July 8, 2008
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
GAAP Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
CPA Marketing Toolkit
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
Center Peer Review Program
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
CPA Candidates and Students
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
Home > Professional Resources > Business, Industry, and Government > Audit Committee Effectiveness Center > Guidance and Resources > Internal Audit and the Audit Committee
 
  Internal Control: A Tool for the Audit Committee
 


From The AICPA Audit Committee Toolkit. Copyright © 2004 by the American Institute of Certified Public Accountants, Inc., New York, New York.

Purpose of This Tool. This tool focuses on the five interrelated components of an internal control system, as described in the COSO Internal Control – Integrated Framework publication. Refer to “Internal Control Primer—Basics of Internal Control,” earlier in this section for a discussion of the COSO components. The audit committee’s role in the internal control structure of the company focuses on internal controls over financial reporting and the various systems (human resources, computing, and other) available to support that process, and this tool is created to facilitate that role. The audit committee needs to be assured that the controls are in place and operating effectively. This can be achieved through the committee’s interaction with senior management, independent auditors, internal auditors, and other key members of the financial management team.

*Please Note: What appears here is an excerpt of this tool. The full version is available for download via the link below.

Instructions for Using This Tool. This tool is created around the five interrelated components of an internal control structure. Within each component is a series of questions that the audit committee should focus on to assure itself that controls are in place and functioning. These questions should be discussed in an open forum with the individuals that have a basis for responding to the questions. The audit committee should ask for detailed answers and examples from the management team, including key members of the financial management team, internal auditors, and independent auditors to assure itself that the system is operating as management represents. Evaluation of the internal control structure is not a one-time, but rather a continuous event for the audit committee—the audit committee should always have its eyes and ears open for potential weaknesses in internal control, and should continually probe the responsible parties regarding the operation of the system. These questions are written in a manner such that a “No” response indicates a weakness that must be addressed.

Internal Control Components Yes No Not
sure		 Comments
Control Environment -- Integrity and Ethical Values
        
1. Does the organization have a comprehensive code of conduct, and/or other policies addressing acceptable business practice, conflicts of interest, and expected standards of ethical and moral behavior?
        
2. Is the code distributed to all employees?        
3. Are all employees required to periodically acknowledge that they have read, understood, and complied with the code?        
4. Does management demonstrate through actions its own commitment to the code of conduct?        
5. Are dealings with customers, suppliers, employees, and other parties based on honesty and fair business practices?        
6. Does management take appropriate action in response to violations of the code of conduct?        
7. Is management explicitly prohibited from overriding established controls? What controls are in place to provide reasonable assurance that controls are not overridden by management? Are deviations from this policy investigated and documented? Are violations (if any) and the results of investigations brought to the attention of the audit committee?        
8. Is the organization proactive in reducing fraud opportunities by (1) identifying and measuring fraud risks, (2) taking steps to mitigate identified risks, (3) identifying a position within the organization to “own” the fraud prevention program, and (4) implementing and monitoring appropriate preventative and detective internal controls and other deterrent measures?        
9. Does the company utilize an anonymous ethics and fraud hotline, and, if so, are procedures in place to investigate and report results to the audit committee? (See also the tool “Tracking Report: Anonymous Submission of Suspected Wrongdoing (Whistleblowers),” in this toolkit.)        

Control Environment -- Commitment to Competence

       
1. Is the level of competence, and the requisite knowledge and skills defined for each job in the accounting and internal audit organizations?        
2. Does management make an effort to determine whether the accounting and internal audit organizations have adequate knowledge and skills to do their jobs?        
Control Environment -- Board of Directors and/or Audit Committee        
1. Are the audit committee’s responsibilities defined in a charter? If so, is the charter updated annually and approved by the board of directors? (See also the tool “Audit Committee Charter Matrix,” in this toolkit.)        
2. Are audit committee members independent of the company and of management? Do audit committee members have the knowledge, industry experience, and financial expertise to serve effectively in their role?        
3. Are a sufficient number of meetings held, and are the meetings of sufficient length and depth to cover the agenda, and provide healthy discussion of issues?        
4. Does the audit committee constructively challenge management’s planned decisions, particularly in the area of financial reporting, and probe the evaluation of past results?        
5. Are regular meetings held between the audit committee and the CFO (chief financial officer), the chief audit executive (CAE, the leader of internal audit team), other key members of the financial management and reporting team, and the independent auditors? Are executive sessions conducted on a regular basis? (See also the tool “Conducting an Audit Committee Executive Session: Guidelines and Questions,” in this toolkit.)        
6. Does the audit committee approve internal audit’s annual audit plan?        
7. Does the audit committee receive key information from management in sufficient time in advance of meetings to prepare for discussions at the meetings?        
8. Does a process exist for informing audit committee members about significant issues on a timely basis and in a manner conducive to the audit committee having a full understanding of the issues and their implications? (See also the tool “Issues Report From Management,” in this toolkit.)        

*Please Note: What appears here is an excerpt of this tool. The full version is available for download via the link below.

From The AICPA Audit Committee Toolkit. Copyright © 2004 by the American Institute of Certified Public Accountants, Inc., New York, New York.

 

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2008 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce