1- What does the term internal control mean?
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as: * “ a process, affected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories” * Effectiveness and efficiency of operations
* Reliability of financial reporting
* Compliance with applicable laws and regulations
2- What are the five components of an internal control framework?
i. CONTROL ENVIRONMENT
* Influencing the control consciousness in organization
* The foundation of all internal control
* Control environment factor
* Integrity, ethical values, competence of organization people * Management philosophy and operating style
* The way management assigns authority and responsibility, organizes and develops its people * Attention and direction provided by BOD
ii. RISK ASSESSMENT
* Assessment of internal and external risk in achieving organization’s objectives * Economic, industry, regulatory and operating condition will continually change * Identify and address the specific risk associated with change.
iii. CONTROL ACTIVITIES
* All policies and procedures to ensure management directives are carried out * Ensure necessary actions to address risk
* Occur at all levels and functions
* Eg: approvals, authorizations, verifications, reconciliations, security of assets and segregation of duties. iv. INFORMATION AND COMMUNICATION
* Information must be identified, captured and communicated * Incldes operational, financial and compliance-relate information * Flowing down, across and up
* To be communicated well so people understand their roles in the internal control system * Should effectively communicate to esternal parties such as customers, suppliers, regulators and shareholders. v. MONITORING
* Assess the quality of system performance
* Achieved via ongoing monitoring activities and independent evaluations * Internal control deficiencies should be communicated to top management.
3- Who has the responsibility for internal control within an organization? Everyone in the organization has a responsibility in the internal control structure. The COSO designates each party’s role and responsibility as follows: * Management – the chief executive officer (such as the deputy minister) is ultimately responsible and should assume “ownership” of the system. * Audit Committee – management is accountable to the audit committee which provides governance, guidance and oversight. * Internal Auditors – internal auditors play an important role in evaluating the effectiveness of control systems and contribute to ongoing effectiveness. The internal audit function also plays a significant monitoring role. * Other personnel – internal control is, to some degree, the responsibility of everyone in an organization and therefore should be part of each person’s job description. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. All personnel should be responsible for communicating problems in operations, noncompliance with the code of conduct, policy violations or illegal acts.
4- Briefly describe the responsibilities each of the following groups of people has regarding internal control: management, the board of directors, internal auditors, others in the organization.
* Responsible for the establishment and performance of the entity’s internal control system, with the chief executive officer, supported by senior management, being ultimately responsible. * They need to understand how an integrated internal control framework should work. *...