accordance with
managements authorization.
d. The recorded accountability for assets is compared with
the existing assets at reasonable intervals and appropriate
action is taken with respect to any differences.

* History of Internal
Controls Concepts .
* In 1974 AICPA formed a high level of Commission called
COHEN Commission recommended that that a statement on
the condition of an enterprises internal controls should be
required along with their financial statements. Again the
issue was raised that management did not have a consistent
definition of internal control.

* History of Internal
Controls Concepts .
* The Financial Executives International [FEI] endorsed the
Cohen Commissions internal controls recommendations and
agreed that corporations should report on the status of their
internal accounting controls, including comments stating that
management, through its internal auditors, periodically
assessed the quality of its internal controls. Negative
Assurance = No problems found

* History of Internal
Controls Concepts .
* What drive the SECs registered companies to look further
definition of good Internal Control? :
In 1977 Foreign Corruption Practice Act [FCPA] was enacted
and prohibited bribes to foreignnon-U.S.officials and
also contained provisions requiring the maintenance of
accurate books and records as well as systems of
internal accounting control.

* History of Internal
Controls Concepts .
*Interpreting the 1977 FCPA, it provided to the
SEC s registered companies an unspesified
Internal Control definition but it provided the
companies with the responsibility to have a
good internal control.

* History of Internal
Controls Concepts .
* FCPA interpreted that a registered company has good internal control if
the that company:
Make and keep books, records, and accounts, which, in
reasonable detail, accurately and fairly reflect the
transactions and dispositions of the assets of the issuers.
Devise and maintain a system of internal accounting controls
sufficient to provide reasonable assurances that:
Transactions are executed in accordance with
managements general or specific
authorization.

* History of Internal
Controls Concepts .
 Transactions are recorded as necessary
both to permit the preparation of
financial statements in conformity with
generally accepted accounting principles
(GAAP) or any other criteria applicable to
such statements, and also to maintain
accountability for assets.
Access to assets is permitted only in accordance with
managements general or specific authorization.
The recorded accountability for assets is compared with the
existing assets at reasonable intervals, and appropriate action is
taken with respect to any differences.

* History of Internal
Controls Concepts .
* Fact: The FCPA emphasized the importance of effective
internal controls even though there was no consistent
definition of internal controls at that time.
* Fact: The FCPA was an important first step for helping
enterprises to think about the need for effective internal
controls, even though there were no guidelines or standards
over the FCPAs systems documentation requirements.

* History of Internal
Controls Concepts .
* Fact: In the late 1970s, external auditors only reported that
an enterprises financial statements were fairly
presented; there was no mention of the adequacy of the
internal control procedures supporting those audited
financial statements.

* History of Internal
Controls Concepts .
* In 1985 SAS No. 55 was enacted. SAS No. 55, Consideration of
the Internal Control Structure in a Financial Statement Audit,
was another new standard that defined internal control in
terms of three key elements:
* 1. Control environment
* 2. Accounting system
* 3. Control procedures

* History of Internal
Controls Concepts .
* In
the early 1980 National Commission on Fraudulent Financial
Reporting was formed due to the facts of many fraudulent FS
was issued in US.
* The National Commission on Fraudulent Financial Reporting
came to be called the Treadway Commission after the name of
its chairperson.

* History of Internal
Controls Concepts .
* Itsmajor objectives were to identify the causal factors that
allowed fraudulent financial reporting and to make
recommendations to reduce their incidence.
* In 1987 The Treadway Commission issued its final report.

* History of Internal
Controls Concepts .
*The Final Reports described management reports on the
effectiveness of internal control systems and
emphasized key elements in what it felt should be a
system of internal control, including a strong control
environment, codes of conduct, a competent and
involved audit committee, and a strong internal audit
function.

* History of Internal
Controls Concepts .
*Facts: The Treadway Commission report again pointed
out the lack of a consistent definition of internal control,
suggesting further work was needed.

* History of Internal
Controls Concepts .
*In the mid 1980s The five professional auditing and
accounting organizations that formed a committee
COSO [Committee of Sponsoring Organizations]then
released an internal control report, with the official
title Internal ControlIntegrated Framework.

* History of Internal
Controls Concepts .
*The final COSO internal controls report was
released in September 1992.

