Product Image

Internal Control Essentials for Financial Managers, Accountants and Auditors

Author/Moderator: Glenn Helms, CPA, Ph.D., CISA, CIA
Publisher: AICPA
Availability: In Stock
See Below To Add To Cart

Description

Many managers, supervisors and accountants in business, government or nonprofits are not able to identify their departmental policies and procedures that function as the primary controls against errors and fraud. On the other hand, auditors performing fieldwork may be confused as to how to interpret and evaluate management’s documentation of accounting processes and controls. And neither party may truly understand how their duties differ.

This course is designed to give participants a solid understanding of systems and control documentation at the significant process level. After an overview of the latest COSO guidance on the components and principles of effective internal control, this course introduces participants to basic tools used to document an accounting process. Participants then identify the risks of errors and fraud in the accounting system and the presence (or absence) of compensating controls. Finally, participants will practice identifying key controls and control weaknesses.

Objective:

  • Interpret basic documentation of a significant accounting process, identify the significant risks of frauds and errors, locate the presence or absence of compensating controls and identify key controls and control weaknesses

Prerequisite: None

Value Aid! Internal Control – Integrated Framework

Table of Contents

  • Chapter 0 - Course Overview
  • Chapter Summary
  • Chapter 1 - Internal Control for Smaller Entities
    • Learning Objectives
    • Introduction
    • Internal Control over Financial Reporting – Guidance for Companies
      • Smaller Company Characteristics
      • Cost/Benefit of Internal Control
      • How Internal Controls Benefit Small Public Companies
    • Internal Controls Appropriate for Smaller Companies
      • Segregation of Duties
      • Mitigation of Management Override Risk
      • Board of Directors
      • Qualified Accounting Personnel
      • Management’s Focus on Accounting and Financial Reporting
      • Information Technology
      • Automated Controls
      • Monitoring Activities
    • Additional Efficiency Opportunities
      • Financial Reporting Objectives
      • Risk Assessment
      • Internal Control as an Integrated Process
      • Right-sizing Documentation
    • Summary
  • Chapter 2 - The Auditing Standards Board and Internal Control
    • Learning Objectives
    • Auditing Standards Board – Beyond Internal Controls
    • Industry Controllers and the Audit Standards
    • Factors to Consider When Obtaining an Understanding of the Entity and Its Environment
    • Risk Assessment Procedures
    • Brainstorming
    • Inquiries
    • Analytical Procedures
      • Expectation Formulation
      • Identification, Investigation, and Evaluation
      • Possible Adjustments to Unadjusted Client Accounts
    • Observation and Inspection
    • Are Independent Auditors Part of the Entity’s Internal Control?
    • Summary
  • Chapter 3 - Internal Control Definition and Concepts
    • Learning Objectives
    • Introduction
    • SOX Section 404
    • COSO Framework
    • COSO Definition of Internal Control
    • Auditing Standards No. 5 – Levels of Controls
      • Entity-Level Controls
      • Account/Process Level of Controls
      • A Combined Model
    • Summary
  • Chapter 4 - The Control Environment – An In-Depth Review
    • Learning Objectives
    • Introduction
    • The Control Environment
      • Integrity and Ethical Values
      • Board of Directors
      • Management’s Philosophy and Operating Style
      • Organizational Structure
      • Financial Reporting Competencies
      • Authority and Responsibility
      • Human Resources
    • Entity-Level Controls
    • Controls over the Period-End Financial Reporting Process
      • Spreadsheets
      • Selection of Accounting Policies
    • General IT Controls
    • Summary
  • Chapter 5 - Risk Assessment and Fraud – An In-Depth Review
    • Learning Objectives
    • Introduction
    • Risk Assessment and Objectives
      • Risk Sources
    • COSO for Smaller Public Companies
    • Financial Reporting Objectives
    • Financial Reporting Risks
    • Fraud Risk
    • Risk Assessment – Application to Small and Midsized Entities
    • Examples of Risks of Misstatement of Financial Statements
      • Revenue Cycle Example – Flawed System Design – Errors
      • Expenditure Cycle – Flawed System Design – Errors
      • Cash Receipts Example – Flawed System Design – Misappropriation of Assets
      • Fraudulent Financial Reporting
    • Summary
  • Chapter 6 - Control Activities – An In-Depth Review
    • Learning Objectives
    • Introduction
    • Control Activities
      • Integration with Risk Assessment
      • Selection and Development of Control Activities
      • Policies and Procedures
      • Documentation Issues – Management
    • Information Technology
    • Input Controls
      • Examples of Input Controls
    • Processing Controls
      • Examples of Processing Controls
    • Output Controls
    • Other Attributes of IT Controls
    • Complexity of IT
      • Complex IT System Characteristics
      • Less Complex IT System Characteristics
    • End-User Computing
      • Description
      • Advantages
      • Three Forms
      • Acquisition and Use of Hardware – Risks
      • Acquisition and Use of Software – Risks and Controls
      • Application Development – Risks
      • Logical Access to Sensitive Data – Risks
      • Physical Security of Data and Systems – Risks and Responses
    • COSO – Internal Control – Integrated Framework Control Activities
      • Type of Control Activities
      • Integration with Risk Assessment
      • Controls over Information Systems
      • Entity-specific Controls
    • Documentation of Account/Transaction Level Controls
    • Application to Small and Mid-Sized Entities
    • Summary
  • Chapter 7 - Information and Communication – An In-Depth Review
    • Learning Objectives
    • Introduction
    • Information and Communication
    • Financial Reporting Information
    • Internal Control Information
    • Internal Communication
    • SAS No. 109 – Information and Communication
      • Audit Requirements: Information and Communication
    • Automated and Manual Procedures
    • Communication
    • IT: Information and Communication
    • Information and Communication – Application to Small and Midsized Entities
    • Summary
  • Chapter 8 - Monitoring – An In-Depth Review
    • Learning Objectives
    • Introduction
    • Monitoring
    • Attributes of the Principle
    • Reporting Deficiencies
    • Monitoring – COSO, Integrated Framework
    • Ongoing Monitoring
    • Separate Evaluations
      • Documentation in a Separate Evaluation
      • How to Conduct a Separate Evaluation
      • Reporting Deficiencies in a Separate Evaluation
      • AS No. 5’s Categories of Deficiencies
    • Deficiencies That Are at Least Significant
    • Additional Control Deficiencies: SAS No. 112
    • Monitoring – SAS No. 109
      • Audit Requirements and Monitoring
    • Monitoring – Application to Small and Midsized Entities
    • Summary
  • Chapter 9
    • Documentation – Guidance and Tools
    • Learning Objectives
    • Introduction
    • Internal Control Questionnaires
      • Internal Control Questionnaires Issues
    • Narratives
    • Flowcharts
    • Control Matrices
    • Example
    • Other Internal Control Documentation Tools
    • Summary
    • Appendix – “Choose the Right Tools for Internal Control Reporting”
  • Chapter 10 - Illustrative Case
    • Learning Objective
    • Overview
    • Case
      • Narrative
      • Requirements
      • Solution to Case
  • Chapter 11 - Ethics Focus: Accounting and Auditing
    • Ethics Overview
    • Recent Developments
    • Spotlight on Independence
    • Key Ethical Dilemmas
    • Addressing Ethical Dilemmas
    • Available Resources
  • Chapter 12 - Latest Developments

