Management is responsible for establishing internal controls. Maintain adequate policies and procedures; Show
Responsibilities of management include, planning, organizing, directing and controlling. Controlling, including monitoring, is a process to ensure what is supposed to be done is being done. Control activities are the policies and procedures, which help ensure that management directives are carried out and include, but are not limited to the following:
Remember, if you are at a staff level position and you know there is a problem, bring it to your management’s attention. If you are at a management level position, and you are aware of a problem, then as management you are responsible for correcting the issue. SOURCE: California State University - University Auditor You may have heard the term "internal control(s)," but what exactly is it? Evaluating internal controls is one of internal auditing's primary responsibilities. The Institute of Internal Auditors (IIA) defines control and control processes as follows: A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Control processes are the policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. Risk management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives. A broadly accepted definition of internal control comes from the Committee of Sponsoring Organizations (COSO)1 of the Treadway Commission's report entitled The Control-Integrated Framework (COSO Report) as follows: Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objective in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Key points about internal control include:
In the California State University (CSU) environment, internal controls serve the following purposes:
Generally, controls are of two types:
The COSO Report further defines five interrelated components of internal control:
Who is responsible for internal controls?The auditors, right? Wrong! Everyone plays a part in the CSU's internal control system. Ultimately, it is CSU management's responsibility to ensure that controls are in place. That responsibility is delegated to each area of operation, which must ensure that internal controls are established, properly documented, and maintained. Every employee has some responsibility for making this internal control system function. Therefore, all CSU employees need to be aware of the concept and purpose of internal controls. Internal audit's role is to assist management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the systems of internal control. What is internal auditing?The IIA defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The internal audit activity evaluates the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems. Internal audit reviews include the reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, regulations, and contracts. These reviews also ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization, as well as the extent to which results are consistent with established goals and objectives and whether operations and programs are being implemented or performed as intended. 1. COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. Who is responsible for internal financial controls?Auditors' Responsibility
The auditor is required to conduct the audit of internal financial controls over financial reporting and express his opinion on the effectiveness of internal financial control. The company's internal controls cannot be considered effective if one or more material weakness exists.
Who is responsible for the reliability of the internal controls over financial reporting process of an entity according to the PCAOB?The PCAOB makes it clear that the CEO and CFO are responsible for the internal control over financial reporting and the preparation of the statements.
Who is responsible for the integrity of the financial statements?The responsibility for the preparation and integrity of financial statements rests with the auditors. The proxy is the solicitation sent to stockholders for the election of directors and for the approval of other corporation actions.
Who is responsible for ensuring the reliability and completeness of the financial statements?The chief financial officer (CFO) is responsible for the systems of internal control over both financial management and financial reporting. Further details on the roles and responsibilities of CFOs can be found in subsections 4.2. 8, 4.2. 9 and 4.2.
|