internal control
systems and methods managers use to ensure their organization accomplishes what is intended while avoiding undesirable results, safeguard assets, comply with rules and regulations
budget and accounting procedures act
required each federal agency head to establish and maintain internal controls
federal managers financial integrity act (FMFIA)
required GAO to prescribe standards of internal control (Green Book) and OMB to establish guidlines for evaluating systens of control on an annual basis
– report weaknesses and prescribe a corrective action plan
single audit act
audits of state and local, nonprofits receiving federal financial assistance of a certian amount
sarbanes oxley act
restrictions on publicly traded companies
- on annual report must report on assessment of effectivness of internal controls for financial reporting
cfo act
requires cfo to develop and maintain an integrated agency accoutning and financial management system including financial reporting and internal controls
fraud reduction and data analytics act
OMB established guidlines for federal agencies to use GAO’s framweork for internal controls/risk management
green book
provides framework for establishing and maintaining internal control
- required by FMFIA
- uses components/principles identified by committe of sponsoring orgs (COSO)
OMB Circular A-123
managements response for enterprise risk management and internal control
omb circular a-130
management of federal information resources
- minimum set of controls in federal automated info security program
reasonable assurance
- internal controls can’t provide absolute assurance
- satisfactory level of confidence that org will achieve goals and minimize fraud/waste/abuse
- cost shouldn’t outweigh beneft
-typically prevention type more costly than detection
internal control framework
- developed by COSO
- 5 components, 17 principles
internal controls meet 3 objectives
-operations: effectiveness/efficiency
- reporting: internal/external reports
- compliance: adherence with laws and regulations
5 internal control components
- control environment
- risk assessment
- control activities
- info and communication
- monitoring
control environment
- foundation for internal control system / most important
- discipline and structure
- integrity and ethical values
- commitment to competence
- management philosophy and operating style
- human resources and policies
5 principles of control environment
- oversight body and management demonstrate commitmenet to integrity and ethical values
- oversight body oversees entity’s internal control system
- management establishes an org structure, assign responsibilities, and delegate authority to achieve objectives
- management demonstrates committment to recruit, develop and retain competent individuals
- management evaluates performance and hold individuals accountable for internal control responsiblities
risk assessment principles (4)
- management defines objectives clearly to enable identification of risks and define risk tolerance
- management identify, analyze, and respond to risks related to achieving defined objectives
- management considers potential for fraud
- management identify, analyze, and respond to significant changes that could impact itnernal control system
risk assessment
express objectives and determine what could go wrong
- determine where material internal control weaknesses are likely to exist
- identity theft fastest rising crim
- program that disburse cash riskier than social services
- fraud risk almost always present
- must establish entity wide risk profiles
omb a-123 asses risk and decide
- accept risk and do nothing
- not accept risk because it is too consequential (stop doing it)
- accept and work to reduce
control activities
internal controls
- procedures that organziatons establish to ensure they accomplish goals and avoid what they want to avoid
3 principles of control activities
- management designs control activities to achieve objectives and respond to risk
- management designs entity’s inforomation system and related control activities to achieve objectives and respond to risks
- management should impleement control activities through policies
conflict between effectiveness and efficiency
choose effectiveness
4 purposes of control activities
- efficient and effective program operations
- validity and reliability of data (accounting and performance data)
- compliance with laws and regulations
- safeguarding of resources (including misuse and loss)
typical control activities
- separation of duties (violated regularly due to insufficient staff)
- restricting access to resources and records
- periodic reconciliations
