Internal Control

S T U D Y N O T E S 2

Dominique P. Alistado
AA 3201 MW 7:30-9:00 PM
 1

Safeguard Assets Management responsibility

Ensure Accuracy
Methods of data processing
and Reliability
Objectives Principles
Promote Efficiency Limitations
*separate concept map on page 2
Measure Compliance
with Policies Reasonable assurance

Internal Control

SEC Acts of 1933 and 1934

Foreign Corrupt Practices

Act (FCPA) of 1977 Preventive controls

Internal Control
Copyright Law–1976 Model Detective controls
Legislation
Committee of Sponsoring *separate concept map on page 3 *separate concept map on page 4

Organizations–1992 Corrective controls

Sarbanes-Oxley Act of 2002

 2

The internal control system should achieve the four broad

Methods of Specific techniques used to achieve the objectives will

Data Processing
objectives regardless of the data processing method used
vary with different types of technology.
(whether manual or computer based).

This concept holds that the The internal control system should

establishment and
Management Reasonable provide reasonable assurance; this

maintenance of a system of Principles

Principles Assurance
means that the cost of achieving

internal control is a
Responsibility improved control should not

management responsibility outweigh its benefit

(1) the possibility of error—no system is perfect (3) management override— management is in a position
to override control procedures by personally distorting

Limitations transactions or by directing a subordinate to do so

(2) circumvention—personnel may circumvent the system
through collusion or other means (4) changing conditions—conditions may change over time
so that existing effective controls may become ineffectual.
 3 3
3
9 require that investors receive financial and other implemented due to the discovery that U.S.
1

significant information concerning securities

business executives were using their
being offered for public sale.
organizations’ funds to bribe foreign officials,
prohibit deceit, misrepresentations, and other
internal control issues, formerly of little
fraud in the sale of securities.
interest to stockholders, quickly became a

4 matter of public concern.

3
9

empowered SEC with broad authority over all

SEC Acts of Foreign Corrupt requires companies to keep records that
1

aspects of the securities industry, which included

fairly and reasonably reflect the transactions
authority regarding auditing standards. 1933 and Practices Act of the firm and its financial position.
required publicly traded companies to be audited
1934 (FCPA) of 1977 requires companies to maintain a system of
by an independent auditor.
internal control that provides reasonable
required all companies that report to the SEC to

maintain a system of internal control that is assurance that the organization’s objectives

evaluated as part of the annual external audit. are met.

Brief History of Internal

Control Legislation

added software and other intellectual a committee formed to address the

properties into the existing copyright frauds following the series of S&L

protection laws. Committee of scandals in the 1980s.

Copyright
copyright protection extends to all
Sponsoring Sponsoring organizations: AICPA, AAA,

“original works of authorship” to take into Law–1976 FEI, IMA, and IIA
Organizations
account new kinds of media. the committee focused on an effective

implemented to protect intellectual

1992 model for internal controls from a

property. management perspective and came up

the 1976 statute incorporated the concept with the COSO model
of fair use.
*elaborated on page 5 Note: Sarbanes-
Oxley Act of 2002 is
explained in Study
Notes 1
 must be taken to reverse the effects of
4

detected errors

designed to correct errors or

irregularities that have been detected.

fixes the errors detected

Corrective controls

first line of defense in the control structure.

passive techniques designed to reduce the frequency of

occurrence of undesirable events.

Detective controls forces compliance with prescribed or desired actions and

thus screen out aberrant events.

preventing errors and fraud is far more cost-effective

second line of defense in the control structure.
than detecting and correcting problems after they occur.
designed to detect errors or irregularities that

may have occurred

devices, techniques, and procedures designed Preventive controls

to identify and expose undesirable events that

elude preventive controls.

reveal specific types of errors by comparing

actual occurrences to preestablished standards

Model
 By Separate Procedures
gather evidence of control
5
Identify and record all valid economic adequacy by testing

transactions controls and then

Provide timely, detailed information
Accurately measure financial values
Accurately record transactions
By Ongoing Activities
by integrating special computer
communicate control
modules into the information
strengths and weaknesses
system that capture key data
to management.
and/or permit tests of controls to

Information & Communication Monitoring be conducted as part of routine

operations.

Integrity and ethical values of

management

Structure of the organization

Participation of the organization’s

board of directors and the audit

committee
IT Controls
General Controls
Management’s philosophy and
Application Controls
operating style

COSO Internal Control

Control Environment Control Activities
Framework

Procedures for delegating

Physical Controls
Independent verification
responsibility and authority
Transaction authorization
Management’s methods for
Segregation of duties
assessing performance
Supervision
External influences
Accounting records
Organization’s policies and
Access controls
practices for managing human

resources

Risk Assessment
Changes in environment New products or services

Changes in personnel Organizational restructuring

Changes in I.S. Foreign markets

New IT’s New accounting principles

Significant or rapid growth