Internal Controls
Enterprise-Wide Risk Assessment
University Audit and Compliance
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Understanding Internal Controls and Risk Management in University Settings, Study notes of Auditing
Insights into the concept of internal controls and risk management in a university context. It discusses the importance of balancing risks and controls, debunking common myths about internal control, and introducing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and its framework. The document also covers the five key components of internal control systems: control environment, risk assessment, control activities, information and communication, and monitoring.
What you will learn
- What are the fundamental concepts of internal control according to COSO?
- What are the consequences of having excessive risks or excessive controls in a university?
- What are the benefits of having a balance between risks and controls in a university setting?
- How does the control environment impact business objectives in a university?
- What are the five key components of an internal control system according to COSO?
Typology: Study notes
2021/2022
1 / 21
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Understanding Internal Controls and Risk Management in University Settings and more Study notes Auditing in PDF only on Docsity!
Internal Controls
Enterprise-Wide Risk Assessment
University Audit and Compliance
- In order to achieve goals and objectives,
management needs to effectively balance
risks and controls.
- Control procedures need to be developed so
that they decrease risk to a level where
management can accept the exposure to
that risk.
Balancing Risk and Controls
Excessive Risks Excessive Controls Loss of assets, donor, grant Increased bureaucracy
Poor business decisions Reduced productivity
Non-compliance Increased complexity
Increased regulations Increased cycle time Public scandals Increase of no-value added activities
Balancing Risk and Controls
Being out of balance, as it relates to financial and compliance goals, can cause the following problems:
Myth Fact
- Internal control starts with a strong set of policies and procedures. - Internal control starts with a strong control environment.
- Internal control—that’s why we have internal auditors.
- Management is the owner of internal control.
- Internal control is a finance thing. We do what the Controller’s Office tells us to do.
- Internal control is integral to every aspect of the business.
The Internal Control Mystique
Myth Fact
- If controls are strong enough, we can be sure there will be no fraud, and financial statements will be accurate. - Internal controls provide reasonable, but not absolute assurance that objectives will be achieved.
The Internal Control Mystique
- Committee of Sponsoring Organizations of
the Treadway Commission (COSO)
- A private sector initiative established in 1985 by
five financial professional organizations:
o American Accounting Association o AICPA o Financial Executives Institute o IIA o Institute of Management Accountants
COSO
COSO defines internal control as a process affected
by an entity’s board of directors, management and
other personnel, and designed to provide
reasonable assurance regarding the achievement of
objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations.
Definition
Fundamental concepts:
- Internal control is a process.
- It’s a means to an end, not an end in itself.
- Geared toward the achievement of objectives
- Internal control is affected by people at every
level.
- Not merely policy manuals and forms
- Provides reasonable, not absolute assurance.
Concepts
- First line of defense is to mitigate risks
- Build control-consciousness throughout the
organization’s culture.
- Philosophy & operating style
- Commitment to integrity & ethical values
- Competency
- Authority & responsibility
- Organization & development
Control Environment
Impact to business objectives:
- Strategic – high-level goals, aligned with
and supporting its mission
- Financial – safeguarding assets
- Operational – processes that achieve
goals
- Compliance – laws & regulations
- Reputation – public image
Risk Assessment - ERM
Controls can be either preventive or detective:
- Preventive – attempt to deter or prevent undesirable events from occurring. - Separation of duties, approvals, proper authorization, adequate documentation, physical control over assets.
- Detective – attempt to detect undesirable acts.
- Provide evidence that a loss has occurred.
- Reviews, variance analyses, reconciliations, physical inventories, and audits.
Control Activities
All organizations must identify, capture, and
communicate pertinent information in a
form and timeframe that enables people to
carry out their responsibilities.
Information and Communication
- Confirms that all 5 components are in place,
properly designed, and functioning
effectively.
- We can reduce the cost of monitoring by
building it into processes.
Monitoring
What is an “effective” system of controls?
Emanates from an ethical tone at the top.
Policies & procedures are in place, understood,
and followed.
Organization-wide commitment to strong internal
controls, effective risk management, and to
meeting expectations of all stakeholders.
Success Factors