Академический Документы
Профессиональный Документы
Культура Документы
1
7/23/2012
2
7/23/2012
Bank of Credit
and
Commerce
International
Barings Bank
Maxwell
Communications
7/23/2012 Internal Control System 6
3
7/23/2012
Corporate Governance
PROACTIVE
7/23/2012 Internal Control System 7
abs-cbnNEWS.com
(August 20, 2010)
7/23/2012 8
4
7/23/2012
Inaccurate Financial
Missing Documents
Reports
5
7/23/2012
• COSO
• CoCo
• Cadburry Report
• COBIT
• ISO
1970’s
• 1977 - Foreign Corrupt Practices Act
• 1985 – National Commission on
Fraudulent Financial Reporting
– Treadway Commission
6
7/23/2012
Organizations
1992 Issued the Internal Control-
Integrated Framework
7
7/23/2012
Internal Control
• A process effected by an entity’s board of
directors, management and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives in the
following categories:
– Reliability of operations
COSO
Internal Three Objectives
Control
Framework Units or
Activities
of an
Entity
Five Components
8
7/23/2012
COCO
Criteria of Control
• actions that foster the best result for an
organization
• contribute to the achievement of the
organization’s objectives, focus on:
– effectiveness and efficiency of operations;
– reliability of internal and external reporting;
– compliance with applicable laws and regulations
and internal policies.
COCO
Criteria of Control
• Internal control comprises those elements of an
organization. including
– resources
– systems
– processes
– culture
– structure
– Tasks
taken together, support people in the achievement of
the organization’s objectives
9
7/23/2012
Purpose
A sense of direction.
What are we here for?
ACTION
Capability
A sense of competence.
What action do we need to
take?
COSO CoCo
a process, effected by an those elements of an
entity’s board of directors, organization (including its
management, and other resources, systems, processes,
personnel, designed to provide culture, structure and tasks)
reasonable assurance regarding that, taken together, support
the achievement of objectives. people in the achievement of
the objectives.
• effectiveness and efficiency • effectiveness and efficiency
of operations; of operations
• reliability of financial • reliability of internal and
reporting; and external reporting; and
• compliance with applicable • compliance with applicable
laws and regulations laws and regulations and
internal policies
7/23/2012 Internal Control System 20
10
7/23/2012
Cadburry Report
1992
Three Basic Recommendations
• CEO and Chairman of companies should be
separated
• Boards should have at least three non-
executive directors, two of whom should
have no financial or personal ties to
executives
• Each board should have an audit committee
composed of non-executive directors
COBIT
Control Objectives for Information and
Related Technology
1996
11
7/23/2012
COBIT
Control Objectives for Information and
Related Technology
1996
ORGANIZATION RISKS
Internal
Audit
INTERNAL The achievement of
CONTROLS organizational goals is
hindered by risks.
12
7/23/2012
CONTROLS
INTERNAL AUDIT
Controls exist
to manage risks • Assists management
on controls and risks
RISKS
promote
GOVERNANCE
Reasonable Assurance
13
7/23/2012
Changing View on
Internal Controls
AGENCY/
BUSINESS
INTERNAL
ACCOUNTING CONTROLS
CONTROL
Who is Everyone in
responsible for the
internal control? Organization!!!
Board of Directors:
• Governance, guidance,
and oversight
Management:
• Owner
Other Employees:
• Information and
Communication
Internal Auditors:
• Monitoring and Evaluation
14
7/23/2012
15
7/23/2012
Five Components
of Internal Control
Control Environment
COMPONENT
1 The Control Environment
16
7/23/2012
COMPONENT
RISK ASSESSMENT
2
17
7/23/2012
COMPONENT
CONTROL ACTIVITIES
3
18
7/23/2012
CONTROL ACTIVITIES
1 2 3 4
Authorization Custody of Recording Review and
of Assets Transactions Reconciliation
Transactions
19
7/23/2012
20
7/23/2012
Adequate Separation
of Duties
21
7/23/2012
22
7/23/2012
Physical precautions
Backup and
Physical Access
recovery
controls controls
procedures
7/23/2012 Internal Control System 45
Document/Form Design
Prenumbered consecutively
Prepared at the time of transaction
Simple enough to ensure understanding
Designed for multiple uses
Constructed to encourage correct preparation
23
7/23/2012
g. Periodic Reconciliations
24
7/23/2012
h. Performance Reviews
i. Supervision
25
7/23/2012
TYPES OF INTERNAL
CONTROL ACTIVITIES
26
7/23/2012
• A comparison of transactions on
monthly operating reports with
departmental source documents
27
7/23/2012
• They deal not only with internally generated data, but also
information about external events, activities and conditions
necessary to informed business decision-making and external
reporting.
28
7/23/2012
COMPONENT
5 MONITORING
Process of assessing the quality of internal control performance over
time. It involves assessing the design and operation of controls on a
timely basis and taking the necessary corrective actions. It is done to
ensure that controls continue to operate effectively.
Monitoring Component
Ongoing Monitoring
Management, supervisory, and other monitoring activities in the
ordinary course of operations that assess the quality of internal
controls
Separate Monitoring
Evaluation focusing directly on system effectiveness with a scope
and frequency dependent on the assessment of risks, and
ongoing monitoring
Reporting Deficiencies
Upstream reporting of internal control deficiencies, with certain
matters reported to top management and the board
29
7/23/2012
Hard Controls
Soft Controls
“Activities”
“People”
Reviews
Openness
Inspections
Shared Values
Policies
Clarity
Reconciliations
Commitment to
Competence Structure
Honesty Limits of Authority
High Expectations User Aids and
Password
Communications
Physical Counts
2. Not full-proof
30
7/23/2012
31
7/23/2012
32
7/23/2012
33