De presentatie wordt gedownload. Even geduld aub

De presentatie wordt gedownload. Even geduld aub

Bestuurlijke informatie Voorziening A. COSO B. Control and Accounting C. Information Systems D. Controlprocessen.

Verwante presentaties


Presentatie over: "Bestuurlijke informatie Voorziening A. COSO B. Control and Accounting C. Information Systems D. Controlprocessen."— Transcript van de presentatie:

1 Bestuurlijke informatie Voorziening A. COSO B. Control and Accounting C. Information Systems D. Controlprocessen

2 Ten eerste (a) COSO

3 Internal control: COSO Het COSO report is de linking pin tussen management control en interne controle Aandachtsgebieden : –financiële verantwoordingsinformatie met onderliggend taskmanagement: interne controle –strategie implementatie: management control

4 Management Control vs Internal Control

5 COSO-definitie Internal Control A process effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives in the following categories: –Effectiveness and efficiency of operations –Reliability of financial reporting –Compliance with applicable laws and regulations –Safeguarding of assets (added later)

6 Componenten van internal control Control environment Risk analysis Control activities Information and communication Monitoring

7 Ten Derde(c) Controlprocessen

8 Ontwerpen van een controlsysteem Inventarisatie van de bedreigingen en analyse van de risico’s Bepalen van de control objectives Selectie van controlmaatregelen en integratie tot een systeem (Ontwerp) Implementatie van het controlsysteem Evaluatie op kwaliteit en effectiviteit (Monitoring) Aanpassing van het controlsysteem

9 Ontwerpen v/e beheerssysteem (1) Het verzamelen van informatie over: –Doelstellingen en het daarop gebaseerde beleid –De omgeving: entiteiten met hun doelstellingen –De inrichting en het functioneren van de organisatie zelf –Overige beïnvloedingsfactoren

10 Ontwerpen v/e beheerssysteem (2) Inventarisatie van de bedreigingen en analyse van de risico’s Vaststellen van de control objectives Selectie van beheersmaatregelen en integratie tot een systeem Implementatie van het beheerssysteem Evaluatie op kwaliteit en effectiviteit Modificatie

11 Risico analyse Risico analyse bestaat uit de volgende stappen: –Inventarisatie van mogelijke bedreigingen –Inschatting van de kans, dat deze zich werkelijk voordoen –Analyse van de mogelijke schade indien ze zich voordoen Volgende stap is risicomanagement op basis van de keuze tussen “afdekken” of t.z.t. “schade herstellen”

12 Belangrijke aspecten bij risico analyse De kwaliteit van de risico analyse is bepalend voor de kwaliteit van het beheerssysteem Er bestaat een aantal methodologieën ook in het COSO rapport is een aanpak beschreven In veel organisaties is risico analyse als aparte functie ingericht op hoog niveau in de organisatie

13 Categorisering van risico’s Naar hun ontstaan: Extern versus intern Naar hun invloed op de organisatie (COSO): –Operational –Financial –Compliance

14 Externe risico’s vanuit hun ontstaan KAPITAALMARKT REGULATOREN EIGENAREN ARBEIDSMARKT DIVERSEN INKOOPMARKT VERKOOPMARKT ORGANISATIE

15 Interne risico’s vanuit hun ontstaan Benoemen van kritische aspecten voor: –Leiding en uitvoering van de processen –Gebruik van resources –Het functioneren van leiding en medewerkers Vanuit deze aspecten vaststellen van control objectives, gericht op: –Het (zo vroeg mogelijk) onderkennen van mogelijke bedreigingen –Het voorkomen dat ze zich voordoen –Het beperken/ elimineren van de nadelige gevolgen

16 Monitoring (1) De redenen voor het monitoren/ het evalueren van de werking van beheerssystemen zijn: De dynamiek van de maatschappij en daarmede noodzakelijkerwijs van de organisatie maakt ook de beheerssystemen dynamisch en aan verandering onderhevig Het functioneren van een beheerssysteem kan afwijken van de opzet

17 Monitoring (2) Monitoring dient een permanent proces te zijn en als zodanig onderdeel van het beheerssysteem Een interne accountantsdienst kan als (een) taak hebben het monitoren van het beheerssyteem.

18 Threats to Accounting Information Systems What are examples of natural and political disasters? –fire or excessive heat –floods –earthquakes –high winds –war

19 Threats to Accounting Information Systems What are examples of software errors and equipment malfunctions? –hardware failures –power outages and fluctuations –undetected data transmission errors

20 Threats to Accounting Information Systems What are examples of unintentional acts? –accidents caused by human carelessness –innocent errors of omissions –lost or misplaced data –logic errors –systems that do not meet company needs

21 Gevaren voor Accounting Informatie Systemen What are examples of intentional acts? –sabotage –computer fraud –embezzlement

22 Overview of Control Concepts What is the traditional definition of internal control? Internal control is the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed managerial policies.

23 Overview of Control Concepts What is management control? Management control encompasses the following three features: 1It is an integral part of management responsibilities. 2It is designed to reduce errors, irregularities, and achieve organizational goals. 3It is personnel-oriented and seeks to help employees attain company goals.

24 Internal Control Classifications The specific control procedures used in the internal control and management control systems may be classified using the following four internal control classifications: 1Preventive, detective, and corrective controls 2General and application controls 3Administrative and accounting controls 4Input, processing, and output controls

25 Committee of Sponsoring Organizations The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of five organizations: 1American Accounting Association 2AICPA 3Institute of Internal Auditors 4Institute of Management Accountants 5Financial Executives Institute

26 Committee of Sponsoring Organizations In 1992, COSO issued the results of a study to develop a definition of internal controls and to provide guidance for evaluating internal control systems. The report has been widely accepted as the authority on internal controls.

