Essay Topics for You to Prepare Fraud Detection and Deterrence (www.acfe.com) In

Question

Essay Topics for You to Prepare

Fraud Detection and Deterrence (www.acfe.com)

Internal Control (COSA: see www.theiia.org)

Certification: CFE, CIA, and CISA (return to www.isaca.org)

Following your review of course materials this week, using the websites above, create an essay of at least three pages (choose one of the topics above). Relate these topics to our course material for Principles of Accounting I.

Your essay should be single-spaced, with double spacing between paragraphs. Use headers within the document. We are writing business reports, not double-spaced academic papers.

Tell a story. Explain the concepts. Use APA style for citations and create a works cited list. Your paper should be adequate. Fewer than three pages is not long enough; seven pages is too long.

Consider the question and decide: what would you want to know? Include website references in your essay. This is not a business proposal, but it is not a casual reflective essay. The goal is to research, consider, and report what you know about these topics. The concept of COBIT is related to each topic.

ISACA's "A COBIT 5 Overview" (http://www.isaca.org/COBIT/Documents/A-COBIT-5-Overview.pdf) is a key resource for your overall comments and "framing" of the three topics.

Why audit? We will either be the auditor or be audited. We must understand internal control and the management of risk. The management of risk is everyone's responsibility.

We are building your vocabulary. You can use the above concepts—especially the paragraph on "Why audit?"—without reference. A good item for your works cited list.

Explanation / Answer

THE COSO INTERNAL CONTROL—INTEGRATED FRAMEWORK

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a private-sector group that is jointly funded and sponsored by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Institute of Management Accountants (IMA), and the Financial Executives International (FEI). In 1992, COSO issued a report that provided guidance to organizations on how to design, implement, and conduct the effectiveness of internal controls. This report, the Internal Control—Integrated Framework (Framework), has been widely accepted as the authority on internal controls globally. Even though guidance provided through this Framework has been effective, changes in organizational and operating environments over the years have compelled COSO to update the Framework.

The following are examples of how organizations have changed in recent decades:

• Organizations are operating globally.

• Governance oversight has increased.

• Organizational models are ever-changing and becoming more complex.

• Organizations are more heavily reliant on technology.

• The awareness and expectations related to the prevention and detection of fraud are increasing.

• Organizations face stricter demands and complexity of laws and regulations.

Understanding the Framework

The Framework was designed to help management implement effective controls within their organization while providing the board of directors more visibility in overseeing the entire system of controls. An effective system of controls allows management to focus on the organization’s financial and operational goals, while still providing them with a level of comfort that risks are minimal. Effective internal controls also help an organization deal with changes in the economy, leadership, and environments in which they compete. Management must set objectives to determine what control measures are needed within an organization.

Objectives fall into at least one of three categories: (1) operations, (2) reporting, or (3) compliance. Once objectives have been set, management must determine which components or actions are required to achieve these objectives. There are five categories of components: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring activities. The five components operate together to reduce the risk that objectives will not be met. If the control components are not functioning in an integrated manner, a major deficiency could exist, leaving the organization exposed to potential threats. In this instance, management cannot provide reasonable assurance that they have met the requirements for an effective control system.

COSO defines an internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

This definition is broad but is meant to emphasize the following:

• Achievement of objectives is related to one or more of the following categories: operations, reporting, and compliance.

• A process should be ongoing; not a one-time occurrence.

• Internal controls are enacted by people at all levels of an organization and the actions they take, not just in the form of policies and procedures.

• Reasonable assurance, not complete assurance is the goal; complete assurance would be difficult, if not impossible to design, and the cost to implement it could significantly outweigh the benefits.

• Controls should be flexible and adaptable to various entity structures and their subunits.

Achievement of Objectives

Three categories of objectives allow management to focus on different aspects of internal control:

• Operations objectives relate to how effective or efficient an organization operates. They include operational and financial goals along with safeguarding assets against loss.

• Reporting objectives relate to financial and non-financial reporting whether internal or external. They also include standards set by regulators or an organization’s policies regarding the timeliness, reliability, or transparency related to reporting.

• Compliance objectives relate to the adherence to laws and regulations to which an organization may be subject. Even though these objectives are separated into three categories, they can overlap because an organization’s needs sometimes fall under the responsibility of different individuals.

A Process

Internal control is referred to as a process because it permeates an organization’s operating activities and is an integral part of basic management activities. Internal control provides reasonable—not absolute— assurance because the possibilities of human failure, collusion, and management override of controls make this process imperfect.

Affected by People

Even though an internal control system is ultimately the responsibility of management, everyone within the organization can play a part in helping ensure that a control is working effectively.

Reasonable Assurance

An effective system of internal controls provides management with reasonable assurance that an organization’s objectives will be achieved. Reasonable assurance acknowledges that limitations exist within all systems of control.

Adaptability to Entity Structure

Not all entities are structured the same. Many differ based on the types of products or services provided. Reporting might be for a group of consolidated organization units or a subsidiary located in a foreign country. Some entities prefer to recruit and train their own employees, while others use outsourced service providers. Management at some large organizations might prefer to remain privately held, while leaders at a smaller company decide to go public. Regardless of an entity’s structure, effective internal controls can be implemented to assist with the achievement of objectives.

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.