731854

Excerpts

Chapter 0

Course Overview

This course is designed to give participants a solid understanding of systems and control documentation at the significant process level. After an overview of the latest COSO, SAS, and PCAOB guidance on the components and principles of effective internal control, this course introduces participants to basic tools used to document an accounting process. Participants then identify the risks of errors and fraud in the accounting system and the presence (or absence) of compensating controls. Finally, participants will practice identifying key controls and control weaknesses.

The course is appropriate for both smaller public and non-public entities. Guidance in the course will assist those in smaller public companies in complying with the PCAOB's auditing standards. Additionally, this course will assist personnel in non-public entities and their external auditors in understanding how to apply the audit risk standards (SAS No. 104 to 111) and SAS No. 112 on reporting control deficiencies.

The focus of this course is not on the testing and reporting aspects of performing an audit of internal control over financial reporting in conjunction with an audit of financial statements as promulgated by the PCAOB's Auditing Standard No. 5, An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements1. Its objective is to provide the participant with the tools necessary to interpret basic internal control documentation, identify significant internal control risks, locate compensating controls, and identify key internal controls and weaknesses.

Chapter Summary

Chapter 1 - Internal Control for Smaller Entities
This chapter contains a list of auditors' responsibilities under AS No. 5. This chapter addresses characteristics of smaller public companies. The cost/benefit aspects of internal control are illustrated by an example - one example uses probability theory and expected value techniques in the analysis. Internal control challenges for small companies are addressed and possible compensating controls to overcome these challenges are reviewed. Methods that management can employ to enhance their efficiencies in assessing internal control are discussed.

