Professional Documents
Culture Documents
Chapter 1
OVERVIEW OF
INTERNAL CONTROL SYSTEM
Auditing Department- SOA-UEH
2023 1
CONTENTS
1. Definition of internal controls
2. The evolution of internal controls
3. COSO report drafting process
4. COSO Report 1992 & 2013
5. The effectiveness of the internal control system
6. Internal control and management process
7. Responsibility for internal controls
Control Internal
1. DEFINITION
Control
A measure, procedure, policy or way to mitigate and
decrease
manage risks
Internal
Within or in relation to the structure of an
organization.
1. DEFINITION
(COSO Report)
CONTROL:
Internal control is a process, effected by an entity’s
-prevent board of directors, management, and other personnel, staff
-reduce designed to provide reasonable assurance regarding the
-detect and achievement of objectives in the following categories:
correct in time
Operations effectiveness and efficiency (profitability, market, customers, reputation)
Reporting reliableness/ fairness MISSTATED due to ERROR/FRAUD
1. DEFINITION
PROCESS
Board of Operations
Directors
Internal
Managers Control Reporting
system
Employees Compliance
PEOPLE OBJECTIVES
REASONABLE
ASSURANCE
history
1. Early stage
2. Formation stage
3.Development stage
4. Modern stage
Protect
Protect assets
moneys(1900) (1929) Efficient of
operations
(1949)
Encourage
Auditing
COSO Report to comply to the policy of Internal
manager control about
(1992)
(1949) Management
ORGANIZATION STRUCTURE
OF COSO
COSO Treadway
Commission
The Committee of
Sponsoring
The National Commission
Organizations of the
on Fraudulent Financial
Treadway Commission
Reporting
American Institute American Accounting Institute of Internal Financial Executives Institute of Management
of CPA Association Auditors Institute Accountants
COSO REPORT ON
INTERNAL CONTROL
• In 1992, the COSO Report was issued. Components of
internal control include: control environment, risk
assessment, control activities, information and
communication, and monitoring.
10
11
Strategy
Broader goals,
CORPORATE
towards the
GOVERNANCE ERM development
strategy of the
unit
INTERNAL
ERM is a part of
CONTROL
CORPORATE
SYSTEM
GOVERNANCE
13
OBJECTIVES OF ERM
Unit objectives can be divided into four categories:
Strategy
Operation
Reporting
Compliance
14
ERM LEVEL
ERM looks at the entity's activities on all levels:
Entity
Division
Business Unit
Subsidiary
15
COMPONENTS OF ERM
8 components:
1. Internal environment
2. Goal Setting
3. Identify events
4. Risk assessment
5. Dealing with risks
6. Control activities
7. Information and communication
8. Monitor
16
Internal control
for smaller
publicly traded
companies
17
CoBIT®
Control Objectives
for Information and
Related Technology
18
19
20
21
22
23
3. COSO REPORT
DEVELOPMENT PROCESS
Collect Seminars Complete
documents Draft
Send Testing in
questionnaire reality
24
Project timetable
4. COSO REPORT
26
Part 2: Framework
27
28
Control environment
Risk assessment
Control Activities
Monitoring Activities
29
30
Why update what works – The Framework has become the most
widely adopted control framework worldwide.
Enhancements Updates
Broadens Application Clarifies Requirements
Context
Updated
Framework COSO’s Internal Control–Integrated Framework (2013 Edition)
- Vertical relationship
- Horizontal relationship
- Internal control related to each department, each activity
of the organization and the whole organization in
general.
33
5 integrated
components
34
34
5. THE EFFECTIVENESS OF
INTERNAL CONTROL SYSTEM
An internal control system is effective if it meets the
following three criteria:
Understand to what extent the organization's
operational goals are being achieved,
The financial statements are being prepared and
presented reliably,
Laws and regulations are being followed.
35
5. THE EFFECTIVENESS OF
INTERNAL CONTROL SYSTEM
In addition to the above three criteria, further evaluation
is required:
Do the five components of the system of internal
control and related control principles exist and operate
effectively in practice?
At the same time, do the 5 parts work synchronously
and rhythmically as a unified whole?
36
7. RESPONSIBILITIES FOR
INTERNAL CONTROLS
1. Board of Directors
2. Audit Committee (Board of
Supervisors)
3. Manager
4. Internal auditors
5. Staff
6. Outside parties
38
BOARD OF DIRECTORS
Participate in developing, approving and monitoring the
implementation of the mission, vision and strategy of the
unit
Monitor the performance of managers, including
building and effectively operating an internal control
system
Play an important role in defining expectations of
honesty and ethical values, transparency and
accountability
39
***
BOARD OF DIRECTORS
Requirements for members of the Board of Directors:
Independent, competent and questionable
Understanding the operations and operating
environment of the entity and dedicating enough time to
carry out its administrative responsibilities
Use resources as necessary to investigate issues that
arise and have open, unlimited communication with
employees, internal auditors, independent auditors, legal
consultants, etc.
40
AUDIT COMMITTEE
As a committee under the Board of Directors, the
members are selected by the Board of Directors
All members of this Committee are not on the Board of
Directors (non-executive members)
At least one member is a finance or accounting expert.
41
AUDIT COMMITTEE
Check annual financial statements
Select an independent auditing company; work and
discuss directly with the independent auditors about
issues arising in the audit including weaknesses of the
internal control system.
Detect and take appropriate actions in case the Board of
Directors goes beyond the internal control system
42
MANAGERS
Responsible for the design, construction and operation
of an effective internal control system at the unit
Being the decisive factor, building a solid foundation
for the control environment and other parts of the
internal control system
43
MANAGERS
44
INTERNAL AUDITOR
Through the services provided to the divisions in the
unit, contributing to increase the effectiveness of the
internal control system
Evaluate the effectiveness of the internal control
system, under the supervision of the system.
45
EMPLOYEES
46
OTHERS
External auditors (such as independent auditors, public
auditors)
Legislators or Regulators
Customers and suppliers can also provide useful
information through their dealings with the organization.
Others outside the organization such as financial analysts,
the media, etc.
47
48