Definition of Internal controls: a process, effected by an entity’s board of directors management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (A) reporting, (B) operations, and (C) compliance.
5 Components of Internal Control: (a) control environment (b) risk assessment (c) control activities (d) information and communication and (e) monitoring.
Control environment: factors set the tone of an organization, influencing the control consciousness of its people.
Seven Control environment factors: I- Integrity and ethical values, C- commitment to competence, H-Human resource policies and practices, A- assignment of authority and responsibility, M-Management’s philosophy and operating style, B- board of directors or audit committee participation, O-organizational structure.
Risk Assessment: identification, analysis, and management of risks relevant to the preparation of financial statements following GAAP, such as: (1) Changes In the operating environment (2) New personnel (3) New information systems (4) Rapid growth (5) New technology (6) New lines products, or activities (7) Corporate restructuring (8) Foreign operations (9) Accounting pronouncements
Control Activities: composed of the various policies and procedures that help ensure that necessary actions are taken to address risks to achieving the entity’s objectives which include: (P)- performance reviews (I)- Information processing (P)-Physical controls (S) Segregation of duties.
Information and communication: includes the accounting system, consisting of methods and records established to record process, summarize, and report entity transactions and to maintain accountability of the relate assets and liabilities.
Information and communication transaction goal accomplishments: (1) Identify and record all valid transactions (2) Describe on a timely basis (3) measure the value properly (4) Record in the proper time period (5) Properly present and disclose (6) Communicate responsibilities to employees
Monitoring: assess the quality of internal control performance over time. They may be ongoing, separate evaluations, or a combination of thereof.
Limitations of Internal Controls: (1) Human judgment in decision making can be faulty (2) Breakdowns can occur because of human failures such as simple errors or mistakes (3) Controls whether manual or automated can be circumvented by collusion (4) Management has the ability to override internal control (5) Cost constraints (6) Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents
Foreign Corrupt Practices Act: passed by Congress in 1977 with provisions (1) Requiring every corporation registered under SEC to maintain a system of strong internal accounting control (2) Requiring corporations to maintain accurate books and records and (3) making it illegal for individuals or business entities to make payments to foreign officials to secure business.
Committee of Sponsoring Organizations (COSO): composed of representatives from various professional organizations. Its mission to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designated to improve organizational performance and governance and to reduce the extent of fraud in organizations.
Sarbanes-Oxley Act of 2002 (Sox) Section 302: Makes officers responsible