Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 13.1
Chapter 13
INTRODUCTION TO INTERNAL CONTROL SYSTEMS
Discussion Questions
13-1. The primary provisions for the 1992 COSO Report and the 2013 Report are outlined
in Figure 13-1; additional information on the 2013 Report is contained in Figure 13-3. For
additional explanation:
information and communication, and (5) monitoring.
1992 framework, the 2013 COSO Report makes them explicit and codifies those
principles. The chart in Figure 13-3 identifies the five components of internal control and
13-2. The primary provisions of the original version of COBIT, as well as the current
version (5), are outlined in Figure 13-1.
13-3. COSO stands for Committee of Sponsoring Organizations, which was established by
the Treadway Commission to work on a common definition for internal control. COBIT stands
of the internal control area.
An important role played by COSO in the internal control area was to come up with a definition
(as well as COSO) emphasizes that people at every level of an organization are a very important
part of the organization’s internal control system.
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 13.2
managers to ensure effective IT governance.
13-4. The control environment establishes the tone of a company, influencing the control
awareness of the company’s employees. It is the foundation for all the other internal control
communication, the former refers to the accounting system, which includes the methods and
records used to record, process, summarize, and report a company’s transactions as well as
reports prepared on a timely basis contribute to the monitoring component of an internal control
system.
components, providing discipline and structure.
13-5. Accountants should be concerned that their organization’s financial resources are
protected from activities such as loss, waste, or theft. To protect organizational assets, an
effective internal control system should also:
1) Check the accuracy and reliability of accounting data
2) Promote operational efficiency
3) Encourage adherence to prescribed managerial policies
organization’s internal control system.
13-6. Preventive control procedures are designed and implemented before an activity is
performed to prevent some potential problem (e.g., the inaccurate handling of cash receipts) from
should be developed to evaluate if operating efficiency and adherence to policies of management
have occurred after operating activities have taken place. Corrective control procedures come
SM 13.3
eliminated or at least minimized.
Examples of each type of control is as follows:
assets
Detective: duplicate check of calculations, bank reconciliations, monthly trial balances
Corrective: backup copies of transactions and master files, training personnel to perform their
jobs
13-7. Competent employees are definitely important to an organization's internal control
employees, there is a strong likelihood that inefficient use of the firm's asset resources will result.
13-8. The “separation of duties” element of an organization’s internal control system means
that, for instance, employees who are given responsibility for the physical custody of specific
company assets (e.g., handling cash or inventory) should not also be given responsibility for the
record-keeping functions relating to the assets (e.g., recording cash or inventory transactions in
Through the separation of duties, one employee acts as a check on the work of another employee.
Thus, if an employee attempts to embezzle cash from a customer payment, but does not have
access to the accounts receivable subsidiary ledger to cover up this theft, he or she would likely
be detected. The other employee who performs the record-keeping activities for accounts
described earlier).
In addition to detecting irregularities, separation of duties can also be helpful in detecting
accidental errors. If the same employee performs all accounting functions related to a specific
employee involved with the same activity.
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 13.4
13-9. Many organizations have a large volume of cash disbursement transactions. In order
to detect any errors and irregularities relating to cash disbursements, a good audit trail for cash
bank in a particular month and are returned to the organization with the monthly bank statement,
these checks represent evidence of the actual cash disbursements that were made. Two
payables, thereby contributing to an effective audit trail over cash disbursements.
making various small, miscellaneous expenditures. However, to exercise good internal control
over the petty cash fund's use, one employee (called the petty cash custodian) should be given
the responsibility for handling petty cash transactions.
13-10. Under the cost-benefit concept, an analysis is performed on each potential control
Ideal control procedures (i.e., those that would reduce the risk to practically zero of any
undetected errors and irregularities occurring) may be impractical for a company because the
expected costs may be larger than their expected benefits. The implementation of controls
whose costs are expected to exceed the controls benefits would not contribute to a company’s
From the standpoint of evaluating a company’s internal control system, a performance report is a
Performance reports should be an essential element within a company’s internal control system
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 13.5
Timely information to managers, regarding internal control problems, is critical so that mangers
can initiate action to correct the problems. Thus, performance reports should be prepared on a
timely basis in order that a minimum period elapses between the occurrence of operational
problems with certain controls and the feedback to management on these poorly functioning
controls.
13-11. Discussion question 13-5 identifies a number of reasons why organizations are so
concerned about their internal control systems. However, the managers of these organizations
the external auditors, who evaluate the sufficiency of those internal controls. Further, when we
talk about the control environment of an organization, we know that management’s support of a
strong internal control system is critical.
13-12. COSO’s 2009 Guidance on Monitoring Internal Control Systems (COSO’s
Monitoring Guidance) was developed to clarify the monitoring component of internal control. It
organizations in implementing effective and efficient monitoring.
To read the entire document “Guidance on Monitoring Internal Control Systems”, go to this site:
Problems
13-13.
a. Cost-benefit analysis:
Without Control
Procedure
With Control
Procedure
Net Expected
Difference
Cost of reproducing production
cost data
$12,000
$12,000
Risk of data errors
16%
2%
Reprocessing cost expected
($12,000 * risk)
$ 1,920
$ 240
$1,680
Cost of validation control
procedure (incremental cost)
$ 0
$ 800
($ 800)
Net estimated benefit from
validation control procedure
$ 880
SM 13.6
b. Management should implement the data validation control procedure because of the $880 net
estimated benefit that is projected with this procedure.
13-14.
a) As a member of the company’s management, you would hopefully reject the control
recommendations. Specific internal controls should not be implemented into a company’s
the full-time job of supervising the issuance of supplies. The costs of using a separate room
and having an employee work full-time in handling office supplies would definitely be much
greater than the $350 estimated monthly loss that could be eliminated.
b) Rather than storing the supplies on shelves at the back of the office facility whereby
employees have easy access to these supplies, they could be locked in a cabinet. An
authorized company employee (such as a secretary) would be given the responsibility for
issuing supplies when requested by various employees. The authorized employee in charge
specific supplies issued.
Another suggestion might be to use a separate room for storing the supplies (as suggested by
Sandra). This room would be kept locked throughout the day except for possibly one hour
each day. Company employees would be made aware of the specific time every day during
