Acct 230 1st Edition Lecture 13Outline of Last Lecture II. Exam ReviewOutline of Current Lecture III. Internal ControlsIV. CashCurrent LectureII. Internal Controlsa. Definition: To minimize occupational fraud, companies implement formal procedures known as internal controls. These represent a company’s plan to (1) safeguard the company’s assets and (2) improve the accuracy and reliability of accounting information.b. Impact of Accounting Scandals and the Passage of the Sarbanes-Oxley Acti. Managers are entrusted with the resources of both the company’s lenders (liabilities) and owners (stockholders' equity). ii. Managers of the company act as stewards or caretakers of the company’s assets. iii. In recent years some managers have shirked their ethical responsibilities. iv. In many cases, top executives misreported accounting information to cover up their company’s poor operating performance and hoped to fool investors into overvaluing the company’s stock.v. What is the Sarbanes-Oxley Act?1. Congress passed the Sarbanes-Oxley Act, also known as the PublicCompany Accounting Reform and Investor Protection Act of 2002 and commonly referred to as SOX.2. Major Provisions:a. Oversight board. The Public Company Accounting Oversight Board (PCAOB) has the authority to establish standards dealing with auditing, quality control, ethics, independence, and other activities relating to the preparation of audited financial reports. The board These notes represent a detailed interpretation of the professor’s lecture. GradeBuddy is best used as a supplement to your own notes, not as a substitute.consists of five members who are appointed by the Securities and Exchange Commission. b. Corporate executive accountability. Corporate executives must personally certify the company’s financial statementsand financial disclosures. Severe financial penalties and thepossibility of imprisonment are consequences of fraudulent misstatement.c. Nonaudit services. It’s unlawful for the auditors of public companies to also perform certain nonaudit services, such as consulting, for their clients. d. Retention of work papers. Auditors of public companies must retain all work papers for seven years or face a prisonterm for willful violation.e. Auditor rotation. The lead auditor in charge of auditing a particular company (referred to as the audit partner ) mustrotate off that company within five years and allow a new audit partner to take the lead.f. Conflicts of interest. Audit firms are not allowed to audit public companies whose chief executives worked for the audit firm and participated in that company’s audit during the preceding year.g. Hiring of auditor. Audit firms are hired by the audit committee of the board of directors of the company, not by company management. h. Internal control. Section 404 of the act requires that company management document and assess the effectiveness of all internal control processes that could affect financial reporting and (b) that company auditors express an opinion on whether management’s assessment of the effectiveness of internal control is fairly stated.c. Components, Responsibilities, and Limitations of Internal Controli. From a financial accounting perspective, internal control is a company’s plan to:1. Safeguard the company’s assets. 2. Improve the accuracy and reliability of accounting information3. Effective internal control builds a wall to prevent misuse of company funds by employees and fraudulent or errant financial reportingii.1. Methods for collection of relevant information and communication in a timely manner, enabling people to carry out their responsibilities.2. A framework for designing an internal control system was provided by the Committee of Sponsoring Organizations (COSO) ofthe Treadway Commission. Formed in 1985, COSO is dedicated to improving the quality of financial reporting through, among other things, effective internal controls. 3. COSO suggests that internal control consists of five interrelated components:a. Control Environment: sets the overall ethical tone of the company with respect to internal control. It includes formal policies related to management’s philosophy, assignment of responsibilities, and organizational structure.b. Risk Assessment: identifies and analyzes internal and external risk factors that could prevent a company’s objectives from being achieved.c. Monitoring: includes formal procedures for reporting control deficiencies.d. Control Activities:are the policies and procedures that help ensure that management’s directives are being carried out. The two general types of control activities are:i. Detective controls designed to detect errors or fraud that already have occurred; Examples: Separation of duties, Physical controls, Proper authorization, Employee managementii. Preventive controls designed to keep errors or fraud from occurring in the first place. Examples: Reconciliations, Performance reviewse. Information and Communication: depend on the reliabilityof the accounting information system itself.iii. Responsibilities for Internal Control1. Everyone in a company has an impact on the operation and effectiveness of internal controls, but the top executives are the ones who must take final responsibility for their establishment and success.2. The CEO and CFO sign a report each year assessing whether the internal controls are adequate. Section 404 of SOX requires not only that companies document their internal controls and assess their adequacy, but that the company’s auditors provide an opinion on management’s assessment. 3. A recent survey by the Financial Executives Institute of 247 executives reports that the total cost to a company of complying with Section 404 averages nearly $4 million.4. The Public Company Accounting Oversight Board (PCAOB) further requires the auditor to express its own opinion on whether the company has maintained effective internal control over financial reporting. iv. Limitations of Internal Control1. Unfortunately, even with the best internal control systems, financial misstatements can occur. While better internal control systems will more likely detect operating and reporting errors, no internal control system can turn a bad employee into a good one.2. Collusion occurs when two or more people act in coordination to circumvent internal controls. Most fraud cases fall into this category. Fraud cases that involve collusion are typically several times more