Académique Documents
Professionnel Documents
Culture Documents
2 The Effect of IT on Internal Control • Decide whether to test internal controls or not
• Perform tests of controls
3 Management Responsibility: The COSO Framework Testing • Perform substantive tests of transactions and balances
Phase • Assess the likelihood of material misstatement
4 Compensating Controls
• Review the presentation and disclosure assertions
• Determine whether the financial statements are prepared in accordance with the applicable financial
reporting framework
Decision • Issue audit report
Phase • Communicate with the audit committee
II. Risk Management and Internal Control Framework II. Risk Management and Internal Control Framework (Cont’d)
• Proper risk management and internal controls are important aspects • The board of directors is responsible for the company’s risk
of a company’s governance, management and operations. management and internal control systems. It should set
• Risk management focuses on identifying threats and opportunities appropriate policies on internal control and seek assurance
• Internal controls helps counter threats and takes advantage of that the systems are functioning effectively.
opportunities
• Proper risk management and internal control assist companies in • The board must also ensure that the system of internal control
making informed decisions about the level of risk that they want to manages risks and forms part of its corporate culture.
take and implement the necessary controls to effectively pursue Intended Outcome
their objectives. 9.0 Companies make informed decisions about the level of risk they want to
• Successful companies integrate effective governance structures and take and implement necessary controls to pursue their objectives.
processes with performance-focused risk management and internal The board is provided with reasonable assurance that adverse impact arising
control at every level of the company and across all operations from a foreseeable future or situation on the company’s objectives is
mitigated and managed.
© McGraw-Hill Education 2014 © McGraw-Hill Education 2014
6-5
II. Risk Management and Internal Control Framework (Cont’d) II. Risk Management and Internal Control Framework (Cont’d)
Practice: Guidance:
9.1 The board should establish an effective risk management and 9.1 The board should determine the company’s level of risk
internal control framework. tolerance and actively identify, assess and monitor key business
9.2 The board should disclose the features of its risk risks to safeguard shareholders’ investments and the company’s
management and internal control framework, and the adequacy assets. Internal controls are important for risk management and
and effectiveness of this framework. the board should be committed to articulating, implementing
9.3 The board establishes a Risk Management Committee, which and reviewing the company’s internal control framework.
comprises a majority of independent directors, to oversee the
company’s risk management framework and policies.
Guidance:
9.2 The board should, in its disclosure include:
• A discussion on how key risk areas such as finance, operations, regulatory The Effect of Information Technology on
compliance, reputation, cyber security and sustainability were evaluated
and the controls in place to mitigate or manage those risks. Internal Control
• In addition, it should state if the risk management framework adopted by
the company is based on an internationally recognised risk management
framework.
• Whether it has conducted an annual review and periodic testing of the
company’s internal control and risk management framework. This include
any insights it has gained from the review and any changes made to its
internal control and risk management framework arising from the review.
Where information is commercially sensitive and may give rise to
competitive risk, disclosure in general terms is acceptable.
© McGraw-Hill Education 2014 © McGraw-Hill Education 2014
6-6
Management Responsibility:
The COSO Framework
Objectives
Control Entity’s Risk Control
Environment Assessment Activities
Components
(what the
entity need to
do to meet its
objectives)
Components Description of Component Component Elements / Underlying Components Description of Component Component Elements / Underlying
Principles Principles
2. The entity’s risk • Risk assessment involves a 6) The organisation specifies 2. The entity’s • Management considers 8) The organisation considers the
assessment dynamic and iterative objectives with sufficient clarity to risk assessment possible changes in the potential for fraud in assessing
process process for identifying and enable the identification and process (cont’d) external environment risks to the achievement of
analysing risks to achieve assessment of risks relating to and within its own objectives
the entity’s objectives, objectives business model that may 9) The organisation identifies and
forming a basis for 7) The organisation identifies risks to impede its ability to assesses changes that could
determining how risks the achievement of its objectives achieve its objectives significantly impact the system
should be managed. across the entity and analyses of internal control
risks as a basis for determining
how the risks should be managed
Components Description of Component Component Elements / Underlying Components Description of Component Component Elements / Underlying
Principles Principles
3. Control • These are the actions 10) The organisation selects and 3. Control • Control activities are 12) The organisation deploys control
activities established by policies develops control activities that activities (cont’d) performed at all levels of activities though policies that
and procedures to help contribute to the mitigation of the entity and at various establish what is expected and
ensure that risks to the achievement of stages within business procedures that put policies into
management directives objectives to acceptable levels processes, and over the action
to mitigate risks to the 11) The organisation selects and technology environment
achievement of develops general control • Control activities include:
objectives are carried activities over technology to adequate
out. support the achievement of segregation of
objectives duties,
proper authorisation
of transactions and
activities,
Components Description of Component Component Elements / Underlying Components Description of Component Component Elements / Underlying
Principles Principles
3. Control adequate 4. Information and • Information is necessary 13) The organisation obtains or
activities (cont’d) documents and communication for the entity to carry out generates and uses relevant,
records, internal control quality information to support the
physical control over responsibilities in support functioning of other components
assets and records, of achievement of its of internal control
and objectives. 14) The organisation internally
independent checks communicates information,
on performance including objectives and
responsibilities for internal
control, necessary to support the
functioning of other components
of internal control
Components Description of Component Component Elements / Underlying Components Description of Component Component Elements / Underlying
Principles Principles
4. Information and • Communication occurs 15) The organisation communicates 5. Monitoring of • Ongoing evaluations, 16) The organisation selects,
communication both internally and with external parties regarding controls separate evaluations or develops and performs ongoing
(Cont’d) externally and provides matters affecting the functioning some combination of the and/or separate evaluations to
the organisation with the of other components of internal two are used to ascertain ascertain whether the
information needed to control whether each of the 5 components of internal control
carry out day-to-day components of internal are present and functioning
internal control activities. control, including 17) The organisation evaluates and
Communication enables controls to effect the communicates internal control
personnel to understand principles within each deficiencies in a timely manner
internal control component, are present to those parties responsible for
responsibilities and their and functioning. taking corrective action,
importance to the including senior management
achievement of and those charged with
objectives governance, as appropriate
New accounting
Corporate pronouncements New business models,
restructuring International growth
products or activities
Learning Outcomes