Internal Control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives.
lunes, 2 de agosto de 2010
COSO defines internal control as having five components
- Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
- Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed
- Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
- Control Activities-the policies and procedures that help ensure management directives are carried out.
Roles and responsibilities in internal control
Management
Board of Directors
Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfill their board responsibilities.
Auditors
Limitations
Effective internal control implies the organization generates reliable financial reporting and substantially complies with the laws and regulations that apply to it. However, whether an organization achieves operational and strategic objectives may depend on factors outside the enterprise, such as competition or technological innovation.
Describing Internal Controls and Objective categorization
Internal controls may be described in terms of:
Objetives:
- the objective they pertain to
- the nature of the control activity itself.
Objetives:
- Existence (Validity): Only valid or authorized transactions are processed.
- Occurrence (Cutoff): Transactions occurred during the correct period or were processed timely.
- Completeness: All transactions are processed that should be (i.e., no omissions)
- Valuation: Transactions are calculated using an appropriate methodology or are computationally accurate.
Activity categorization
Segregation of duties - separating authorization, custody, and record keeping roles to limit risk of fraud or error by one person. Authorization of transactions - review of particular transactions by an appropriate person. Supervision or monitoring of operations - observation or review of ongoing operational activity.
Physical safeguards - usage of cameras, locks, physical barriers, etc. to protect property, such as merchandise inventory. IT Security - usage of passwords, access logs, etc. to ensure access restricted to authorized personnel. Top level reviews-Management review of reports comparing actual performance versus plans, goals, and established objectives.
Physical safeguards - usage of cameras, locks, physical barriers, etc. to protect property, such as merchandise inventory. IT Security - usage of passwords, access logs, etc. to ensure access restricted to authorized personnel. Top level reviews-Management review of reports comparing actual performance versus plans, goals, and established objectives.
Control Precision and Consequences of Poor Internal Control
Precision is distinct from sufficiency; that is, multiple controls with varying degrees of precision may be involved in achieving a control objective or mitigating a risk.
- Theft and fraud.
- Wrong decisions made.
- Action not taken in time to correct problems.
- Poor decisions taken for the business.
- Lack of resources allocated to correct any business situation.
Some results of poor internal controls include:
Suscribirse a:
Comentarios (Atom)