+380.000 other summaries
A unique study tool
A rehearsal system for this summary
Studycoaching with videos
Remember faster, study better. Scientifically proven.
PREMIUM summaries are quality controlled, selected summaries prepared for you to help you achieve your study goals faster!
Summary - Class notes - ICAIS
1538344800 Lecture 1
- Perceived pressure facing individual
- Perceived opportunity to commit fraud
- Person's rationalization or integrity
Accounting Information System"... Processes data and transactions to provide users with information they need to plan, control and operate their business"
Internal Control"Those organizational activities aimed at providing relevant and reliable information for decision-making and accountability"
Three types of information in organizations1. Information for delegation and accountability.
Division of labour -> Responsibility -> Account for
2. Information for decision-making
E.g. decision to purchase or design product
3. Information for operating the business
E.g. sharing knowledge, coordinating activities
Decision tree spectrum of informationSee slides
Name the aspects of quality of information
In accordance with reality (not too high)
CompletenessIn accordance with reality (not too low)
PrecisionDegree of detail
TimelinessProvided on time
What's the definition of Internal Control according to COSO?
A process affected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to:
- Operations (effectiveness and efficiency of operations)
- Reporting (reliability of internal/external (non) financial reporting)
- Compliance (adherence to applicable laws and regulations)
- Safeguarding of assets (added by US Government Accountability Office)
Components of Internal Control
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Foundation of all other components
- Norms and values with respect to control consciousness
- Organizational culture, structure, management philosophy and operating style, HR policies, integrity and values, attitude towards IT & information provision.
- Risk assessment is the identificiation and analysis of relevant risks to the achievement of the objectives
- Objectives: operations objectives, financial reporting objectives, compliance objectives
Enterprice Risk Management Framework
1. Governance & Culture
2. Strategy & Objective setting
4. Review and revision
5. Information, communication & reporting
RiskThe threat that an event or action will adversely affect an organization's ability to achieve its business objectives and execute its strategies succesfully.
Risks external environmentExternal threats including substitute products, catastrophic loss, changes in customers tastes and preferences, competitors, political enviroment, laws/regulations, and capital and labor availability.
Risks - Business process and assets lossThreats form ineffective or inefficient processes for acquiring, financing, transforming, and marketing products, and loss of tangible, intangible and market-based assets.
Risks - InformationThreats from poor quality information for decision making and erroneous information to outsiders.
- Establish accountability using segregation of duties
- Physical security of assets
- Procedures for authorization
- Management guidelines
- Three-way matches
- Code of conduct
Preventive IT controls
- Edit checks
- Input controls at/between data fields
- Physical security
- Logical security
- Analytical review
- Reconciliations and control totals
- Detailed (sample-based) checks
- Back-up / recovery (IT)
- Exception reports (IT)
What types of internal controls are there
- Detailed checks, total checks, and partial observation
- Direct and indirect checks
- Formal and material checks
- Negative and positive checks
- Policy control
- Standards control
- Expectations control
- Authority control
- Progress control
- Efficiency control
- Execution control
- Custody control
Information and Communication - internal control component
- Recording of transactions
- Matching of internal with external recordings
- Confirmations to thirds parties
- Communications of procedures and task assignments
- Other management reports
MonitoringMonitoring is a process that assesses the quality of an internal control system over time
What are the two different forms of monitoring
- Monitoring as a continuous process
- Monitoring as separate evaluations
Periodical physical stocktaking, comparing the results with the accounting records, and reporting on the differences.
What are the cornerstones of internal control?
1. The steering paradigm
2. The management cycle
3. The basic pattern of information provision
4. The value cycle
The Steering Paradigm
1. Controlled system: organization
2. Control system: management
3. Information system: gives information to control system
4. Environment: provides information to information system and/or control system
1. Information (information system) is key to controlling a system
2. There is continuous interaction between the environment and the system
3. The subjective choice of the system boundaries determines what information is considered internal or external
4. There is a manager/device (control system) who attempt to control the behaviour of a subordinate/organizational unit (controlled system) on the basis of information. Information is acquired from the information system, directly from the environment, or both.
The management cycle
The management cycle indicates in detail which steps management activities consists of. Ideally, there is a perfect congruence between the goals of the organization and the employees, however this hardly exists in reality and therefore people need to be managed to move them in the desired direction. According to the management cycle, this process consists of five stages:
1. Planning (plan)
2. Structuring (do)
3. Execution (do)
4. Evaluation (check)
5. Adjustment (act)
The basic pattern of information provision
In general, each process of information provision has the same structure and consists of three parts:
2. Processing - using procedures and existing data collections
An information system produces information by combining input data with existing data (usually contained with computer files) according to certain procedures (usually contained within computer programs) to generate the desired output.
The Value CycleThe value cycle is a model that enables visualization of segregation of duties and helps to describe the relationsship betwween positions and events in organizations. Ideally there should be segregation of duties between each part of the value cycle.
What are the segregation of duties?
- Authorizing transactions (e.g. approving events (external party))
- Recording transactions (record events in book of original entry)
- Custody of resources (physically protect resources)
- Controlling activities (checking (reconciliations, control totals, SOD)
- Executing transactions (physically move resources)
BIDE - formulas
Beginning balance + increase - decrease = ending balance
Beginning inventory + purchases - sales = ending inventory
Beginning balance cash - cash disbursements + cash receipts = ending balance cash
Beginning balance AP + purchases - cash disbursements = ending balance AP
Beginning balance AR + sales - cash receipts = ending balance AR
What are inherent limitations of internal control?
- Human error
What are sometimes limitations of internal control?
- Management's choice of internal control quality balances cost with expected benefits. So some misstatement will be optimal
- Most internal controls are directed at routing or expected transactions. So nonrouting or unexpected transactions may not be controlled
- Over time, controls may deteriorate due to changed conditions, or faltering compliance.
Latest added flashcards
for customers since there is a high degree of flexibility. There is also a high degree of delegation.
balance between efficiency and flexibility is lost à decrease in job satisfaction.