Professional Documents
Culture Documents
Unit 2 Part 2 Internal Control Structure and Risk Exposures
Unit 2 Part 2 Internal Control Structure and Risk Exposures
General Application
Controls Controls
Control Environment
The Control Environment establishes the tone of a
company, influencing the control consciousness of its
employees
It is comprised of seven components:
• Management philosophy and operating style
• Integrity and ethical values
• Commitment to competence
• The Board of Directors and the Audit Committee
• Organizational Structure
• Assignment of authority and responsibility
• Human resources policies and practices
• External Influences
Highlights of CE Components - I
Management Philosophy and Operating Style
Does management emphasize short-term profits
and operating goals over long-term goals?
Is management dominated by one or a few
individuals?
What type of business risks does management
take and how are these risks managed?
Is management conservative or aggressive
toward selecting from available alternative
accounting principles?
Highlights of CE Components - II
Organization Structure
Is an up-to-date organization chart prepared,
showing the names of key personnel?
Is the information systems function
separated from incompatible functions?
How is the accounting department
organized?
Is the internal audit function separate and distinct
from accounting?
Do subordinate managers report to more than one
supervisor?
Highlights of CE Components - III
Assignment of Authority and Responsibility
Does the company prepare written employee
job descriptions defining specific duties and
reporting relationships?
Is written approval required for changes made
to information systems?
Does the company clearly delineate
employees and managers the boundaries of
authority-responsibility relationships?
Does the company properly delegate authority
to employees and departments?
Highlights of CE Components - IV
Human Resource Policies and Practices
Are new personnel indoctrinated with respect to Internal
Controls, Ethics Policies, and Corporate Code of
Conduct?
Is the company in compliance with the ADA? The EEOA?
Are Grievance Procedures to manage conflict in force?
Does the company maintain a sound Employee
Relations program?
Do employees work in a safe, healthy environment?
Are Counseling Programs available to employees?
Are proper Separation Programs in force for employees
who leave the firm?
Are critical employees Bonded?
Key Functions Performed
by Audit Committees
Establish an Internal Audit Department
Review the Scope and Status of Audits
Review Audit Findings with the Board and
ensure that Management has taken
proper action recommended in the Audit
Report and Letter of Reportable
Conditions
Maintain a direct Line of Communication
among the Board, Management, External
and Internal Auditors, and periodically
arrange Meetings among the parties
Key Functions Performed
by Audit Committees
Review the Audited Financial Statements
with the Internal Auditors and the Board
of Directors
Require periodic Quality Reviews of the
operations of the Internal Audit
Departments to identify areas needing
improvement
Supervise special investigations, such as
Fraud Investigations
Assess the performance of Financial
Management
Require the Review of Compliance with
Laws and Regulations and with Corporate
Codes of Conduct
Risk Assessment
Unintentional errors
Deliberate Errors (Fraud)
Unintentional Losses of Assets
Thefts of assets
Breaches of Security
Acts of Violence and Natural Disasters
Factors that Increase Risk
Exposure
Frequency - the more frequent an
occurrence of a transaction the
greater the exposure to risk
Vulnerability - liquid and/or portable
assets contribute to risk exposure
Size of the potential loss - the higher the
monetary value of a loss, the greater the
risk exposure
Problem Conditions
Affecting Risk Exposures
Collusion (both internal and external), which is
the cooperation of two or more people for a
fraudulent purpose, is difficult to counteract even
with sound control procedures
Lack of Enforcement Management may not
prosecute wrongdoers because of the potential
embarrassment
Computer crime poses very high degrees
of risk, and fraudulent activities are difficult
to detect
Computer Crime
Data reviewed for Data often not Errors, accidental Edit checks
errors by clerks subject to review or deliberate, may performed by
by clerks be entered for computer system
processing
Control Problems Caused by
Computerization: Data Processing
Manual System Computer-based System
Characteristics Characteristics Risk Exposures Compensating
Controls
Processing performed Processing performed Effects of errors may Editing of all data
relatively slowly very rapidly spread rapidly through during input and
files processing steps
Control Problems Caused by Computerization:
Data Storage & Retrieval
Manual System Computer-based System