Aantekeningen Internal Control
Week 1
Internal Control Is a process designated to provide reasonable assurance regarding the
achievements of the following categories of objecives:
Efficiency and effectiveness of operations - Efficiëntie en effectiviteit van operaties
Reliability of financial reporting – Betrouwbaarheid van financiële rapportage
Compliance with applicable laws and regulations – Wet en regelgeving
Safeguarding Assets - Bescherming van activa
Internal control – Where do we begin?
- Companies
- People / employees
- Decision You have an agreement with your boss to show up on time so you show
up and in return you receive a reward.
Organization ‘’An organization is a group of people intentionally cooperating to achieve
one or more common goals’’
Difference between profit based organization and project based organization
Objectives
Stakeholders You start with your stakeholders, the first thing you want to know is; who is
interesting in what im doing? Are there people who wants to buy my stuff.
o Look at suppliers
Mission/vision What is the mission of my organization?
o Example: Nike Mission; ‘’ To bring inspiration and innovation to every athlete in
the world.’’
o Vision: How, how are we going to do it?
Strategic goals What are you goals and how can you measure those goals?
o Example: Strategic goals is that you don’t want to include child slave in your
company Measurement; KPI’s who can manage the child abuse
But how to: Information and IT
, Implement
Achieve
Measure
Monitor
Risks & Control For example; if you are a firework selling company, exploding danger is a risk.
Risk exist at every level of a organization, you have strategic risk and operational risks.
Control: For example, you have a sale process, you are selling stuff over the internet, you have the risk
of people who don’t pay. The control you can take is to make people pay with ideal forehand, or just
only sell it to reliable payers.
Data versus information
Data is just unstructured information
Information As soon as you structured data and you give meaning to that data you can call it
information
Different types of information
Nature and aggregation level depends on the decision making
Quantitative versus qualitative information
Periodic versus unique information For example you need to invest in something you need
unique information
Detailed versus high-level information If information is really detailed the aggregation
level is really low, if information is not detailed the aggregation level is high
Useful information
1. Access restricted 2. Accurate 3. Available 4. Reputable 5. Complete 6. Concise 7. Consistent 8.
Current 9. Objective 10. Relevant 11. Timely 12. Useable 13. Understandable 14. Verifiable
Week 2
Organizations have an objective, for example oil. A threat can then occur, for example a fire. This
threat is caused by an event (this can either be internal or external), for example a lightning strike.
2 different types of risks: organizational (for the organization, psychical things) and reporting (when
a risk happens, you also need to process it in your books) risks. Inherent risk (risks that are coming
yourway because you are in a certain business), residual risk (risk that remains after you took risk
control measures).
Risk (expected loss) = likelihood x impact.
Risk response depends on the management’s risk appetite, you can:
- Reduce, accept, share (insurance) of avoid the risk.
, When you need to write down a risk on your exam, write the risk in 3 steps: the cause (what is
happening), the risk (what leads to) and the effect. You can find your control looking at the
cause.
Week 3 – hoorcollege
Typology of organizations
Goal: Simplifying the reality of diversity in organizations by dividend them in typologies.
Reference model & helpmodel (help you frame the way you’re thinking)
Coherence between flows of goods and flows of money (if you know the flow and you can
count the money, then you can have a good calculation of what should be in your
administration, you come across errors pretty quickly)
Relationship between sacrificed value and obtained value (how do the things you buy relate
or differ to the things you sell, its important to design internal control)
Impact internal controls
Methods of internal control of secure the completeness of revenues: (are we paying enough taxes
etc.)
Value cycle (for example: cookie factory)
Contract creation registry (for example: law firm)
Capacity movements (for example: truck rental)
Labor capacity (for example: ICT company)
Third party information (for example: subsidies)
Based on these methods:
- SOLL (expectation) vs IST (Administration) position (if those numbers are not the same there
is something wrong)
Accuracy Is the information right?
