...THE CHIEF FINANCIAL OFFICERS, CHIEF OPERATION OFFICERS, CHIEF INFORMATION OFFICERS, AND PROGRAM MANAGERS FROM: Linda M. Springer Controller SUBJECT: Revisions to OMB Circular A-123, Management’s Responsibility for Internal Control OMB Circular No. A-123 defines management's responsibility for internal control in Federal agencies. A re-examination of the existing internal control requirements for Federal agencies was initiated in light of the new internal control requirements for publicly-traded companies contained in the Sarbanes-Oxley Act of 2002. Circular A-123 and the statute it implements, the Federal Managers’ Financial Integrity Act of 1982, are at the center of the existing Federal requirements to improve internal control. This circular reflects policy recommendations developed by a joint committee of representatives from the Chief Financial Officer Council (CFOC) and the President’s Council on Integrity and Efficiency (PCIE). The policy changes in this circular are intended to strengthen the requirements for conducting management’s assessment of internal control over financial reporting. The circular also emphasizes the need for agencies to integrate and coordinate internal control assessments with other internal control-related activities. The revised circular is effective for FY 2006. Agencies should take steps in FY 2005 to prepare for its implementation. OMB plans to continue to work closely with the CFOC and the PCIE to provide further...
Words: 12138 - Pages: 49
...Checklist for Evaluating Internal Controls Lisa Cook ACC 544 October 31, 2011 Bret Mann Checklist for Evaluating Internal Controls Internal Control is to assist companies with reviewing and assessing its accountability within the organization. Internal controls are best practices for an organization that sets the tone and its main purpose is reducing business risk by controlling loss because of the misuse of the company’s assets. Fraud is sure to be detected through internal controls as well as help with the accuracy of its financial reporting. This analysis will provide a comprehensive checklist for evaluating internal controls and show how to apply the checklist to outline phases of the control evaluation. Evaluating Internal Controls Checklists The Committee of Sponsoring Organization (COSO) defines controls as the “process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: * Reliability of financial reporting. * Effectiveness and efficiency of operations. * Compliance with applicable laws and regulations. Internal control is designed to achieve objectives in various categories” (Louwers, et al, 2007, p. 149). The purpose for an internal control checklist is to analyze the efficiency of the organization’s controls in place, document the controls, and make recommendations and necessary improvements. Management...
Words: 785 - Pages: 4
...Of AUDIT RISK, MAKINg REfERENcE TO THE KEY AUDITINg STANDARDS WHIcH gIVE gUIDANcE TO AUDITORS AbOUT RISK ASSESSMENT. 01 TEcHNIcAL audit risk RELEVANT TO AccA QUALIfIcATION PAPERS f8 AND P7 AND This article outlines and explains the concept of audit risk, making reference to the key auditing standards which give guidance to auditors about risk assessment. Identifying and assessing audit risk is a key part of the audit process, and ISA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment, gives extensive guidance to auditors about audit risk assessment. The purpose of this article is to give summary guidance to CAT Paper 8, Paper F8 and P7 students about the concept of audit risk. All subsequent references in this article to the standard will be stated simply as ISA 315, although ISA 315 is a ‘redrafted’ standard, in accordance with the International Auditing and Assurance Standards Board (IAASB) Clarity Project. For further details on the IAASB Clarity Project, read the article by Lisa Weaver, examiner for Paper P7, in the August 2009 issue of Student Accountant. WHAT IS AUDIT RISK? According to the IAASB Glossary of Terms1, audit risk is defined as follows: ‘The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of material misstatement and detection risk.’ WHY IS...
Words: 2185 - Pages: 9
...independent audit of the internal controls of Apollo Shoes, Inc. This letter will outline the nature and limitations of the services we will provide. Anderson, Olds, and Watershed will provide consultation to Apollo Shoes Inc. about the internal control requirements of the 2002 Sarbanes-Oxley Act (SOX) Section 404 and test the internal controls to identify any significant deficiencies and/or material weaknesses. Statement on Auditing Standards (SAS) 115 states that these are matters that warrant the attention of management, our purpose is to provide our opinion and recommendation. At the conclusions of the engagement we will provide to Management and the Audit Committee a detailed report, including an executive summary, of all findings and recommendations. The purpose of this engagement letter is to define the terms of contract between Anderson, Olds, and Watershed and Apollo Shoes, Inc. and to identify the assurance services to be provided. This letter will also provide background information on the following conditions: * Significant regulations and guidelines related to audits of internal control * Relationship between internal controls and the audit process * Internal control risks identified with Apollo Shoes * A brief synopsis of our responsibility in detecting and reporting fraud Responsibilities are different between management and the auditor for internal controls. The auditor is required to prepare an audit report on internal control over...
