ࡱ> % aqbjbj%% "^GGl&l ( 444HCCC8C$D|Hk2G:G"HHHHHHpkrkrkrkrkrkrk$#m Cok4HHHHHkYL44HHkYLYLYLH4H4HpkYLHpkYL YL!VX44XHG ХUVHx@CJXXk0kXoSKoXYLHH4444 Teaching Auditing Students About Internal Controls From an Internal Audit Perspective Susanne OCallaghan, Ph.D., CPA, CIA Associate Professor of Accounting Pace University Lubin School of Business One Pace Plaza New York, NY 10038  HYPERLINK "mailto:socallaghan@pace.edu" socallaghan@pace.edu John P. Walker, Ph.D., CPA Professor of Accounting Queens College CUNY 65-30 Kissena Blvd Queens, NY 11367  HYPERLINK "mailto:jpvwalker@aol.com" jpvwalker@aol.com Raymond J. Elson*, DBA, CPA Assistant Professor of Accounting Valdosta State University Langdale College of Business Valdosta, GA 31698  HYPERLINK "mailto:relson@valdosta.edu" relson@valdosta.edu * Corresponding author Teaching Auditing Students About Internal Controls From an Internal Audit Perspective Introduction In the Sarbanes-Oxley era there is a real need for a good understanding of the different responsibilities and reliances that can be placed on the work of others. External auditors must have a good comprehension of the types and extent of work that internal auditors do. Since most universities do not provide a stand-alone course on internal auditing, students must rely on what they learn in the mainstream auditing class to obtain their understanding of what an internal auditor does. This paper provides auditing instructors a vehicle for teaching the need for, and the approach to, how internal auditors do their jobs. Background Many accounting students will enter the auditing profession upon graduation. They will enter the external auditing profession, the internal auditing profession or work in organizations where they interact with all types of auditors. If these students enter the external auditing profession, they will be expected to interact and understand what internal auditors do in order to rely on the internal auditors work under SAS 65 The Auditors Consideration of the Internal Audit Function in an Audit of Financial Statements and PCOAB Standard No. 2. But it is difficult for auditing students to understand what value the internal audit function brings to the table as most auditing textbooks have only one chapter on internal auditing. That chapter is usually very vague as to what an internal auditor actually does. This paper provides a simple approach to understanding concepts surrounding the internal auditors role in evaluating internal controls so that their employer meets the objectives. Literature Review There is very little literature that offers a pedagogical approach to teaching internal auditing. Fernandes (1994) recognizes that accounting education prepares students well for financial auditing. He acknowledges that the traditional auditing course may trigger an interest in internal auditing on the part of the student but the student is basically left to figure out what internal auditing is all about. These same students are not adequately prepared in the areas of business analytical techniques and there is a void in general audit education because of this. He feels that all universities with business and public administration programs should offer at least one course devoted to internal auditing. Another article by Fernandes, Poposky and Savage (1995) presents the development of an internal audit course curriculum. The author examines and identifies course objectives that would enhance the students understanding of both the conceptual and practical aspects of the internal auditor function. They also identify elements of a curriculum that would enhance students analytic, critical thinking, written and oral communication, and group/teamwork skills. This article lays out detailed objectives, methods of instruction, professional company involvement and course evaluation but does not go into any detail of content. Greensawalt and Stinnett (1992) present an excellent case that can be adapted for use in a financial auditing or internal auditing class. It requires students to find an audit client. The students then have the task of understanding and documenting the internal control system of either the revenue cycle or the expenditure cycle. The students present a written report and document their understanding of the controls, prepare an internal control review matrix, do evaluations and make oral presentations. This article provides a great outside project but does not provide the audit instructor an in-class demonstration of how a control matrix is prepared. Our paper provides a unique pedagogical approach to teaching auditing students how to construct a control matrix, an important tool for use in evaluating internal controls. The Relationship between Internal and External Auditing Internal auditing is an independent, objective, assurance and consulting activity designed to add value and improve an organizations operations. Its focus is mainly on evaluating and improving the effectiveness of the organizations risk management, control and governance processes. External auditing is the systematic process of objectively obtaining and evaluating evidence regarding management assertions in financial statements. Its focus is on communicating any findings to interested users who are mostly external to the organization such as shareholders and the SEC. Both sets of auditing professionals have a use for control matrices. The Relationships among Organizational Objectives, Threats to Meeting Objectives and Internal Controls All entities have specific objectives that they must achieve. But all objectives have