CHAPTER 11 RISK MANAGEMENT

Rirks management Is the process of measuring/asssessing risk and developing a strategy to manage it.

CHAPTER 13 OVERVIEW OF INTERNAL CONTROL

Internal control is designed to solve business risks that threaten the achievement of the following
objectives:

 Reliability of the entity’s financial reporting

 Effectiveness and efficiency of operations
 Compliance with applicable laws and regulations.

Internal control system are all the policies and procedures adopted by the management to achieve the
entity’s objectives while ensuring the efficiency, compliance, integrity, accuracy, and completeness.

Elements of Internal Control:

1. Control Environment
2. Entity’s Risk Management Process
3. Information System, including the Business Processes, Relevant to Financial Reporting
4. Control Activities
5. Monitoring of Controls

A. CONTROL ENVIRONMENT
- the overall attitude, awareness, and actions of directors and management regarding
internal control and its importance.

Factors reflected in the control environment include:

 The function of the Board of Directors and its committees.

 Management’s philosophy and operating style.
 The entity’s organizational structure and methods of assigning authority and responsibility.
 Management’s control system including the internal audit function, personnel policies and
procedures.

The environment in which the internal control operates has an impact on the effectiveness of the
specific control procedures.

1. Communication and Enforcement of Integrity and Ethical Values

2. Commitment to Competence
3. Participation by those charged with Governance
4. Management’s Philosophy and Operating Style
 5. Organizational Structure
6. Assignment of Authority and Responsibility
7. Human Resources Policies and Procedures

B. ENTITY’S RISK ASSESSMENT PROCESS

- is the identification , analysis and management of risks pertaining to the preparation of
financial statements.
- Risks relevant to financial reporting include external and internal events and
circumstances that may occur and adversely affect an entity’s ability to create a financial
statement aligned with the entity’s objectives.

Risks may arise due to the following circumstances:

 Changes in operating environment

 New personnel
 New or revamped information systems
 Rapid Growth
 New Technology
 New business models, products and activities
 Corporate restructurings
 Expanded foreign operations
 New accounting pronouncements

Additional:

 Risk assessment process is likely to be less formal and less structured in small entities than in
larger ones.
 When small entities are carried out by an engagement partner, he/she will be responsible for
considering the susceptibility of the entity’s financial statements due to fraud and error.

C. INFORMATION SYSTEM, INCLUDING THE BUSINESS PROCESSES, RELEVANT TO FINANCIAL

REPORTING AND COMMUNICATION
- Consists of infrastructure (physical and hardware components), software, people,
procedures, and data. These will have less significance in systems that are exclusively or
primarily manual.

Information systems are designed to:

 Record and report entity transactions and maintain accountability for the related assets,
liabilities, and equity.
 Resolve incorrect processing of information.
 Process and account for system overrides and bypasses to controls.
 Transfer information from transaction processing items to general ledger.
  Capture information relevant to financial reporting for events and conditions other than
transactions.
 Ensure information required to be disclosed by the financial reporting framework is all recorded.

Additional:

 Journal Entries – is an information system that included the use of standard and non-standard
journal entries.
 Information systems and related business processes relevant to financial reporting in small
entities are likely to be less formal and easier to achieve than in a larger entity due to the small
entity’s size and fewer levels of authority.

D. CONTROL ACTIVITIES
- Are the policies and procedures that help ensure that management directives are carried
out. Major categories of control procedures are:
a) Performance Review – management uses accounting and operating data to assess
performance and take corrective actions.
– Includes comparison of actual performance to estimated budgets and
forecasts.
– Investigating performance indicators based on operating or financial data.
– Reviewing functional or activity performance
b) Information Processing Controls – are policies and procedures designed to require
authorization of transactions. Control activities may be classified according to scope
of the system they affect.
– General controls are control activities that prevent or detect errors and
irregularities for all accounting systems.
– Application controls are controls that pertain to the processing of a specific
type of transaction. (ex. Maintaining and reviewing accounts and trial
balances.)
– General IT-controls relate to many applications and support the effective
functioning of application controls over data center and network operations.
(ex. program change controls, controls that restrict access to programs or
data)

Internal controls relating to the accounting system are concerned with achieving objectives such as:

 Transactions are executed in accordance with management’s general or specific authorization.

 All transactions and other events are correctly recorded.
 Access to assets and records is permitted only in accordance with management’s authorization.
 Recorded assets are compared with existing assets at reasonable intervals and appropriate
action is taken regarding any differences (adjusting entries).

1. Proper authorization of transactions and activities – before a transaction is entered into

with another party, certain conditions must usually be met.
(Nos. 2-4) Design and Use of Adequate Documents

2. Segregation of duties – no one person should he assigned duties that would allow that
person to commit an error or perpetuate fraud.
3. Adequate documents and records – allows company to have reasonable assurance that all
valid transactions have been recorded.
4. Safeguards over access to assets – resources of a client can be protected by the
establishment of physical barriers and appropriate policies. (designing documents for
authorization of access to assets.)
5. Independent checks on performance – determines the effectiveness of recording policies
and asset access policies. (ex. Periodic count of inventory and comparing account balances in
ledger.)

c) Physical Controls – controls that encompasses:

– the physical security of assets
– the authorization for access to computer programs
– the periodic counting and comparison with amounts shown on control
records

E. MONITORING OF CONTROLS
- Process that an entity uses to assess the quality of internal control overtime.

CHAPTER 14 FRAUD AND ERROR

Misstatements arising from misappropriation of assets occurs when a perpetrator steals or misuses an
asset.

Misstatements arising from fraudulent financial reporting refers to the intentional manipulation of
reported financial results.

THE FRAUD TRIANGLE