BibiCPACIACISA 1 Internal Control Integrated Framework An Overview Bibi Consulting COSOs Source COSOs Internal Control Integrated Framework wwwbibiconsultingcom Prepared by Wael BibiCPACIACISA ID: 808165
Download The PPT/PDF document "Prepared by ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Prepared by Wa'el Bibi,CPA,CIA,CISA
1
Internal Control Integrated Framework
An Overview..
Bibi Consulting
COSO’s
Source: COSO’s Internal Control Integrated Framework
www.bibiconsulting.com
Slide2Prepared by Wa'el Bibi,CPA,CIA,CISA
2
What is COSO?
Who are the sponsors?
Slide3Prepared by Wa'el Bibi,CPA,CIA,CISA
3
What Is Internal Control ?
“A process effected by an entity’s board of directors,management and other personnel,designed to provide
reasonable assurance regarding the achievements of objectives in the following categories:Effectiveness & efficiency of operations.
Reliability of financial reporting.Compliance with applicable laws and regulations.”
Slide4Prepared by Wa'el Bibi,CPA,CIA,CISA
4
Internal control is a
process. It is a means to an end, not an end in itself.
Internal control is effected by
people. It
’s not merely policy manuals and forms, but people at every level of an organization.
Internal control can be expected to provide only reasonable assurance
, not absolute assurance, to an entity
’
s management and board.
Internal control is geared to the achievement of
objectives
in one or more separate but overlapping categories.
Prepared by Wa'el Bibi,CPA,CIA,CISA
5
Components Of Internal Control
Control Environment.Risk Assessment.Control Activities.Information & Communication.Monitoring.
Slide6Prepared by Wa'el Bibi,CPA,CIA,CISA
6
Slide717 Principles
Prepared by Wa'el Bibi,CPA,CIA,CISA
7
Source: Deloitte
Slide8Prepared by Wa'el Bibi,CPA,CIA,CISA
8
Control Environment
Sets the tone of the organization.The foundation for all other components.It includes the integrity, ethical values and competence of the people.
Reflects: management’s philosophy & operating style, the way management assigns authority and responsibility and organizes and develops its people, and the attention and direction provided by the board of directors.
Slide9Prepared by Wa'el Bibi,CPA,CIA,CISA
9
Risk Assessment
Every entity faces internal &external risks.Every entity sets objectives.
Risk assessment is the identification and analysis of relevant risks to achievements of the objectives.
Slide10Prepared by Wa'el Bibi,CPA,CIA,CISA
10
Control Activities
The policies and procedures that help ensure management directives are carried out.They help ensure that necessary actions are taken to address risks.Control activities occur throughout the entity at all levels and in all functions.
They include activities such as approvals , authorization, reconciliations and segregation of duties.
Slide11Prepared by Wa'el Bibi,CPA,CIA,CISA
11
Information & Communication
Relevant information must be identified , captured and communicated in a form & timeframe that enables people to carry out their responsibilities.Information systems produce reports containing operational
, financial and compliance –related information that make it possible to run and control the business.Effective communication must occur in a broader sense, flowing down, across and up the organization.
Slide12Prepared by Wa'el Bibi,CPA,CIA,CISA
12
Monitoring
Internal control systems need to be monitored.Types of monitoring:
- ongoing during the course of operations. - evaluation for which the scope and frequency will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures.
Slide13Prepared by Wa'el Bibi,CPA,CIA,CISA
13
ResponsibilitiesWho is responsible for internal control ?
Everyone !
Board of Directors :Governance,guidance & oversightManagement : CEO is the owner
Internal Auditors: evaluate & monitorOther personnel :information and communication
Slide14Prepared by Wa'el Bibi,CPA,CIA,CISA
14
What Internal Control Can DoIt can help achieve performance & profitability targets.
It can help prevent loss of resources.It can help ensure reliable financial reporting.It can help ensure compliance with laws.
It
can help an entity get to where it wants to go,and avoid pitfalls and surprises along the way.
Slide15Prepared by Wa'el Bibi,CPA,CIA,CISA
15
What Internal Control Cannot DoIt cannot ensure success.
It cannot ensure the reliability of financial reporting.It cannot ensure compliance with laws and regulations.Internal controls ,no matter how well designed and operated,can provide only reasonable assurance to management regarding achievements of an entity’s objectives.
Slide16Prepared by Wa'el Bibi,CPA,CIA,CISA
16
Limitations of Internal ControlJudgement.Breakdowns.
Management override.Collusion.Costs Versus Benefits.
Slide17Prepared by Wa'el Bibi,CPA,CIA,CISA
17
End of COSO Presentation
Slide18Prepared by Wa'el Bibi,CPA,CIA,CISA
18
Types of ControlsPreventiveDetectiveCorrective
Directive
Slide19Prepared by Wa'el Bibi,CPA,CIA,CISA
19
Preventive ControlsAre designed to discourage errors or irregularities from occurring.
They are more cost-effective than detective controls. Examples:- Segregation of duties
- Authorization- Firewalls- Passwords
Slide20Prepared by Wa'el Bibi,CPA,CIA,CISA
20
Detective ControlsAre designed to search for and identify errors after they have occurred.
They are more expensive than preventive controls .Examples:
ReconcilaitionsAnalysis Periodic InventorySurveillance camerasAudit
Slide21Prepared by Wa'el Bibi,CPA,CIA,CISA
21
Corrective Controlscorrective controls are designed to restore a system to an approved/last known good state.
Examples:Anti Virus software.Adjusting entries.
Slide22Prepared by Wa'el Bibi,CPA,CIA,CISA
22
Directive ControlsAre designed to provide direction from management. (Actions taken to cause or encourage a desirable event to occur).
Examples:Job DescriptionTrainingPolicies and procedures.