Post on 14-Dec-2015
Chapter 4Transaction Processing and the
Internal Control ProcessThis organization looks like it has weak internal
controls.
Presentation Outline
I. Business Exposures
II. Fraud and White-Collar Crime
III. The Internal Control Process
IV. The Sarbanes-Oxley Act of 2002
V. Classifying Transaction Processing Controls
VI. Analysis of Internal Control Processes
I. Business Exposures
A. The Meaning of Exposure
B. Examples of Common Business Exposures
A. The Meaning of Exposure
Potential FinancialEffect of Event x
Probability ofOccurrence
(Risk)
=
Exposure
B1. Common Business Exposures
Deficient revenues due to decreases in
earnings resulting from things like
excessive bad debts, incorrect billing, and returns from unhappy
customers.
B2. Common Business Exposures
Loss of assets due to theft, acts of violence,
or natural disaster
B3. Common Business Exposures
Inaccurate accounting causes decisions to be made using inaccurate
information.
B4. Common Business Exposures
Business interruption from things like acts
of violence and natural disaster can damage or destroy a
business.
B5. Common Business Exposures
Statutory sanctions interrupting business
due to regulatory agency penalties.
B6. Common Business Exposures
Competitive disadvantage resulting from
ineffective management
decisions.
B7. Common Business Exposures
Fraud (perverting truth to obtain something of
value) and embezzlement
(fraudulent appropriation of assets
for one’s own use).
II. Fraud and White-Collar Crime
A. Three Types of White Collar Crime
B. Fraudulent Financial Reporting
C. Corporate Crime
D. Certified Fraud Examiners
E. KPMG Survey
A. Three Types of White-Collar Crime
White-collar crime occurs when assets are deceitfully diverted from proper use or deceitfully misrepresented by an act or series of acts that are nonviolent in nature.
Employee theft – involves diversion of assets by an employee for personal gain.
Employee-outsider theft – involves diversion of assets by an employee in collusion with an outsider for
personal gain.Management fraud – concerns diversion of assets or
misrepresentation of assets by management.
B. Fraudulent Financial Reporting
White-collar crime may result in fraudulent financial reporting. This is intentional or
reckless conduct, whether by purposeful
act or by omission, that results in
materially misstated financial statements.
C. Corporate Crime
Corporate crime is white-collar crime that benefits a company or
organization rather than the individuals who perpetrate the
fraud. Such individuals may
benefit indirectly.
D. Certified Fraud ExaminersForensic accounting is a term used to describe the activities of persons who are concerned with preventing and detecting
fraud.The National Association of Certified Fraud Examiners (NACFE) is a professional organization that provides bona fide qualifications for certified fraud examiners
(CFEs) through the administration of the
Uniform CFE examination.
E. KPMG Survey
KPMG surveyed the 2,000 largest companies in the United States.
Fifty-nine percent cited internal control as the most frequent reason that frauds were discovered.
Fifty-six percent stated that poor internal controls were the most frequent reason that fraud occurred.
The survey results …
III. The Internal Control Process
A. Purpose of Internal ControlB. Two Premises of Internal Control
C. The Foreign Corrupt Practices Act of 1977D. Elements of Internal Control
Internal controls keep a close eye on employee
activities when management can’t. This
helps employees stay honest.
A. Purpose of Internal Control
Internal control is designed to provide reasonable assurance regarding:Reliability of financial reporting.Effectiveness and efficiency of operations.Compliance with laws and regulations.
Don’t go astray!
B. Two Premises of Internal Control
Responsibility – Management and the board of directors are responsible for establishing and maintaining the internal control process.Reasonable assurance – A control should not cost more than the potential benefit of the control.
C. The Foreign Corrupt Practices Act (FCPA) of 1977
The FCPA requires that all organizations subject to the Securities Act of 1934:Keep an adequate system of records.Devise and maintain an appropriate system of internal accounting controls.
D. Elements of Internal Control
Control environment – Overall values and integrity of organization.Risk assessment – Identification and evaluation of risks.Control activities – Activities undertaken to reduce probability of loss due to significant risks.Information and communication – Communicating information about the control environment and control activities.Monitoring – Keeping watch over and changing internal controls so that they function effectively and efficiently.
IV. The Sarbanes-Oxley Act of 2002
A. Creation of the Public Company Accounting Oversight Board (PCAOB)
B. Restrictions on Nonaudit ServicesC. Role of the Audit Committee
D. Corporate Responsibility for Financial Reports
E. Management Assessment of Internal Controls
Note: This Act currently applies to only publicly-traded companies.
A. Creation of the PCAOBCreated to oversee the auditing of public companies.
The SEC will have “oversight and enforcement authority over the Board.” No rule of the Board shall become
effective without prior approval of the commission. (Sec. 107)
The Board will:register public accounting firms,
establish the standards for the audit of public companies,conduct inspections of public accounting firms,
investigations and disciplinary hearings and have the power to impose sanctions.
(Sec. 101)
B. Restrictions on Nonaudit ServicesPublic company auditors may not also provide the following
services to their audit clients: Bookkeeping
Financial information systems design and implementation Appraisal or valuation services
Actuarial services Internal audit outsourcing
Management or human resource services Broker or dealer
Legal and expert services unrelated to audit Other services determined by the PCAOB
C. Role of the Audit Committee
Public companies must maintain must
maintain an independent audit
committee composed of members of the
board of directors who receive no
compensation from the company except for
services on the board.
D. Corporate Responsibility for Financial Reports
The CEO and CFO must prepare a statement to accompany the audit
report. This statement certifies to the fairness of the presentation of
the financial statements and accompanying
disclosures.
E. Management Assessment of Internal Controls
The Sarbanes-Oxley Act requires the annual report to contain an internal control report that:
states the responsibility of management for establishing and maintaining an adequate internal control structure
and procedures for financial reporting and
contains an assessment, as of the end of the company’s fiscal year, of the effectiveness of the internal control structure and procedures of the company for financial
reporting.
Note: The external auditor must attest to and report on the above assessment as a part of the audit process.
V. Classifying Transaction Processing Controls
A. General and Application Controls
B. Preventive, Detective, and Corrective Controls
A. General and Application Controls
General controls affect all processing transactions.
Application controls are specific to individual applications. They include input, processing, and output controls.
B. Preventive, Detective, and Corrective Controls
Preventive controls – Prevent errors and fraud before they happen.
Detective controls – Uncover errors and fraud that have occurred.
Corrective controls - Correct errors
VI. Analysis of Internal Control Processes
A. Internal Control Questionnaire
B. Applications Control Matrix
A. Internal Control QuestionnaireQuestionnaires are available
for the review of certain application areas. Some
weaknesses may be compensated for by other
strengths. Testing of controls is also necessary
since responses to a questionnaire are not considered conclusive evidence about internal
controls.
B. Applications Control Matrix
Columns represent processes under review while rows represent the
presence/rating for a control feature. Some use x’s to indicate the
presence or absence of a control. Others provide ratings to indicate the
assessed reliability of the control. (See p. 133)
Summary
The meaning of exposure
The cause of exposure
The concept of internal control
General and application controls
Preventive, detective, and corrective controls
Internal control questionnaires
Applications control matrix.