Words: 1854 - Pages: 8
...2009 pp. 63–76 Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate an organization’s overall level of ITGC risk within the context of an integrated audit. Keywords: internal controls; general control; ITGC; risk assessment. INTRODUCTION he Sarbanes-Oxley Act (SOX 2002) and the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) require that the organization’s chief executive officer (CEO) and chief financial officer (CFO) include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. External auditors must review management’s internal control assessment as part of an annual integrated audit of an organization’s internal controls over financial...
Words: 6299 - Pages: 26
...Checklist for Evaluating Internal Controls Darius Perrin ACC/544 Checklist for Evaluating Internal Controls According to Investopedia (2013), internal controls are methods implemented by a company to ensure the organization is meeting their profitability targets efficiently while also keeping the integrity of the company. The following discussion will outline the three phases of the control evaluation which is understanding the documenting the internal control, assessing the control risks, and performing tests of the controls and reassessing control risks. Phase 1: Understand and Document Internal Control Phase 1 allows the auditors to work efficiently by getting a basic understanding of the organizations internal control. There are five components to internal control: control environment, risk assessment, control activities, monitoring, and information and communications. The following checklist will allow the audit team to gather evidence and focus their efforts in reviewing what aspect is at more risk and requires more review (Louwers, 2007). Yes/No Comments Control Environment Evaluation 1. Is there a written code of conduct displayed for employees to view? Yes 2. Are all employees aware for their goals as an individual? Yes 3. Is there a written document describing each employee’s job description? Yes 4. Would you consider your financial reporting attitude to be conservative? Yes 5. Are actions taken when an employee is found acting...
Words: 851 - Pages: 4
...CHAPTER 1 1. DEFINITION INTERNAL CONTROL is a process effected by people at every level of an organization, designed to provide reasonable assurance about the achievement of objectives in the – effectiveness and efficiency of operations, - reliability of financial reporting, - compliance with applicable laws and regulations. A PROCESS: it is a multiplicity of processes, a series of actions, that is integrated with the basic management processes of planning, executing and monitoring in order to enable their function and in order to monitor them. It is not added on to an entity’s activity, but it should rather be “built-in” in order to be most effective. It is also critical to the success of quality programmes and to cost containment and response time (i.e. not adding new procedures but focusing on existing one and building internal control into them). PEOPLE: internal control is effected by the BoD, management and other personnel. People establish objectives, responsibilities, limits of authority and then put control mechanisms in place. Internal control recognizes that every individual brings in different abilities, needs, priorities, which affect internal control and are in turn affected by internal control itself. The BoD does not only oversee, but it also provides directions and approves transactions and policies, so it is an important element of internal control. REASONABLE ASSURANCE: internal control does not provide absolute assurance. Limitations regard faults in human...
Words: 2982 - Pages: 12
...Question 2 To determine inherent risk the auditor will usually look for such factors as client business risk, examine the business industry and business environment. Auditors need to look at certain industries and be able to familiarize themselves with certain inherent risks that could occur. The auditor needs to be able to understand the competition that exists within the industry, any economic conditions and regulatory laws that the business must follow. The auditor will also look at how business operations processes work and whether or not they are similar or different from companies within the industry. This knowledge could be used as a benchmark or key way for auditors to assess inherent risk. Related party transactions can also be used...
Words: 1752 - Pages: 8
...be implemented to address issues that may have arisen during test of controls. Issues such as...
Words: 575 - Pages: 3
...Strengthening Corporate Accountability and Responsibility with Sarbanes-Oxley Act and COSO Enron, Arthur Andersen, WorldCom. What does these companies and others have in common? They involved audit and corporate governance failures, resulting in the erosion of public confidence. Because of these high-profile corporate and accounting scandals, Congress passed the Public Company Accounting Reform and Investor Protection Act, commonly known as the Sarbanes Oxley Act of 2002 (SOX). SOX mandated reforms to improve financial disclosures from corporations and to prevent accounting fraud. I. SOX SOX applies to all public companies in the United States and international companies that have registered equity or debt securities under the Securities Exchange Act of 1934. It is also applicable to accounting firms that provide auditing services to these companies subject to the Act. Its purpose is to enhance corporate accountability and responsibility. The Eleven Titles There are eleven titles in SOX. Title I addresses public company accounting oversight board. Title II addresses an auditor’s independence. Title III addresses corporate responsibility. Title IV address enhanced financial disclosures. Title V addresses analyst conflicts of interest. Title VI addresses commission resources and authority. Title VII addresses studies and reports regarding consolidation, credit rating, violations, enforcement and investment banks. Title VIII addresses corporate and criminal...