*COSO
.
* COSO provides an excellent description of this
multidimensional concept of internal controls, defining
internal control in this way:
Internal control is a process, affected by an
entitys board of directors, management, and other
personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following
categories:
* Effectiveness and efficiency of operations
* Reliability of financial reporting
* Compliance with applicable laws and regulations

*COSO .
*COSO Internal Control
Framewok

.
*The top of the framework cube covers the
three dimensions of all internal controls:
Reliability of financial reporting
Compliance with applicable laws and regulations
Effectiveness and efficiency of operations
*The right-side dimension covers entities or
activities

.
* 5 Elements of COSO Internal Control:
1) The control environment
2) The entity's risk assessment process
3) Control activities
4) The Information System and
Communications
5) Monitoring of controls

* COSO Internal
Control Framewok .
*Control environment includes the governance
and management functions and the attitudes,
awareness and actions of those charged with
governance and management concerning the
entity's internal control and its importance in
the entity.

* COSO Internal
Control Framewok .
COSO Internal Control Framewok

.
*Risk Assessment emphasized on a three-step
process:
Estimate the significance of the risk.
Assess the likelihood or frequency of the risk
occurring.
Consider how the risk should be managed and
assess what actions must be taken.

* COSO Internal
Control Framewok .
*Control Activities are those policies and procedures
that help ensure that management directives
arecarried out.
*Control Activities include Segregation of duties which
it implies a number of people being involved in the
accounting process. This makes it more difficult for
fraudulent transactions to be processed (since a
number of people would have to collude in the fraud)

* COSO Internal
Control Framewok .
COSO Internal Control Framework

.
*The Communication and Information System. An
enterprise needs information at all levels to achieve
its operational, financial, and complianceis a
component of internal control, that includes the
financial reporting system, and consists of the
procedures and records established to initiate,
record, process and report entity transactions and to
maintain accountability for the related assets,
liabilities and equity.

* COSO Internal
Control Framewok .
* Quality of Communication:
*External Communications
*Internal Communications
*Means and Methods of Communications
An entity with a long and rich history of
operating with integrity, and whose culture is
well understood by people through the
enterprise, will likely find little difficulty in
communicating its message. An entity without
such a tradition will likely need to put more
into the way the messages are communicated

* COSO Internal
Control Framewok .
* Quality of Information
*The content of reported information is
appropriate.
*The information is timely and available
when required.
*The information is current or at least the
latest available.
*The data and information are correct.
*The information is accessible to appropriate
parties.
* COSO Internal
Control Framewok .
*Monitoring of controls is a process to assess the
effectiveness of internal control performance
over time. It includes assessing the design and
operation of controls on a timely basis and
taking necessary corrective actions modified for
changes in conditions.

* COSO Internal
Control Framewok .
* Ongoing Monitor Activities:
* Operating management normal functions.
Normal management reviews over operations and
financial reports constitute an important ongoing
monitoring activity.
* Communications from external parties. This
element of monitoring is closely related to the
component of communication from external
parties discussed earlier.

* COSO Internal
Control Framewok .
* Ongoing Monitor Activities includes:
* Enterprise structure and supervisory activities. While senior
management should always review summary reports and take
corrective actions, the first level of supervision and the related
enterprise structure often plays an even
* Physicalinventories and asset reconciliation. Periodic physical
inventories, whether of storeroom stock, negotiable securities,
or other assets, are an important monitoring activity.

* COSO Internal
Control Framewok .
*Separate Internal Control Evaluation.
While COSO internal control points out the importance
of ongoing monitoring activities to support the internal
control framework, it also suggests that it may be
useful to take a fresh look from time to time at the
effectiveness of internal controls through separate
evaluations.

* COSO Internal
Control Framewok .
* Separate Internal Control Evaluation includes:
*Internal Control Evaluation Process
*Evaluation Action Plans

* COSO Internal
Control Framewok .
Reporting Internal Control Deficiencies.
*Whether internal control deficiencies are
identified through processes in the internal control
system itself, through monitoring activities, or
through other external events, they should be
reported to appropriate levels of enterprise
management.

* COSO Internal
Control Framewok .
* COSO Framework had been evolved in 2013 and
in 2014 there were revision to the COSO
intergrated framework.
* COSO 2014
* The changes were insignificantly applied to the
whole aspects within the 2014 COSO
framework. The elements are still the same
but the procedures within those elements were
revised.

* The Evolvement of COSO

.
*

.
*Robert Moeller, Brinks Modern Internal Auditing
A Common Body of Knowledge, John Willey and
Sons, 7th Edition, 2009

*Bibliography
.