27 Aanbevolen aanvullende literatuur Het COSO-raamwerk: instrument voor de beoordeling van de “interne beheersing” Remko Renes – Handboek Accountancy najaar 2003

28 Committee of Sponsoring Organizations The COSO study defines internal control as the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved with regards to: –effectiveness and efficiency of operations –reliability of financial reporting –compliance with applicable laws and regulations –safeguarding of assets

29 Committee of Sponsoring Organizations COSO’s internal control model has five crucial components: 1Control environment 2Control activities 3Risk assessment 4Information and communication 5Monitoring

30 The Control Environment The first component of COSO’s internal control model is the control environment. The control environment consists of many factors, including the following: 1Commitment to integrity and ethical values 2Management’s philosophy and operating style 3Organizational structure

31 The Control Environment 4The audit committee of the board of directors 5Methods of assigning authority and responsibility 6Human resources policies and practices 7External influences

32 Control Activities The second component of COSO’s internal control model is control activities. Generally, control procedures fall into one of five categories: 1Proper authorization of transactions and activities 2Segregation of duties

33 Control Activities 3Design and use of adequate documents and records 4Adequate safeguards of assets and records 5Independent checks on performance

34 Proper Authorization of Transactions and Activities Authorization is the empowerment management gives employees to perform activities and make decisions. Digital signature or fingerprint is a means of signing a document with a piece of data that cannot be forged. Specific authorization is the granting of authorization by management for certain activities or transactions.

35 Segregation of Duties Good internal control demands that no single employee be given too much responsibility. An employee should not be in a position to perpetrate and conceal fraud or unintentional errors.

36 Segregation of Duties Recording Functions Preparing source documents Maintaining journals Preparing reconciliations Preparing performance reports Custodial Functions Handling cash Handling assets Writing checks Receiving checks in mail Authorization Functions Authorization of transactions

37 Segregation of Duties If two of these three functions are the responsibility of a single person, problems can arise. Segregation of duties prevents employees from falsifying records in order to conceal theft of assets entrusted to them. Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset thefts.

38 Segregation of Duties Segregation of duties prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized.

39 Design and Use of Adequate Documents and Records The proper design and use of documents and records helps ensure the accurate and complete recording of all relevant transaction data. Documents that initiate a transaction should contain a space for authorization.

40 Design and Use of Adequate Documents and Records The following procedures safeguard assets from theft, unauthorized use, and vandalism: –effectively supervising and segregating duties –maintaining accurate records of assets, including information –restricting physical access to cash and paper assets –having restricted storage areas

41 Adequate Safeguards of Assets and Records What can be used to safeguard assets? –cash registers –safes, lockboxes –safety deposit boxes –restricted and fireproof storage areas –controlling the environment –restricted access to computer rooms, computer files, and information

42 Independent Checks on Performance Independent checks to ensure that transactions are processed accurately are another important control element. What are various types of independent checks? –reconciliation of two independently maintained set of records –comparison of actual quantities with recorded amounts

43 Independent Checks on Performance –double-entry accounting –batch totals Five batch totals are used in computer systems: 1A financial total is the sum of a dollar field. 2A hash total is the sum of a field that would usually not be added.

44 Independent Checks on Performance 3A record count is the number of documents processed. 4A line count is the number of lines of data entered. 5A cross-footing balance test compares the grand total of all the rows with the grand total of all the columns to check that they are equal.

45 Risk Assessment The third component of COSO’s internal control model is risk assessment. Companies must identify the threats they face: –strategic — doing the wrong thing –financial — having financial resources lost, wasted, or stolen –information — faulty or irrelevant information, or unreliable systems

46 Risk Assessment Companies that implement electronic data interchange (EDI) must identify the threats the system will face, such as: 1Choosing an inappropriate technology 2Unauthorized system access 3Tapping into data transmissions 4Loss of data integrity

47 Risk Assessment 5Incomplete transactions 6System failures 7Incompatible systems

48 Risk Assessment Some threats pose a greater risk because the probability of their occurrence is more likely. What is an example? A company is more likely to be the victim of a computer fraud rather than a terrorist attack. Risk and exposure must be considered together.

49 Estimate Cost and Benefits No internal control system can provide foolproof protection against all internal control threats. The cost of a foolproof system would be prohibitively high. One way to calculate benefits involves calculating expected loss.

50 Estimate Cost and Benefits The benefit of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it. Expected loss = risk × exposure

51 Information and Communication The fourth component of COSO’s internal control model is information and communication. Accountants must understand the following: 1How transactions are initiated 2How data are captured in machine- readable form or converted from source documents

52 Information and Communication 3How computer files are accessed and updated 4How data is processed to prepare information 5How information is reported 6How transactions are initiated All of these items make it possible for the system to have an audit trail. An audit trail exists when individual company transactions can be traced through the system.

53 Monitoring Performance The fifth component of COSO’s internal control model is monitoring. What are the key methods of monitoring performance? –effective supervision –responsibility accounting –internal auditing


Download ppt "Bestuurlijke informatie Voorziening A. COSO B. Control and Accounting C. Information Systems D. Controlprocessen."

Verwante presentaties


Ads door Google