Chapter 2 - The Auditing Standards Board and Internal Control
This chapter addresses the audit risk standards and implications for management and auditors of non-public entities. It is stressed that the purpose of obtaining an understanding of internal control is to assess risk. Various factors that should be considered when obtaining an understanding of the entity and its environment are addressed. There is a discussion of risk assessment procedures and a detailed discussion of one of the procedures - analytical review procedures. The impact of the external auditor assistance in preparing financial statements as a control deficiency is stressed.

Chapter 3 - Internal Control Definition and Concepts
The various definitions of internal control, provided by congress, COSO, and the PCAOB are discussed. An overview of the COSO framework is provided and the five elements of internal control are reviewed. These five elements include the control environment, risk assessment, control activities, information and communication, and monitoring. The relationship of internal control to the entity's objectives is presented by use of the COSO model. AS No. 5 controls are addressed in detail and include entity-level, account/transaction level, and financial statement level controls.

Chapter 4 - The Control Environment - An In-Depth Review
The chapter provides an in-depth review of the control environment principles. These include integrity and ethical values, board of directors, management's philosophy and operating style, organizational structure, financial reporting competencies, authority and responsibility, and human resources. Antifraud controls are also addressed as this classification of controls is contained in AS No. 5. AS No. 5's entity-level controls are explored in even more detail in this chapter. Numerous examples of entity-level controls are provided and include, but are not limited to, general IT controls, controls over the period-end financial reporting process, and selection of accounting policies.

Chapter 5 - Risk Assessment and Fraud - An In-Depth Review
This chapter provides a detail review of risk assessment and fraud. General sources of risk are addressed in addition to the COSO principles related to risk assessment. The fraud risk factors from SAS No. 99, categorized as to the fraud triangle components (pressure, opportunity, rationalization), and also classified as to fraudulent financial reporting or misappropriation of assets are presented in detail. Several examples of risks of misstatement of financial statements are provided.

Chapter 6 - Control Activities - An In-Depth Review
There is a detailed review of control activities. Documentation of control activities is addressed. Control activities in an IT environment are reviewed and include input, processing, and output controls. The complexity of IT systems impact on internal control is covered. The three types of end-user computing and related risks, particularly with respect to the use of spreadsheets, are reviewed. Examples of COSO and AS No. 5 control activities and principles are presented. The application of SAS No. 109 and COSO to small and midsized entities is highlighted.

Chapter 7 - Information and Communication - An In-Depth Review
This chapter discusses information and communication. COSO's principles and attributes of information and communication are reviewed, together with SAS No. 109's guidance on this topic. The IT Governance Institute's viewpoint on information and communication is also presented.

Chapter 8 - Monitoring - An In-Depth Review
The COSO principles and attributes of monitoring are reviewed. Different types of monitoring are addressed and include ongoing monitoring activities, separate evaluations, and reporting deficiencies. The underlying conceptual framework for categorizing deficiencies as either not significant, significant, or as a material weakness is presented in detail. AS No. 5's and SAS No. 112's de facto categorizations of deficiencies as either significant deficiencies or as material weaknesses are reviewed. The additional control deficiencies contained in the appendix to SAS No. 112 are reviewed to provide a plethora of examples of control deficiencies. These deficiencies are categorized as to whether they are deficiencies in design or deficiencies in operation of internal control.

Chapter 9 - Documentation - Guidance and Tools
Numerous documentation tools, including their related benefits and weaknesses, are reviewed and include internal control questionnaires, narratives, flowcharts, and control matrices. Numerous examples of systems are provided. The various documentation tools are used in mini cases to serve as illustrations of applying the documentation tools. The appendix contains an article that reviews a number of software packages commonly used by auditors and management to document internal control over financial reporting.

Chapter 10 - Illustrative Case
This chapter is a case of a portion of a revenue system in a manufacturing environment. The different documentation tools addressed in Chapter 9 are utilized to illustrate how the revenue system might be documented using questionnaires, flowcharts, narratives, and control matrices.

1AS No. 5 supersedes AS No. 2 and is effective for audits of financial statements ending on or after November 15, 2007, with earlier adoption permitted and encouraged.

731854

Videocourse Details

NASBA Field of Study: Accounting
Level: Basic
Recommended CPE Credit: 12
Important Information on Your CPE Credit
INTERNAL CONTROLS: ESSENTIALS FOR FINANCIAL MANAGERS, ACCOUNTANTS AND AUDITORS TX08
Text
Product# 731854
Availability:In Stock
Regular:$181.25
AICPA Member:$145.00
Your Price:$181.25
To receive your AICPA member discount, Sign In now, or Register using your AICPA membership number.
Choose the Standing Order Option and get these discounts on your initial purchase:

Publications--10% discount
CPE Self-Study--20% discount

Each new future annual edition will then be automatically shipped to you at a 10% discount.