Академический Документы
Профессиональный Документы
Культура Документы
Components include
Control environment
Accounting system
Control procedures
Sarbanes-Oxley Act
Sarbanes-Oxley Act
Passed in 2002
Most significant overhaul to public accounting, corporate
governance and financial reporting since 1930s
Sarbanes-Oxley Act
Continued
Section
101
Establishes PCAOB
Non-profit, private-sector corporation
PCAOB consists of 5 members appointed by the SEC
Sarbanes-Oxley Act
Continued
Section
201
Sarbanes-Oxley Act
Continued
Section
301
Mandates
Sarbanes-Oxley Act
Continued
Section
302
Sarbanes-Oxley Act
Continued
Sarbanes-Oxley Act
Continued
Section
404
Sarbanes-Oxley Act
Continued
Other
sections of Title IV
Sarbanes-Oxley Act
Continued
Other
Titles of SOX
Mandate workpaper retention policies
Provide whistleblower protection
Require CEO and CFO to personally
certify that the financial reports are
fairly presented
Personal penalties for knowingly
falsifying (not corporate responsibility)
REVIEW
Under the 2002 Sarbanes-Oxley Act,
_____________ must certify the
effectiveness of the companys internal
controls each year. If they sign off on
ineffective controls, they could
_______________.
a. CFOs and CEOs; face civil and criminal
penalties.
b. CFO; face civil penalties.
c. CEO; get fired.
d. External auditor; face the Audit Committee.
REVIEW
The primary responsibility for overseeing
the establishment and administration of
internal control rests with
a.The external auditor.
b.The controller.
c.The internal auditor.
d. Senior management.
COSO Framework
Pyramid with 5 layered and interconnected
components comprise the overall control system
Control environment: foundation
Risk assessment, control activities and monitoring
are layered on top of the foundation
The 5th element is an interface channel between
the other 4 layers: communication and information
Internal
control environment
Internal
control environment
Commitment to competence
Adequate training, supervision, job descriptions
Internal
control environment
Organizational structure
Centralized/decentralized, reporting
relationships
Internal
control environment
Risk
Assessment
Risk
Assessment
Control
Activities
Control
Activities
Control
Activities
Control
Activities
Communications
and Information
Communications
and Information
Timely
Accurate
Current
Accessible
Appropriate
Communications
and Information
External systems
Include a mechanism to capture and act
upon complaints, source of potential control
issues
Communication must flow in both directions
Monitoring
Monitoring
Separate internal control evaluations (in addition to
ongoing monitoring) need to be performed
periodically
Can be done by management
REVIEW
Which of the following are elements included in
the control environment?
a. Organizational structure, management
philosophy, and planning.
b. Risk assessment, assignment of
responsibility, and human resource practices.
c. Competence of personnel, backup facilities,
laws, and regulations.
d. Integrity and ethical values, assignment of
authority, and human resource policies.
REVIEW
Which of the following fits most directly under
the control activities component of the
COSO Internal Control framework?
a. Company-level controls dealing with tone at
the top.
b. Accounting for shipping documents to
ensure that all sales are recorded.
c. Overall methods for assigning authority and
responsibility.
d. The control environment.
of a control system
Internal
Elements
of a control system
REVIEW
Controls may be classified according to the
function they are intended to perform; which
of the following is a detective control?
a. Dual signatures on all disbursements over a
specific amount.
b. Recording every transaction on the day it
occurs.
c. Monthly bank statement reconciliations.
d. Requiring all members of the internal audit
staff to be CPAs.
REVIEW
Controls designed to deter undesirable
events from occurring are
a.Preventive controls.
b.Directive controls.
c.Detective controls.
d.Output controls.
WRAP UP
Questions?