Chapter 3 - Internal controls. After studying this chapter you will be able to: Define internal control and explain its importance in the accounting information system, explain the basic purposes of internal control and its relationship to risk, describe and give examples of various kinds of risk exposures. | Chapter 3 Internal Controls Outline Expected outcomes Definition and purposes Risk exposures COSO framework Examples Risk / control matrix Expected outcomes Define internal control and explain its importance in the AIS. Explain the basic purposes of internal control and its relationship to risk. Describe and give examples of various kinds of risk exposures. Prepare a simple risk / control matrix. Summarize and explain the importance of COSO’s Internal Control—Integrated Framework. Critique existing internal control systems and design effective internal controls. Definition and purposes A process, effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations. Definition and purposes Important elements of the definition Process nature of internal control Widespread responsibility throughout the organization Use of the term “entity” to describe a broad range of organizations Reasonable assurance, which considers the cost / benefit constraint Definition and purposes Internal control has four main purposes. Many people focus on the first two only, but all four are important. Note the verbs used with each purpose. Safeguard assets. Ensure reliable financial reporting. Promote operating efficiency. Encourage compliance with management directives. I like to point out the meaning of each verb, comparing and contrasting them with one another. Risk exposures Many organizations determine their internal controls by thinking about their risk exposures. Brown’s taxonomy is one good way to think about risk. Four broad categories Financial risk Operational risk Strategic risk Hazard risk A given risk can “fit” into multiple categories. Risk exposures Financial risk Market risk Credit risk Liquidity risk Operational . | Chapter 3 Internal Controls Outline Expected outcomes Definition and purposes Risk exposures COSO framework Examples Risk / control matrix Expected outcomes Define internal control and explain its importance in the AIS. Explain the basic purposes of internal control and its relationship to risk. Describe and give examples of various kinds of risk exposures. Prepare a simple risk / control matrix. Summarize and explain the importance of COSO’s Internal Control—Integrated Framework. Critique existing internal control systems and design effective internal controls. Definition and purposes A process, effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations. Definition and purposes Important elements of the definition .