Académique Documents
Professionnel Documents
Culture Documents
BSA – IV
Modifying Principles
Management Responsibility – This concept holds that the establishment and maintenance of a system of
internal control is management responsibility.
Methods of Data Processing – In this principle, the internal control should achieve the four broad
objectives regardless of the data processing method used.
4. Changing conditions – conditions may change over time so that existing effective
controls may become ineffectual.
PDC Model
Preventive Controls – passive techniques designed to reduce the frequency of occurrence of undesirable
events.
Detective Controls – devices, techniques, and procedures designed to identify and expose undesirable
events that elude preventive controls.
The COSO framework consists of five components: the control environment, risk assessment,
information and communication, monitoring, and control activities.
It is the foundation for the other four control components. It sets the tone for the organitation and
influences the control awareness of its management and employees.
SOX guidelines:
Risk Assessment
Organization must perform a risk assessment to identify, analyze, and manage risk relevant to
financial reporting.
The accounting information system consists of the records and methods used to initiate, identify,
analyze, classify, and record the organization’ss transactions and to account for the related assets and
liabilities.
Monitoring
It is the process by which the quality of internal control design and operation can be assessed.
This may be accomplished by separate procedures or by ongoing activities.
Control Activities
These are the policies and procedures used to ensure that appropriate actions are taken to deal
with the organization’s identified risks. It can be grouped into two distinct categories: physical controls
and information technology (IT) controls.
a. Physical Controls
This class of control relates primarily to the human activities employed in accounting
system.
b. IT Controls
Information technology drives the financial reporting processes of modern organizations.
Automated systems initiate, authorize, record, and report the effects of financial
transactions.
General control
They are so named because they are not application specific but, rather,
apply to all systems. General controls have other names in other frameworks,
including general computer controls and information technology controls.
SOX legislation dramatically expands the role of external auditors by mandating that they attest
to the quality of their client organizations’ internal controls. This constitutes the issuance of a separate
audit opinion on the internal controls in addition to the opinion on the fairness of the financial statements
SOX places responsibility on auditors to detect fraudulent activity and emphasize the importance
of controls designed to prevent or detect fraud that could lead to material misstatement of the financial
statements.