internal control and control self-assessment modern tools for modern times
TRANSCRIPT
Internal Control andControl Self-Assessment
Modern Tools for Modern Times
ORIGIN OF COSOCOMMITTEE OF
SPONSORING ORGANIZATIONS
(TREADWAY COMMISSION)
• AICPA Advisory Committee
• American Accounting Institute
• Institute of Internal Auditors
• Institute of Mgmt Accountants
• Financial Executives InstituteInternal Control - Integrated Framework
I N T E R N A L C O N T R O LIS A PEOPLE PROCESS
• O perations - Effective & Efficient • C ompliance with Laws & Regs• F inancial & Mgmt Reporting -
Reliable & Timely• S afeguard Assets
ACTIONS TAKEN BY MANAGEMENT & STAFFTO PROVIDE REASONABLE ASSURANCE
THAT AGENCY WILL ACHIEVE OBJECTIVES:
Internal Control - Integrated Framework
COSO IngredientsFIVE COMPONENTS
• Control Environment
• Risk Assessment
• Control Activities
• Information & Communication
• Monitoring
Internal Control - Integrated Framework
Control Environment• Sets the Tone of Organization
• Foundation for All Other Components
• Integrity, Ethical Values & Competence
• Management's Philosophy & Operating Style
• Assignment of Authority & Responsibility
• Organizational Structure
Internal Control - Integrated Framework
Risk Assessment
RISKS CAN GET IN THEWAY OF OBJECTIVES
• Precondition: Establishment of ObjectivesPrecondition: Establishment of Objectives
• Can Be External or InternalCan Be External or Internal• e.g. External - Vendor or Claimant Fraude.g. External - Vendor or Claimant Fraud• e.g. Internal - Computer Glitchese.g. Internal - Computer Glitches
• Relates Risks to Achievement of ObjectivesRelates Risks to Achievement of Objectives
• Determines How Risks Are to Be ManagedDetermines How Risks Are to Be Managed
Internal Control - Integrated Framework
Control Activities
• Policies & Procedures
• Actions Taken to Address Risks
• Includes Approval, Authorization, Verification, Reconciliation, Segregation of Duties
Internal Control - Integrated Framework
Information & Communication
• Must Be Timely & Relevant
• Can Be Operational, Financial or Compliance-Related
• Must Cover Internal & External Events
• Must Flow Down, Across & Up
• Must Involve External Parties
Internal Control - Integrated Framework
Monitoring & Evaluation
• Assess Quality Over Time
• Ongoing and/or Periodic Evaluations
• Occurs During the Normal Course of Business
• Scope & Frequency of Separate Evaluations Should Be Related to Risk & Effectiveness of Ongoing Monitoring
Internal Control - Integrated Framework