Completeness Is the information complete?
Week 1
Internal Control Is a process designated to provide reasonable assurance regarding the
achievements of the following categories of objecives:
Efficiency and effectiveness of operations - Efficiëntie en effectiviteit van operaties
Reliability of financial reporting – Betrouwbaarheid van financiële rapportage
Compliance with applicable laws and regulations – Wet en regelgeving
Safeguarding Assets - Bescherming van activa
Internal control – Where do we begin?
- Companies
- People / employees
- Decision You have an agreement with your boss to show up on time so you show
up and in return you receive a reward.
Organization ‘’An organization is a group of people intentionally cooperating to achieve
one or more common goals’’
Difference between profit based organization and project based organization
Objectives
Stakeholders You start with your stakeholders, the first thing you want to know is; who is
interesting in what im doing? Are there people who wants to buy my stuff.
o Look at suppliers
Mission/vision What is the mission of my organization?
o Example: Nike Mission; ‘’ To bring inspiration and innovation to every athlete in
the world.’’
o Vision: How, how are we going to do it?
Strategic goals What are you goals and how can you measure those goals?
o Example: Strategic goals is that you don’t want to include child slave in your
company Measurement; KPI’s who can manage the child abuse
But how to: Information and IT
, Implement
Achieve
Measure
Monitor
Risks & Control For example; if you are a firework selling company, exploding danger is a risk.
Risk exist at every level of a organization, you have strategic risk and operational risks.
Control: For example, you have a sale process, you are selling stuff over the internet, you have the risk
of people who don’t pay. The control you can take is to make people pay with ideal forehand, or just
only sell it to reliable payers.
Data versus information
Data is just unstructured information
Information As soon as you structured data and you give meaning to that data you can call it
information
Different types of information
Nature and aggregation level depends on the decision making
Quantitative versus qualitative information
Periodic versus unique information For example you need to invest in something you need
unique information
Detailed versus high-level information If information is really detailed the aggregation
level is really low, if information is not detailed the aggregation level is high
Useful information
1. Access restricted 2. Accurate 3. Available 4. Reputable 5. Complete 6. Concise 7. Consistent 8.
Current 9. Objective 10. Relevant 11. Timely 12. Useable 13. Understandable 14. Verifiable
Week 2
Organizations have an objective, for example oil. A threat can then occur, for example a fire. This
threat is caused by an event (this can either be internal or external), for example a lightning strike.
2 different types of risks: organizational (for the organization, psychical things) and reporting (when
a risk happens, you also need to process it in your books) risks. Inherent risk (risks that are coming
yourway because you are in a certain business), residual risk (risk that remains after you took risk
control measures).
Risk (expected loss) = likelihood x impact.
Risk response depends on the management’s risk appetite, you can:
- Reduce, accept, share (insurance) of avoid the risk.
, When you need to write down a risk on your exam, write the risk in 3 steps: the cause (what is
happening), the risk (what leads to) and the effect. You can find your control looking at the
cause.
Week 3 – hoorcollege
Typology of organizations
Goal: Simplifying the reality of diversity in organizations by dividend them in typologies.
Reference model & helpmodel (help you frame the way you’re thinking)
Coherence between flows of goods and flows of money (if you know the flow and you can
count the money, then you can have a good calculation of what should be in your
administration, you come across errors pretty quickly)
Relationship between sacrificed value and obtained value (how do the things you buy relate
or differ to the things you sell, its important to design internal control)
Impact internal controls
Methods of internal control of secure the completeness of revenues: (are we paying enough taxes
etc.)
Value cycle (for example: cookie factory)
Contract creation registry (for example: law firm)
Capacity movements (for example: truck rental)
Labor capacity (for example: ICT company)
Third party information (for example: subsidies)
Based on these methods:
- SOLL (expectation) vs IST (Administration) position (if those numbers are not the same there
is something wrong)
Accuracy Is the information right?
Completeness Is the information complete?
