Professional Documents
Culture Documents
Anne-Catherine Provost
INTERNAL CONTROL
Academic year 2022-2023
CONCRETE EXAMPLES
INTERNAL CONTROL DEFINITION
(COSO)
How well you How well you
use your get to your
resources EFFICIENCY VS. EFFECTIVENESS objectives
1 PALLET
1 DAY TO BUILD 1 TABLE
S CE N A R I O S C E N AR I O
1 2
Example: With SOX, internal controls over financial reporting are designed
and operate with the objective of preparing financial statements that
completely and accurately reflect the results of operations
FEATURES OF INTERNAL CONTROL
FEATURES OF INTERNAL CONTROL
7
FEATURES OF INTERNAL CONTROL
8
FRAMEWORKS
10
COSO IC – INTEGRATED FRAMEWORK
3. Compliance: adherence to law and regulations to which the entity is subject, but also
policies, plans, rules, procedures, contracts, or other requirements
11
COSO IC – INTEGRATED FRAMEWORK
Control activities: actions taken by management, the board and other parties to
mitigate risk and increase the likelihood that established objectives and goals will
be achieved
13
COSO IC – INTEGRATED FRAMEWORK
Control environment
14
COSO IC – INTEGRATED FRAMEWORK
Risk assessment
15
COSO IC – INTEGRATED FRAMEWORK
Control activities
16
COSO IC – INTEGRATED FRAMEWORK
Control activities
Control activities
18
COSO IC – INTEGRATED FRAMEWORK
Control activities
19
COSO IC – INTEGRATED FRAMEWORK
Control activities
Control activities occur throughout the organization, at all levels and in all
functions.
System access: The ability that individual users or groups of users have within a
computer information system processing environment, as determined and
defined by access rights configured in the system
Control activities
22
COSO IC – INTEGRATED FRAMEWORK
Control activities
• Control activities:
24
COSO IC – INTEGRATED FRAMEWORK
Monitoring activities
25
KEY ASPECTS OF IC
• Effected by people
26
KEY ASPECTS OF IC
27
LIMITATIONS OF IC
• Human errors
• Management override
• Collusion
• Changing conditions
28
SOX –INTERNAL CONTROLS OVER
FINANCIAL REPORTING
29
SOX –INTERNAL CONTROLS OVER
FINANCIAL REPORTING
Section 404: requires CEO and CFO of publicly traded companies to opine on
the design adequacy and operating effectiveness of internal controls over
financial reporting, as part of financial statements.
• All publicly traded US corporations are required to maintain an adequate
system of internal controls
• Corporate executives and boards of directors must ensure that these
controls are reliable and effective
• Independent external auditors must attest to the adequacy of the internal
control system
• Section 302 mandates disclosure of any changes in internal controls
30
SOX –INTERNAL CONTROLS OVER
FINANCIAL REPORTING
31
COSO AND THE THREE LINES (OF
DEFENSE) MODEL
32
TENTATIVE PLANNING
Date Time Type of lecture and topic TO DO BEFORE CLASS
10/06 8.30-9.45/10.00- In-class discussion: Case 1 (Lego)
11.15/11.30-12.45
13.30-16.30 In-class lecture: Internal control
Submit one-pager on individual reading 2 (Internal
Time to work on individual assignment 2: Internal audit and risks audit and risks) before 10/07 8 AM
10/13 10.45-12.45 In-class lecture: Audit Watch video on Internal audit in preparation for
lecture
13.30-16.30 Guest lecture: The role and challenges facing internal auditor (Dirk Debruyne) Prepare for case 2 (Société Générale) and submit
Time to work on group assignment: Case 2 – Société Générale report before 10/19 2 PM
10/20 8.30-9.45/10.00- In-class discussion: Case 2 (Société Générale) Watch video on Fraud in preparation for case 2
1. Watch video on Internal audit in preparation for lecture.
11.15/11.30-12.45
13.30-16.30 Guest lecture: Internal audit (Mark Dekeyser, IIABel) Read IIA guidelines
Time to work on group assignment: Case 3 – Bharat Petroleum Prepare for case 3 (Bharat Petroleum) and submit
2. Reflect on the following 3 questions for the guest lecture: report before 10/26 2 PM
10/27 8.30-9.45/10.00- In-class discussion: Case 3 (Bharat Petroleum)
11.15/11.30-12.45
AfterQ&A
13.30-16.30 my -studies, I will start
Wrap up: Discussion exam my career with a job in external audit with one of the big 4
(Deloitte, EY,onKPMG
Time to work or PwC)
group assignment: Written – Yes/No – why
report Submit group assignment (Written report) before
10/28 6 PM
After my studies, I will start my career with a job in internal audit. Yes/No – Why
In your opinion, what are the competencies needed to be a good auditor (internal
and/or external)? Name at least 3 of them.