978-1118742938 Chapter 13 Part 1

Unlock access to all the studying documents.

View Full Document

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 13.1

Chapter 13

INTRODUCTION TO INTERNAL CONTROL SYSTEMS

Discussion Questions

13-1. The primary provisions for the 1992 COSO Report and the 2013 Report are outlined

in Figure 13-1; additional information on the 2013 Report is contained in Figure 13-3. For

additional explanation:

information and communication, and (5) monitoring.

1992 framework, the 2013 COSO Report makes them explicit and codifies those

principles. The chart in Figure 13-3 identifies the five components of internal control and

13-2. The primary provisions of the original version of COBIT, as well as the current

version (5), are outlined in Figure 13-1.

13-3. COSO stands for Committee of Sponsoring Organizations, which was established by

the Treadway Commission to work on a common definition for internal control. COBIT stands

of the internal control area.

An important role played by COSO in the internal control area was to come up with a definition

(as well as COSO) emphasizes that people at every level of an organization are a very important

part of the organization’s internal control system.

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 13.2

managers to ensure effective IT governance.

13-4. The control environment establishes the tone of a company, influencing the control

awareness of the company’s employees. It is the foundation for all the other internal control

communication, the former refers to the accounting system, which includes the methods and

records used to record, process, summarize, and report a company’s transactions as well as

reports prepared on a timely basis contribute to the monitoring component of an internal control

system.

components, providing discipline and structure.

13-5. Accountants should be concerned that their organization’s financial resources are

protected from activities such as loss, waste, or theft. To protect organizational assets, an

effective internal control system should also:

1) Check the accuracy and reliability of accounting data

2) Promote operational efficiency

3) Encourage adherence to prescribed managerial policies

organization’s internal control system.

13-6. Preventive control procedures are designed and implemented before an activity is

performed to prevent some potential problem (e.g., the inaccurate handling of cash receipts) from

should be developed to evaluate if operating efficiency and adherence to policies of management

have occurred after operating activities have taken place. Corrective control procedures come

SM 13.3

eliminated or at least minimized.

Examples of each type of control is as follows:

assets

Detective: duplicate check of calculations, bank reconciliations, monthly trial balances

Corrective: backup copies of transactions and master files, training personnel to perform their

jobs

13-7. Competent employees are definitely important to an organization’s internal control

employees, there is a strong likelihood that inefficient use of the firm’s asset resources will result.

13-8. The “separation of duties” element of an organization’s internal control system means

that, for instance, employees who are given responsibility for the physical custody of specific

company assets (e.g., handling cash or inventory) should not also be given responsibility for the

record-keeping functions relating to the assets (e.g., recording cash or inventory transactions in

Through the separation of duties, one employee acts as a check on the work of another employee.

Thus, if an employee attempts to embezzle cash from a customer payment, but does not have

access to the accounts receivable subsidiary ledger to cover up this theft, he or she would likely

be detected. The other employee who performs the record-keeping activities for accounts

described earlier).

In addition to detecting irregularities, separation of duties can also be helpful in detecting

accidental errors. If the same employee performs all accounting functions related to a specific

employee involved with the same activity.

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 13.4

13-9. Many organizations have a large volume of cash disbursement transactions. In order

to detect any errors and irregularities relating to cash disbursements, a good audit trail for cash

bank in a particular month and are returned to the organization with the monthly bank statement,

these checks represent evidence of the actual cash disbursements that were made. Two

payables, thereby contributing to an effective audit trail over cash disbursements.

making various small, miscellaneous expenditures. However, to exercise good internal control

over the petty cash fund’s use, one employee (called the petty cash custodian) should be given

the responsibility for handling petty cash transactions.

13-10. Under the cost-benefit concept, an analysis is performed on each potential control

Ideal control procedures (i.e., those that would reduce the risk to practically zero of any

undetected errors and irregularities occurring) may be impractical for a company because the

expected costs may be larger than their expected benefits. The implementation of controls

whose costs are expected to exceed the controls benefits would not contribute to a company’s

From the standpoint of evaluating a company’s internal control system, a performance report is a

Performance reports should be an essential element within a company’s internal control system

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 13.5

Timely information to managers, regarding internal control problems, is critical so that mangers

can initiate action to correct the problems. Thus, performance reports should be prepared on a

timely basis in order that a minimum period elapses between the occurrence of operational

problems with certain controls and the feedback to management on these poorly functioning

controls.

13-11. Discussion question 13-5 identifies a number of reasons why organizations are so

concerned about their internal control systems. However, the managers of these organizations

the external auditors, who evaluate the sufficiency of those internal controls. Further, when we

talk about the control environment of an organization, we know that management’s support of a

strong internal control system is critical.

13-12. COSO’s 2009 Guidance on Monitoring Internal Control Systems (COSO’s

Monitoring Guidance) was developed to clarify the monitoring component of internal control. It

organizations in implementing effective and efficient monitoring.

To read the entire document “Guidance on Monitoring Internal Control Systems”, go to this site:

Problems

13-13.

a. Cost-benefit analysis:

Without Control

Procedure

With Control

Procedure

Net Expected

Difference

Cost of reproducing production

cost data

$12,000

Risk of data errors

16%

Reprocessing cost expected

($12,000 * risk)

$ 1,920

$ 240

$1,680

Cost of validation control

procedure (incremental cost)

$ 0

$ 800

($ 800)

Net estimated benefit from

validation control procedure

$ 880

SM 13.6

b. Management should implement the data validation control procedure because of the $880 net

estimated benefit that is projected with this procedure.

13-14.

a) As a member of the company’s management, you would hopefully reject the control

recommendations. Specific internal controls should not be implemented into a company’s

the full-time job of supervising the issuance of supplies. The costs of using a separate room

and having an employee work full-time in handling office supplies would definitely be much

greater than the $350 estimated monthly loss that could be eliminated.

b) Rather than storing the supplies on shelves at the back of the office facility whereby

employees have easy access to these supplies, they could be locked in a cabinet. An

authorized company employee (such as a secretary) would be given the responsibility for

issuing supplies when requested by various employees. The authorized employee in charge

specific supplies issued.

Another suggestion might be to use a separate room for storing the supplies (as suggested by

Sandra). This room would be kept locked throughout the day except for possibly one hour

each day. Company employees would be made aware of the specific time every day during