ACCTG 5510 1st Edition Lecture 8 Outline of Last Lecture I Types of Fraud II Conditions for Fraud III Risk Assessment Outline of Current Lecture I Internal Controls II COSO III SAS 65 Internal Auditors IV Understanding of Internal Controls V Differences in Test Work VI Control Deficiency s Current Lecture I Internal Controls a Policies and procedures designed and implemented by a company s board management and other personnel to provide reasonable assurance regarding achievement of certain objectives b Management Objectives concerning Internal Controls i Reliability of financial reporting GAAP ii Effectiveness and efficiency of the company s operations iii Compliance with laws and regulations c Process vs Controls i Processes are procedures that originate transfer or change accounting data e g cash collections preparing reconciliations ii Controls are procedures designed to prevent or detect errors resulting from the processing of accounting information iii If they generate errors they do not work correctly and need to be corrected II COSO These notes represent a detailed interpretation of the professor s lecture GradeBuddy is best used as a supplement to your own notes not as a substitute III a Components of COSO framework i Control Environment 1 The overarching component of the COSO framework Focuses on tone at the top as what sets the standards for ethical behavior within a company If upper management is not ethical staff more than likely won t see an issue with acting unethically either 2 What does the company s governance look like Is there an internal audit committee Commitment to competence ii Risk Assessment 1 Management must identify and analyze risk related to preparing the financial statements in order to minimize errors and potential for fraud to occur iii Control Activities 1 Relate mostly to the separation of duties within a company in the various departments to minimize the potential opportunity to commit fraud e g custody of assets authorization of transactions from custody of assets operations from record keeping 2 Are there adequate documents and records 3 Are there Independent checks on performance Is there supervision and review 4 Are there physical controls over assets and records Protection and security for assets needs to be in place iv Information Communication 1 Concerned with recording processing and reporting information through the use of the accounting information system v Monitoring 1 Management is responsible for the continuous review of all component of the COSO model 2 There is continuous assessment of the quality of the performance of the controls in place 3 Internal Audit is a big part of this and must consist of those independent of the company s operations b These components are geared towards management of companies SAS 65 Internal Auditors a They must be competent and objective and appropriately qualified in order of an external auditor to be able to rely on their work during an audit IV V VI b The external audits might delegate simple audit areas to the internal audits such as auditing a cash and then heavily review their work Understanding of Internal Controls a SAS 55 AS5 on both public and private audits the auditor must gain an understanding of internal controls and assess control risk b When auditing public companies the auditor must perform test over internal controls mostly through inspection and observation The process of inquiry inspection and observation is traditionally called a walkthrough i Documenting the internal controls generally con consist of questionnaires written narratives and or flowcharts c When auditing a private company if there are sufficient internal controls it allows the auditor to rely on these controls and reduce the amount of substantive testing done during the audit i If there are internal control deficiency s then the auditor informs management and must perform more substantive testing Differences in Test Work a Test of controls consist of attribute testing such as authorization safeguarding of assets and management review b Substantive testing consists of looking at internal and external documents for evidence of material misstatements Auditors confirm vouch trace and perform analytical procedures in substantive testing Control Deficiencies a Control Deficiency failure to prevent or detect errors in the accounting information reported Usually because the design of the processes in collecting accounting information was not adequate b Significant Deficiency less than material weakness but important enough to merit attention of those with oversight