SOURCE: California State University - University Auditor Show
You may have heard the term "internal control(s)," but what exactly is it? Evaluating internal controls is one of internal auditing's primary responsibilities. The Institute of Internal Auditors (IIA) defines control and control processes as follows: A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Control processes are the policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. Risk management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives. A broadly accepted definition of internal control comes from the Committee of Sponsoring Organizations (COSO)1 of the Treadway Commission's report entitled The Control-Integrated Framework (COSO Report) as follows: Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objective in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Key points about internal control include:
In the California State University (CSU) environment, internal controls serve the following purposes:
Generally, controls are of two types:
The COSO Report further defines five interrelated components of internal control:
Who is responsible for internal controls?The auditors, right? Wrong! Everyone plays a part in the CSU's internal control system. Ultimately, it is CSU management's responsibility to ensure that controls are in place. That responsibility is delegated to each area of operation, which must ensure that internal controls are established, properly documented, and maintained. Every employee has some responsibility for making this internal control system function. Therefore, all CSU employees need to be aware of the concept and purpose of internal controls. Internal audit's role is to assist management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the systems of internal control. What is internal auditing?The IIA defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The internal audit activity evaluates the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems. Internal audit reviews include the reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, regulations, and contracts. These reviews also ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization, as well as the extent to which results are consistent with established goals and objectives and whether operations and programs are being implemented or performed as intended. 1. COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. Who is responsible for the reliability of the internal controls over financial reporting process of an entity?The PCAOB makes it clear that the CEO and CFO are responsible for the internal control over financial reporting and the preparation of the statements.
Who is responsible for internal financial controls?Auditors' Responsibility
The auditor is required to conduct the audit of internal financial controls over financial reporting and express his opinion on the effectiveness of internal financial control. The company's internal controls cannot be considered effective if one or more material weakness exists.
Is are primarily responsible for the quality integrity reliability and internal controls of the financial reporting process?The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on: management. An act of two or more employees to steal assets and cover their theft by misstating the accounting records would be referred to as: collusion.
Who is responsible for the accuracy of financial statements?The primary responsibility for the accuracy of the financial records and conformance with Generally Accepted Accounting Principles (GAAP) of the information in the financial statements rests with management, normally the CEO and CFO.
|