Professional Documents
Culture Documents
Charles F. Tate, CPA Managing Partner Tate & Tryon, CPAs and Consultants Washington, DC January 13, 2012
Which Organization is not Part of the Private Sector Initiative (i.e., a Sponsoring Organization)?
A. American Accounting Association (AAA) B. American Institute of CPAs (AICPA) C. Association of Financial Professionals (AFP) D. Financial Executives International (FEI) E. Institute of Internal Auditors (IIA) F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee
COSO Publications
COSO Publications
Internal Control
1. Effectiveness and efficiency of operations. 2. Reliability of financial reporting. 3. Compliance with laws and regulations.
2. COSOs ERM
Financial Reporting
Monitoring
Risk Assessment
Objective Setting
Strategic Objectiveshigh level Related Objectivesoperations, reporting, & compliance Achievement of Objectivesreasonable assurance Risk Appetiteguidepost in strategy setting Risk Tolerancesacceptable levels of variation
Event Identification
Events can be positive, negative impact, or both Events are interdependentnot isolated Events are driven by external and internal factors
External
Economic Natural Environment Political Social Technological
Internal
Infrastructure Personnel Process Technology
Risk Response
Avoidance, reduction, sharing, acceptance Evaluation of risk likelihood and impact Assessing costs versus benefits Opportunities in response to options Portfolio view
Risk Response Reduction Diversifying/rebalance Limits/processes Acceptance Self insure Accept risk that conforms to risk tolerance
Financial Model
Potential Scenario Terrorist or political uprising Donation mismanagement Virus War, natural disaster Weather Pandemic Economic downturn Contract mismanagement Financial meltdown Fraud (Madoff or Stanford)
Annual Amount
(in millions)
Increase (Decrease) 100 -20 -400 -600 -0-40 -0-30 -10 -1,000
H L M H L L H M M M
Control Environment
Risk Assessment
Control Activities
Monitoring
Environment Principles
Management Philosophy Board of Directors Integrity and Ethical Values Commitment to Competence Organizational Structure Assignment of Authority and Responsibility Human Resource Standards Risk Appetite
Balance Sheet Account ASSETS Cash & cash equivalents Pledges receivable Investments Property & equipment Prepaid & other assets Total Assets LIABILITIES Accounts Payable Deferred Revenue Mortgage (IRB) Pension & post retirement Total Liabilities Net Assets Total Liabilities and Net Assets
5% 15% 40% 35% 5% 100% 5% 20% 25% 10% 60% 30% 100%
L M H H L
M H H M L
L H H M L
H M L H L
L M L M L
L H H M L
L H H M H
M H H H M
M H L H L
H L L L L
M H M H L
M H M H L
Monitoring Principles
Ongoing monitoring activities Reporting deficiencies
Relating the identified risks to what could go wrong at the relevant assertion level
Financial Reporting
Concept
Expands the definition of reasonable assurance as a high level of assurance
105 106
107 108
Internal control is replaced by the entity and its environment, including its internal control Use of managements assertions in obtaining audit evidence recognition, measurement, presentation and disclosure
Reduce audit risk to a low level that is, in the auditors professional judgment, appropriate for expressing an opinion on the financial statements Adequately plan the work and must properly supervise any assistants
109
110 111
Sufficient understanding of the entity and its environment, including its IC, to assess the risk of material misstatement
Sufficient appropriate audit evidence to afford a reasonable basis for an opinion Enhanced guidance on tolerable misstatement
Account Balances
Existence Rights and obligations Completeness Valuation and allocation
/1. Source: SAS 31, Evidential Matter prior to amendment by SAS 106
Assertions
Completeness Existence Valuation Rights & Obligations Presentation & Disclosure
Risks
Processes Competency IT Infrastructure Fraud Risk Entity-Wide Factors
Control Objectives
Appropriate Accounting Statements Informative Classification Appropriate Reflect Transactions Reflect Materiality
Entity-Wide Controls
Process-Level Controls Preventive or Detective Manual or Automated
Adapted from an article by Michael Ramos CPA, entitled Risk-Based Audit Practices, Journal of Accountancy, Dec., 2009
Which Organization is not Part of the Private Sector Initiative (i.e., a Sponsoring Organization)?
A. American Accounting Association (AAA) B. American Institute of CPAs (AICPA) C. Association of Financial Professionals (AFP) D. Financial Executives International (FEI) E. Institute of Internal Auditors (IIA) F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee