Topic 2
"Internal Control Concepts in the AIS"
The Fraud Triangle
Available Opportunities
Poor Ethics
Situational Pressure
Type of Fraud
Employee Fraud
- Committed by non-management personnel
- Usually consists of an employee taking cash or other assets for personal gain by circumventing a company's internal controls
Management Fraud
- Perpetrated at levels of management above the one to which internal controls generally relate to
- Frequently involves using the financial statements to create an illusion that an entity is more healthy than it actually is
- If misappropriation of assets, it is shrouded in a maze of complex business transactions
Broad Objectives of Internal Control
To Safeguard assets of the firm
To ensure the accuracy and reliability of accounting records and information
To promote efficiency in the firm's operations
To measure compliance with management's prescribed policies and procedures
Internal control systems comprises policies, practices and procedures employed by the organisation to achieve these objectives
COSO Internal Control Framework
Control Environment
Control environment sets the overall tone of the organisation and influences the control consciousness of its management and employees in the organisation
The Integrity and Ethical values of management
The Structure of an Organisation
Role of the board of directors and audit committee
Management's philosophy and operating style
Procedures for delegating responsibility and authority
Management's methods for assessing performance
External influences
Policies and practices for managing its human resource
Risk Assessment
Risk assessment is to identify, analyse and manage risks relevant to financial reporting
Changes in external environment that impose new competitive pressures on the firm
New personnel who have inadequate understanding of internal control
Rapid growth that strain existing internal controls
Introduction of new product lines and activities which the organisation has little experience
Restructuring, downsizing or implementing new technology which affect transaction processing
Change in accounting policies that impact financial reporting
Information and Communication
The quality of information the AIS generates impacts management's ability to make correct decisions and prepare reliable financial statements
Identity and record all valid transactions
Provide timely information in appropriate detail to permit proper classification and financial reporting
Accurately measure the financial value of transactions
Accurately record transactions in the time period in which they occur
Monitoring
To assess the internal controls and functioning as intended
Through separate procedures by testing controls and then communicating control strengths and weakness to management
Through on-going monitoring by integrating special computer modules into the AIS that allow test of control to be conducted as part of routine operations
Through on-going monitoring by including management reports that identify exceptions from normal performance
Control Activities
Policies and procedures used to ensure that appropriate actions are taken to deal with the organisation's risks
IT Controls
- Controls which relate to the computer environment
Physical Controls
- Controls which relate primarily to human activities employed in AIS