Auditing
Essay by 24 • November 27, 2010 • 1,170 Words (5 Pages) • 1,604 Views
International companies, advancements in technology, the increasing amount of business failures, and widely publicized fraud in America have forced companies to place more emphasis on internal control systems and internal audits. Internal controls consist of procedures that management uses to ensure accuracy in performing certain business functions. These procedures make up a company's internal control system. Internal controls helps to ensure the reliability of financial reporting. Section 404 of the Sarbanes Oxley act requires auditors to perform an audit of financial statements as well as report on the effectiveness of internal controls. To address internal control issues, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued control guidelines called the Internal Control-Integrated Framework in September of 1992. The COSO helps to emphasize the understanding of a good internal control system. It provides guidelines for establishing criteria to assess the adequacy and effectiveness of a companies internal control system. The COSO report has played an important role in increasing the responsibilities and obligations of auditors.
Internal controls are designed for three basic purposes; the reliance of financial reporting, efficiency and effectiveness of operations and compliance with laws and regulation. The management of a company prepares its financial statements for external users. Management is responsible for providing reliable information in their financial statements. Controls within an entity are meant to promote efficiency and effectiveness. Section 404 requires public companies to include a report about the effectiveness of controls in their annual form 10-k. Internal controls are designed to achieve all three objectives.
Management is responsible for making sure that the financial statements are in accordance with GAAP requirements. Controls with in an organization promote the efficiency and effectiveness of company operations. Controls provide assurance to ensure that a company is producing accurate financial and non-financial information for correct decision making. Internal controls provide assurance that a company performs within accordance with laws and regulations.
Management and auditors are both responsible for the internal controls of a company. It is management's responsibility to create and maintain internal controls. It is required by section 404 that management publicly reports about the effectiveness of their internal controls. In contrast, the auditor's responsibility is to understand and test the controls over financial reporting. Section 404 requires that auditors report on the effectiveness of a company's internal controls, including their opinion about the controls.
There are two key factors that management must use to design and implement internal controls. A company should establish reasonable assurance but not absolute assurance that financial statements are fairly stated. Internal controls are developed according to their cost and the benefits it provides. The PCAOB states that reasonable assurance allows for the likelihood that misstatements will be detected by internal controls. Internal controls have inherent limitations are not one hundred percent effective no matter how effective the design.
When creating the design for internal controls, management must decide whether its purpose is to prevent or detect misstatements in financial statements. Management must also test to see if the internal controls operate effectively. The purpose for testing internal controls is to sees if it is operating as it is designed to. Management's test of controls includes inspection of documents and reperformance of the application of the controls. Management conducts tests over periods of time to ensure effectiveness. Management must document their results on the effectiveness of controls.
COSO's internal integrated framework is the most common control frame work companies use today. It contains five components that management should design and implement to assure that reasonable assurance will be provided. The COSO's five components are the control environment, risk assessment, control activities, information and communication and monitoring. These components are interrelated and they all must function properly together to create an adequate and effective internal control system.
The control environment consist of a number of elements such as integrity and ethical values, managements' standards of behavior, the structure of the organization, human resource policies, the board of directors, the audit committee, and the competence of personnel. The control environment provides the basis for assessing the effectiveness of controls and the ability to provide reliable information on financial statements. The control environment is the foundation for the other components.
Risk
...
...