ACCA/CAT

2. Internal control system and framework

2.1 Internal control framework

<1>Internal control framework comprises the control environment and control procedures

a. Control environment: the overall context of control, in particular the culture, infrastructure and architecture of control, and the attitude of directors and managers towards control

b. Control procedures: the detail control in place

<2>It includes all the policies and procedures (internal control) adopted by the directors and management of an entity to assist in achieving their objective of ensuring the orderly and efficient conduct of its business, including:

a. Adherence to internal policies

b. The safeguarding of assets

c. The prevention and detection of fraud and error

d. The accuracy and completeness of the accounting records

e. The timely preparation of reliable financial information

2.2 Control environment

<1>Definition:

a. The overall attitude, awareness and actions of directors and management regarding internal control and their importance in the entity.

b. It encompasses the management style, corporate culture and value shared by all employees

c. It provides the background against which various other controls are operated

<2>Factors of control environment

a. The philosophy and operating style of the director and management

b. The entity’s culture

c. The entity’s organization structure and method of assigning authority and responsibility

d. The directors’ method of imposing control (the internal audit function, the function of the board of director, the personnel policies and procedures)

e. The integrity, ethical values and competence of directors and staff

<3>Element of a strong control environment

a. Clear strategies for dealing with the significant risk that have been identified

b. The company’s culture, code of conduct, human resource policies and performance reward systems supporting the business objectives, risk management and internal control systems

c. Senior management demonstrating through its actions to foster a climate of trust and integrity

d. Clear definition of authority, responsibility and accountability so that decision are made and actions are taken by the appropriate people

e. Communicate to employee what is expected of them and scope of their freedom to act

f. All staffs have the knowledge, skills and tools to support the achievements of the company’s objectives and manage its risk effectively

2.3 Control procedures

2.3.1 Definition:

Control procedures are those policies and procedures in additional to the control environment which are established to achieve the entity’s specific objectives

2.3.2 Classification of control procedures

<1>Prevent, detect and correct controls

a. Prevent controls are controls that are designed to prevent errors from happening in the first place.

Examples:

(a) Checking invoices form suppliers against goods received notes before paying the invoices

(b) Regular checking of delivery notes against invoices

b. Detect controls are controls that are designed to detect errors once they have happened.

Examples:

(a) Bank reconciliation

(b) Checks of physical inventory against book records of inventory

c. Correct controls are controls that are designed to minimize or negate the effect of errors.

Examples:

(a) Back-up of computer input

(b) Storing of additional copies of software at a remote location

<2>Corporate, management, business process and transaction controls

a. Corporate controls include general policy statement, the established core culture and values, and overall monitoring procedures such as the internal audit committee

b. Management controls encompass planning and performance monitoring, the system of accountabilities to superiors and risk evaluation

c. Business process controls include authorization limits, validation of input, and reconciliation of different source of information

d. Transaction control include complying with prescribed procedures, accuracy and completeness checks

<3>Administrative controls and accounting controls

a. Administrative controls are concerned with achieving the objectives of the organization and with implementing policies

(a)Establishing a suitable organization structure

(b)The division of managerial authority

(c)Reporting responsibilities

(d)Channels of communication

b. Accounting controls aim to provide accurate accounting records and to achieve accountability

(a)The recording of transactions

(b)Establishing responsibilities for record, transactions and assets

<4>Discretionary and non-discretionary controls

a. Discretionary controls are controls that, as their name suggests, are subject to human discretion

Examples:

Checking the signature on a purchase order

b. Non-discretionary controls are provided automatically by the system and cannot be bypassed, ignored or overridden

Examples:

Inputting a PIN number when using a computer

<5>Voluntary and mandated controls

a. Voluntary controls are chosen by the organization or support the management of the business

b. Mandated controls are required by law and imposed by external authorities

<6>Manual and automated controls

a. Manual controls demonstrate a one-to-one relationship between the processing functions and controls, and the human functions

b. Automated controls are programmed procedures designed to prevent, detect and correct errors all the way through processing

<7>General and application controls

a. General controls are controls that relate to the environment in which the application system is operated

b. Application controls are controls that prevent, detect and correct errors and irregularities as transactions flow through the business system

<8>Financial and non-financial controls

a. Financial controls focus on the key transaction areas, with the emphasis being on the safeguarding of assets and the maintenance of proper accounting records and reliable financial information

b. Non-financial controls tend to concentrate on wider performance issues.

(a) Quantitative non-financial controls: performance indicators, balanced scorecard and activity-based management

(b) Qualitative non-financial controls: organizational structures, rules and guidelines, strategic plans and human resource policies

（责任编辑：）

共3页,当前第1页  第一页  前一页  下一页