Auditing I
Chapter 11
Internal Control and COSO Framework
Internal Control Objectives
Management typically has three broad objectives in designing an efective
internal control system:
1. Reliability of fnancial reporting
2. Efficiency and efectiveness of operations
3. Compliance with laws and regulations
Management and Auditor Responsibilities for Internal Control
Management’s Responsibilities for Establishing Internal Control
Reasonable Assurance
- A company should develop internal controls that provide reasonable,
but not absolute, assurance that the fnancial statements are fairly
stated.
- Reasonable assurance is a high level of assurance that allows for only a
low likelihood that material misstatements will not be prevented or
detected on a timely basis by internal control.
Inherent Limitations
Internal controls can never be completely efective, regardless of the care
followed in their design and implementation. Even if management can
design an ideal system, its efectiveness depends on the competency and
dependability of the people using it.
Management’s Section 404 Reporting Responsibilities
Section 404(a) of the Sarbanes–Oxley Act requires management of all public companies to issue an
internal control report that includes the following:
- A statement that management is responsible for establishing and maintaining an
adequate internal control structure and procedures for fnancial reporting
- An assessment of the efectiveness of the internal control structure and procedures for
fnancial reporting as of the end of the companyss fscal year
Design of Internal Control
Management must evaluate whether the controls are designed and put in
place to prevent or detect material misstatements in the fnancial
statements.
Operating Efectiveness of Controls
The objective is to determine whether the controls are operating as
designed and whether the person performing the control possesses the
necessary authority and qualifcations to perform the control efectively.
, Auditing I
Auditor Responsibilities for Understanding Internal Control
Controls Over the Reliability of Financial Reporting
Auditors focus primarily on controls related to the frst of managementss
internal control concerns: reliability of fnancial reporting.
Controls over Classes of Transactions
- Auditors emphasize internal control over classes of transactions rather
than account balances because the accuracy of accounting system
outputs (account balances) depends heavily on the accuracy of inputs
and processing (transactions).
- The auditor must also gain an understanding of controls over ending
account balance and presentation and disclosure objectives.
Auditor Responsibilities for Reporting on Internal Control
To express an opinion on these controls, the auditor obtains an understanding of
and performs tests of controls for all signifcant account balances, classes of
transactions, and disclosures and related assertions in the fnancial statements.
COSO Components of Internal Control
COSOss Internal Control — Integrated Framework, the most widely accepted
internal control framework in the United States, describes fve components of
internal control that management designs and implements to provide reasonable
assurance that its control objectives will be met. The COSO internal control
components include the following:
Control Environment
The control environment consists of the actions, policies, and procedures that
reflect the overall attitudes of top management, directors, and owners of an
entity about internal control and its importance to the entity.
Integrity and Ethical Values
Integrity and ethical values are the product of the entityss ethical and
behavioral standards, as well as how they are communicated and
reinforced in practice.
Commitment to Competence
- Competence is the knowledge and skills necessary to accomplish tasks
that defne an individualss job.
Chapter 11
Internal Control and COSO Framework
Internal Control Objectives
Management typically has three broad objectives in designing an efective
internal control system:
1. Reliability of fnancial reporting
2. Efficiency and efectiveness of operations
3. Compliance with laws and regulations
Management and Auditor Responsibilities for Internal Control
Management’s Responsibilities for Establishing Internal Control
Reasonable Assurance
- A company should develop internal controls that provide reasonable,
but not absolute, assurance that the fnancial statements are fairly
stated.
- Reasonable assurance is a high level of assurance that allows for only a
low likelihood that material misstatements will not be prevented or
detected on a timely basis by internal control.
Inherent Limitations
Internal controls can never be completely efective, regardless of the care
followed in their design and implementation. Even if management can
design an ideal system, its efectiveness depends on the competency and
dependability of the people using it.
Management’s Section 404 Reporting Responsibilities
Section 404(a) of the Sarbanes–Oxley Act requires management of all public companies to issue an
internal control report that includes the following:
- A statement that management is responsible for establishing and maintaining an
adequate internal control structure and procedures for fnancial reporting
- An assessment of the efectiveness of the internal control structure and procedures for
fnancial reporting as of the end of the companyss fscal year
Design of Internal Control
Management must evaluate whether the controls are designed and put in
place to prevent or detect material misstatements in the fnancial
statements.
Operating Efectiveness of Controls
The objective is to determine whether the controls are operating as
designed and whether the person performing the control possesses the
necessary authority and qualifcations to perform the control efectively.
, Auditing I
Auditor Responsibilities for Understanding Internal Control
Controls Over the Reliability of Financial Reporting
Auditors focus primarily on controls related to the frst of managementss
internal control concerns: reliability of fnancial reporting.
Controls over Classes of Transactions
- Auditors emphasize internal control over classes of transactions rather
than account balances because the accuracy of accounting system
outputs (account balances) depends heavily on the accuracy of inputs
and processing (transactions).
- The auditor must also gain an understanding of controls over ending
account balance and presentation and disclosure objectives.
Auditor Responsibilities for Reporting on Internal Control
To express an opinion on these controls, the auditor obtains an understanding of
and performs tests of controls for all signifcant account balances, classes of
transactions, and disclosures and related assertions in the fnancial statements.
COSO Components of Internal Control
COSOss Internal Control — Integrated Framework, the most widely accepted
internal control framework in the United States, describes fve components of
internal control that management designs and implements to provide reasonable
assurance that its control objectives will be met. The COSO internal control
components include the following:
Control Environment
The control environment consists of the actions, policies, and procedures that
reflect the overall attitudes of top management, directors, and owners of an
entity about internal control and its importance to the entity.
Integrity and Ethical Values
Integrity and ethical values are the product of the entityss ethical and
behavioral standards, as well as how they are communicated and
reinforced in practice.
Commitment to Competence
- Competence is the knowledge and skills necessary to accomplish tasks
that defne an individualss job.