Words: 1083 - Pages: 5
...Internal Auditing * Gives you insight into compliance issues, risk assessment, fraud prevention, corporate governance, IT auditing, and many other topics, plus summaries of current audit research, case studies, and feedback on new initiatives and standards from COSO, the Institute of Internal Auditors (IIA), and other organizations. * An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Differences Mandate: Although Internal Audit does have a degree of focus on the financial aspects of the organisation, it is essentially not a financial discipline - unlike its counterpart External Audit. Its multidimensional nature mandates a much broader scope in the organisation than that of External Audit. * EAs have a statutory obligation to shareholders and the public on the accuracy of the annual report and the financial statements * IAs has a duty to senior management and the board via the audit committee on the state of governance, risk management and control within the organisation. Areas of Focus: * EAs focus on finance and accounting * IAs focus on the whole organisation, all departments, functions and operations Independence: * EAs are independent external assurance providers to the organisation...
Words: 1141 - Pages: 5
...Internal audit’s role in modern corporate governance Thought leadership series Risk and Advisory Services Internal audit’s role in modern corporate governance Recent events have highlighted the critical role of boards of directors in promoting good corporate governance. In particular, boards are being charged with ultimate responsibility for the effectiveness of their organisations’ internal control systems. An effective internal audit function plays a key role in assisting the board to discharge its governance responsibilities. Yet how does the board – and its audit committee – satisfy itself that internal audit is functioning effectively and efficiently? The board’s responsibility for internal controls Through working with a broad range of organisations in Hong Kong and internationally, KPMG has identified a number of best practices in relation to the role played by the board audit and/or risk management committees. s Recent events have highlighted the critical role of boards of directors in s s s s s s s Assessing the scope and effectiveness of the systems established by management to identify, assess, manage and monitor the various risks arising from the organisation’s activities. Ensuring senior management establishes and maintains adequate and effective internal controls. Satisfying itself that appropriate controls are in place for monitoring compliance with laws, regulations, supervisory requirements and relevant internal policies....
Words: 2896 - Pages: 12
...Summary of Internal Control Definition Chapter 07 Internal Control A process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity’s) objectives on: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. 7-2 Control Objectives In each area of internal control (financial reporting, operations and compliance) Control objectives and Sub objectives exist Foreign Corrupt Practices Act Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business The Act Requires an effective system of internal control Makes illegal payment of bribes to foreign officials Example: Area of financial reporting Top level objective – prepare and issue reliable financial information Detailed level applied to A/R sub objectives • All goods shipped are accurately billed in the proper period • Invoices are accurately recorded for all authorized shipments and only for such shipments • Authorized and only authorized sales returns and allowances are accurately recorded • The continued completeness and accuracy of A/R is ensured • Accounts receivable records are safeguarded 7-3 7-4 Controls over Financial Reporting Preventive Aimed...
Words: 1559 - Pages: 7
... Course Description This course is the first course in auditing subject. This course has an overall objective to help students to learn the basic concepts and practices of auditing and assurance services as well as to understand the auditor ethics and responsibilities. Also, it helps students to understand the basic concepts that underlie the audit process and how to apply those concepts to various audit assurance services. Through the first part of auditing course, much attention is given to the conceptual, theoretical and practical aspects of auditing financial statements. This course will also examines auditing theory and practice, emphasizing audit standards in Indonesian context, audit risks, materiality, characteristics of evidence, internal controls, auditors’ reports and professional ethics, sampling, and audit programs. Course Objectives After completion of this course, students are expected to be able to: 1. Understand why there is a demand for auditing and assurance services 2. Differentiate between auditing and accounting 3. Understand the relationship among auditing, attestation, and assurance services 4. Know the different types of auditors and their types of services 5. Understand the issues currently affecting the profession 6. Understand generally accepted auditing standard and their relationship to standard auditing 7. Understand the relationship among financial statements, management assertions, and audit objective ...
Words: 1730 - Pages: 7
...Building supplies 32 34 31 33 27 Lumber brokerage 7 6 6 Gross margin Building supplies 20.1% 18.5% 18.6% 19.1% 18.0% Lumber brokerage 3.9% 4.1% 4.2% Required Analytical procedures show that inventory turnover decreased from 31–34 days to 27 days, and gross margins declined to the lowest level in five years. What might this indicate about the risk of misstatement with respect to inventory and inventory purchases? 2. (Analytical procedures) In audit planning the...
Words: 1162 - Pages: 5