threats that may threaten their achievement. These threats must be eliminated, avoided, controlled or accepted. By having good controls in place to mitigate the threats, a company is better able to achieve its objectives and therefore places itself in a competitive position. It is managements responsibility to see that adequate controls are in place. It is the auditors responsibility to see that managements controls are indeed working as planned. The internal auditors chief role is to evaluate the design and effectiveness of those controls. COSO Approach to Developing a Control Matrix This paper illustrates a control matrix approach that can be used as lecture material (or as a class assignment) in the internal auditing chapter of a traditional textbook or as part of an internal auditing course. This control matrix helps students understand how organization objectives drive the need for controls. A COSO framework is used as the basis for the control matrix development. The COSO internal control framework states that entities have three objectives: good operations, compliance with rules and regulations and good financial reporting. But there are external and internal threats to having good operations, being in compliance with rules and regulations and having good financial reporting. To achieve organizational objectives and minimize the threats, an entity must have a good internal control system in place. That system should consist of five elements. The entity must have a good control environment, risk assessment procedures, excellent control activities, adequate information and communications and a monitoring mechanism in place. Auditing students have already learned about COSO in an earlier chapter on internal control so this is a quick internal control review for them. In the internal auditing chapter we move into a more detailed discussion of the internal auditors role in evaluating internal controls put in place by management and in the value-added services that internal auditors perform. But there are few examples to really help students internalize what internal auditors do. Since most students have some understanding as to how restaurants operate, we used a restaurant example to illustrate this approach to teaching internal auditing. We use the COSO framework and a six-step process to create the control matrix. We first illustrate the three objectives of a restaurant. Second, we identify threats to meeting those restaurant objectives. Third, we discuss control objectives necessary to see that the threats are contained. Fourth, we use the five components of a good internal control system to meet the control objectives. Fifth, we then examine the various control activities that management could have in place. Lastly, in the sixth step, we identify steps to be taken by the auditor to assure that control objectives are met. Teaching Approach The matrix that follows can be created by the audit instructor by first filling in the first column: the three objectives identified by COSO: operations, compliance with rules and regulations, and monitoring (Table 1.) Table 1 Restaurant Objective (Column 1)COSO Objectives of EntityOperationsComplianceFinancial Reporting Next the instructor can present one threat to each of the restaurant objectives; e.g., a threat to operations is that employees might lose fingers; a threat to being in compliance with rules and regulations is that the restaurant could lose its license if it violates health regulations; a threat to good financial reporting is that restaurant sales may not be recorded accurately (Table 2.) The third column is completed by identifying the control objectives that management has or should have in place to stop the threats! For example, the operations objective is to stop employees from losing fingers (Table 3.) Then the instructor fills in the fourth column with the internal control elements. The five individual elements of a good internal control system are the control environment, risk assessment, control activities, information and communication, and monitoring (Table 4.) These internal control elements should ensure that managements control objectives are met. Table 2 Threats to Meeting Objectives (Column 2)COSO Objectives of EntityThreats to the RestaurantOperationsEmployees will lose fingers on sharp equipmentComplianceRestaurant may lose its license due to not adhering to health regulationsFinancial ReportingRestaurant sales will not be recorded accurately Table 3 Managements Control Objectives (Column 3)COSO Objectives of EntityThreats to the EntityControl Objective (To stop the Threat-Managements Responsibility)OperationsEmployees will lose fingers on sharp equipmentTo ensure that employees dont lose fingers on sharp equipmentComplianceRestaurant may lose its license due to not adhering to health regulationsTo ensure that all health regulations are followed so that restaurant does not lose its licenseFinancial ReportingRestaurant sales will not be recorded accuratelyTo ensure that all sales are recorded accurately so that the financial reporting objective is met  The fifth column addresses what management has told the auditor they have put in place to meet the threat belonging to that internal control element. For example, a control environment step that could help keep employees from losing fingers would be the existence of training sessions to show employees how to use the equipment. These are the activities that management has put in place to see that the control objective is met. The instructor continues to identify different evidence that the