Security
rating: 0+x

Internal Control Activities:

Control environment – essential is attitude of management

1. risk assessment—identification and analysis of risks relevant to preparation of financial statements

2. control activities

a. separation of the custody of assets from accounting (adequate separation of duties)

b. separation of the authorization of transactions from custody of related assets.

c. separation of operational responsibility from record-keeping responsibility

d. separation of duties within EDP

e. proper authorization of transactions

f. adequate documents and records

3. information and communication (identify, assemble,classify, analyze, record and report entity’s transactions and maintain accountability of related assets

4. monitoring– internal auditors independent of both operating and accounting departments

5. look at process like an auditor

Fraud and Fraud Risk Factors

A. weaknesses of internal control

1. management override of controls such as (from AICPA Task Force Report)

a. record fictitious business events or transactions or change the timing of recognition of legitimate transactions, particularly those close to the end of an accounting period

b. establish or reverse reserves to manipulate results, including intentionally biasing assumptions and judgments used to estimate account balances.

c. alter records and terms related to significant or unusual transactions

B. misstatements arising from fraudulent financial reporting (from SAS 99)

a. manipulation,falsification, or alteration of accounting records or supporting documents from wich financial statements are prepared

b. misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information

c. intentional misapplication of accounting principles relating to amounts classifications, manner of presentation, or disclosures.

C. Fraud risk factors

1. Incentive– management or others have an incentive, or are under pressure, which provides them with a reason to commit fraud

2. Opportunity– circumstances exist (such as absence of controls or ineffectiveness of controls) that provide an opportunity for a fraud to be perpetrated.

3. Rationalization– Those involved in the fraud are able to rationalize committing the fraudulent act.

Essential Auditing activities – all related to gather evidence

1. transaction-related audit objectives

a. existence– recorded transactions exist

b. completeness– existing transactions are recorded

c. accuracy– recorded transactions are stated at correct amounts

d. classification–transactions included in journals are properly classified

e. timing– transactions recorded on correct dates

f. posting and summarization – recorded transactions are properly recorded in the Master Files and are correctly summarized.

2. key internal control – procedure in place to ensure above

3. common test of control – to ensure that controls are being used

4. common substantive tests of transactions – detailed look at transactions

Records Management Essentials for Internal Control

A. Physical or electronic objects upon which transactions are entered and summarized

B. Examples

1. purchase orders

2. sales invoices, sales journals

3. employee time cards

C. Documents must be adequate to provide reasonable assurance that all assets are properly controlled and all transactions properly recorded.

D. Design and use of documents

1. pre-numbered consecutively to facilitate control over missing documents and aid in locating documents when they are needed at a later date

2. prepared at the time a transaction takes place, or as soon thereafter as possible.

3. sufficiently simple to ensure that they are clearly understood

4. designed for multiple use whenever possible, to minimize the number of different forms

5. constructed in a manner that encourages correct preparation

E. Chart of Accounts

F. Systems manuals – procedures for proper record keeping to encourage consistent application

G. need to protect assets and records such as locks on doors where computer stored, password security, backup and recovery procedures

Add a New Comment