Module 2 1. Identify strengths and weaknesses using the 20 principles outlined in COSO’s 2006 Guidance. Control Environment •Integrity and Ethical Values- he company and human resources department developed a code of conduct for Biltrite detailing expected standards of ethical behavior and distributed it to all existing employees. his instills a high ethical value into the environment, and shoes that management is wanting a high ethical and integrity of the company. •Board of Directors- Regarding the board of directors, it is necessary for additional information to determine whether they exercise oversight and responsibility related to financial reporting and related internal control.
It is noted that the board is responsible for making hiring recommendations, which is then screened by human resources •Managements philosophy and operating style- Additional information is needed for the audot to be able to consider the following information: othe independence, objectivity, and competency of the internal audit function othe design and comprehensiveness of the internal audit testing and evaluation approach, including an analysis and test of the organization’s approach to remediatation control problems othe documentation of the internal audit testing Organizational structure- the company demonstrates a good organizational structure for internal control. •Financial reporting competencies- he external board members have considerable financial expertise in their respective industries. In additional information we would like to know the number of board members that are external to determine if the board is independent. •Authority and responsibility- training programs are in place to give employees and managers the proper tools, with software to make it work. Human Resources- Human resources division, screens and investigates all applicants for proper background and required education, training, and experience for the positions. Final Hiring and termination authority rests with the human resources director. Risk Assessment •Financial Reporting Objectives: Sufficient guidelines are in place for workers to analyze the financial reporting. •Financial Reporting Risks:
Additional information is needed in order to identify if the company analyzes risks to the achievement of financial reporting objectives as a basis for determining how the risks should be managed. •Fraud Risk: there is locks on the machine when it is not being used to sign checks and the key is in the custody of the check signer. Control Activities •Integration with Risk Assessment: Biltrite uses the control group then monitors the reprocessing of the misstatements after satisfying themselves that the misstatements were unintentional.
Any misstatements that occurring during processing runs are logged into the console and are accessible only by the control group. •Selection and development of control activities: the processes that are in use are very effective and have been chosen due to the cost and benefit of the control activities. •Policies and Procedures: Additional information could be useful to determine whether the policies are communicated throughout the company. Biltrite does clearly state they have adequate training programs and have a code of conduct for existing employees. Information technology: Biltrite’s software has adequate controls regarding computer input and output. Any misstatements are addressed, and other controls such as bank account reconciliation. Information and Communication •Financial Reporting Information: Additional information is needed to identify if the information is used at all levels of the company, and distributed in a form and timeframe that supports the achievement of financial reporting objectives. Internal Control Information: The information that is used is of adequate timeframe, and does not hinder the ability of the personnel to carry out their internal control responsibilities. •Internal Communication: The internal control objectives, process, and individual responsibilities at all levels are supported by strong communication. •External Communication: Additional information is used to distinguish if matters affecting the achievements of financial reporting objectives are communicated with outside parties.
Monitoring •Ongoing and separate evaluations: They have a continuous evaluations that do enable management to determine whether internal control over financial reporting is present and functioning. •Reporting Deficiencies: The corrective action is established with employees so that the corrective actions, can be taken in a timely matter, and are appropriate. 2. Severe deficiencies in the design of controls are suggesting an increased likelihood of material misstatement.