control objective is being met for each of the internal control elements in column 4 (Table 5.) Table 4 Internal Control Elements (Column 4)COSO Objectives of EntityThreats to the EntityControl Objective (To stop the Threat-Managements Responsibility)Internal Control Element (COSO)OperationsEmployees will lose fingers on sharp equipmentTo ensure that employees dont lose fingers on sharp equipmentControl EnvironmentSameSameRisk AssessmentSameSameControl ActivitiesSameSameInformation and CommunicationsSameSameMonitoringComplianceRestaurant may lose its license due to not adhering to health regulationsTo ensure that all health regulations are followed so that restaurant does not lose its licenseControl EnvironmentSameSameRisk AssessmentSameSameControl ActivitiesSameSameInformation and CommunicationsSameSameMonitoringFinancial ReportingRestaurant sales will not be recorded accuratelyTo ensure that all sales are recorded accurately so that the financial reporting objective is met Control EnvironmentSameSameRisk AssessmentSameSameControl ActivitiesSameSameInformation and CommunicationsSameSameMonitoring Table 5 Evidence That Control Objectives are Being Met (Column 5)COSO Objectives of EntityThreats to the EntityControl Objective (To stop the Threat-Managements Responsibility)Internal Control Element (COSO)Evidence that Control Objective is Being Met (Managements Responsibility)OperationsEmployees will lose fingers on sharp equipmentTo ensure that employees dont lose fingers on sharp equipmentControl EnvironmentManagement provides training sessions for all new employees on how to use equipment safelySameSameRisk AssessmentManagement reviews the equipment to make sure that any new equipment is included in training sessionsSameSameControl ActivitiesSafety blades are required to be kept on all equipment when equipment is not is useSameSameInternal Control Element (COSO)Reminders about equipment safety are posted near all equipmentSameSameControl EnvironmentManagement keeps logs of safety walk-throughs to see that equipment is covered when not in use and employees are following safety procedures.ComplianceRestaurant may lose its license due to not adhering to health regulationsTo ensure that all health regulations are followed so that restaurant does not lose its licenseRisk AssessmentManagement has policies and procedures on all health regulations; all new employees must read and sign off.SameSameControl ActivitiesManagement reviews changes to health code on a regular basis to see if new regulations have added to their risksSameSameInformation and CommunicationsManagement has policy that no food should be left out of refrigerator for more than one hourSameSameMonitoringSigns are clearly posted stating that employees must wash hands after using the bathroomSameSameControl EnvironmentManagement goes through all city health inspection reports and implements all infractionsFinancial ReportingRestaurant sales will not be recorded accuratelyTo ensure that all sales are recorded accurately so that the financial reporting objective is met Risk AssessmentManagement has policies and procedures for the proper recording of sales by servers and cashiersSameSameControl ActivitiesManagement conducts quarterly reviews to determine if employee turnover has caused changes to the financial proceduresSameSameInformation and CommunicationsManagement requires use of prenumbered server order forms so that all meals can be accounted forSameSameMonitoringManagement prepares daily server reports to report on all tips for tax purposes; all employees sign formSameSameControl EnvironmentManagement accounts for all prenumbered server order form ticketsRisk AssessmentControl ActivitiesInformation and CommunicationsMonitoring But the internal auditor cannot rely on managements statements alone. So the sixth column illustrates what evidence the internal auditor would ask for to evaluate managements actions to threats to the restaurant, e.g., if the restaurants operating objective is to have good operations and management has stated that they provide training sessions for all employees to show them how to safely use sharp equipment (control environment), then the internal auditor would request and review schedules of past and future training sessions and check that all employees have attended those sessions (Table 6.) Table 6 Audit Procedures (Column 6)COSO Objectives of EntityThreats to the EntityControl Objective (To stop the Threat-Managements Responsibility)Internal Control Element (COSO)Evidence that Control Objective is Being Met (Managements Responsibility)Audit Procedure (Auditors Responsibility)OperationsEmployees will lose fingers on sharp equipmentTo ensure that employees dont lose fingers on sharp equipmentControl EnvironmentManagement provides training sessions for all new employees on how to use equipment safelyAuditor requests and reviews schedule of past and future training sessions and checks that all employees have attendedSameSameRisk AssessmentManagement reviews the equipment to make sure that any new equipment is included in training sessionsAuditor requests equipment review reports from management. Examines new equipment. Checks against training sessionsSameSameControl ActivitiesSafety blades are required to be kept on all equipment when equipment is not is useAuditors sample equipment and inspect to see that safety blades are on equipment not in useSameSameInformation and CommunicationsReminders about equipment safety are posted near all equipmentAuditor examines signs near all equipment to see that they are posted and in good conditionSameSameMonitoringManagement keeps logs of safety walk-throughs to see that equipment is covered when not in use and employees are following safety procedures. Auditor requests safety walk-throughs logs and determines that comments have been addressed ComplianceRestaurant may lose its license due to not adhering to health regulationsTo ensure that all health regulations are followed so that restaurant does not lose its licenseControl EnvironmentManagement has policies and procedures on all health regulations; all new employees must read and sign off.Auditor examines policies and procedures manual to see that health regulations are included and are current; examines sign off by all employeesSameSameRisk AssessmentManagement reviews changes to health code on a regular basis to see if new regulations have added to their risksAuditor examines managements review of new health codes and evaluates conclusionsSameSameControl ActivitiesManagement has policy that no food should be left out of refrigerator for more than one hourCheck for written policy; auditor observes kitchen for food left out; auditor inquires of employees to see if they follow policySameSameInformation and CommunicationsSigns are clearly posted stating that employees must wash hands after using the bathroomAuditor visits all bathrooms to see that signs are clearly visible and in good conditionSameSameMonitoringManagement goes through all city health inspection reports and implements all infractionsAuditor examines city health inspection reports and inquires if infractions have been correctedFinancial ReportingRestaurant sales will not be recorded accuratelyTo ensure that all sales are recorded accurately so that the financial reporting objective is met Control EnvironmentManagement has policies and procedures for the proper recording of sales by servers and cashiersAuditor examines policy on recording sales and inquires of servers and cashiersSameSameRisk AssessmentManagement conducts quarterly reviews to determine if employee turnover has caused changes to the financial proceduresAuditor requests managements quarterly review of changing circumstances and inquires as to resulting changesSameSameControl ActivitiesManagement requires use of prenumbered server order forms so that all meals can be accounted forAuditor samples server order forms and checks for completenessSameSameInformation and CommunicationsManagement prepares daily server reports to report on all tips for tax purposes; all employees sign formAuditor samples daily servers tip reports to ensure that all tips are accurately reported to the IRSSameSameMonitoringManagement accounts for all prenumbered server order form ticketsAuditor requests managements report on monitoring prenumbered tickets and inquires as to action taken on missing order forms After completing the control matrix, the instructor can give the students an easy assignment. Have the students identify three new control objectives: one for operations, one for compliance and one for financial reporting. For instance, other threats to operations might be that the restaurant does not get enough customers to stay in business or that cashiers might steal money. Other threats to compliance might be that the restaurant does not pay fair wages under the Fair Labor Act or that it fails to pass Board of Health inspections. A threat to financial reporting might be that servers allow friends to eat for free. Then the students can determine what kind of evidence the internal auditor would ask for in order to evaluate how well managements actions cover the threats. This easy assignment helps students understand the connection between managements responsibility to have control objectives in place to meet the restaurants objectives and the auditors role in gathering evidence to evaluate managements control objectives. Conclusion In todays business environment, Sarbanes-Oxley has made it imperative that everyone in the organization be concerned with good internal controls. Both the external auditor and the internal auditor are involved in the Sarbanes-Oxley process. It is imperative that accounting students studying auditing, in addition to understanding the responsibilities of external auditors, also be keenly aware of the managerial role that internal auditors play in assuring that internal controls are designed and operating effectively. Using a control matrix approach (see Appendix A for finished matrix) provides those students with a valuable learning experience. Appendix A Control Matrix for a RestaurantCOSO Objectives of EntityThreats to the EntityControl Objective (To stop the Threat-Managements Responsibility)Internal Control Element (COSO)Evidence that Control Objective is Being Met (Managements Responsibility)Audit Procedure (Auditors Responsibility)OperationsEmployees will lose fingers on sharp equipmentTo ensure that employees dont lose fingers on sharp equipmentControl EnvironmentManagement provides training sessions for all new employees on how to use equipment safelyAuditor requests and reviews schedule of past and future training sessions and checks that all employees have attendedOperationsSameSameRisk AssessmentManagement reviews the equipment to make sure that any new equipment is included in training sessionsAuditor requests equipment review reports from management. Examines new equipment. Checks against training sessionsOperationsSameSameControl ActivitiesSafety blades are required to be kept on all equipment when equipment is not is useAuditors sample equipment and inspect to see that safety blades are on equipment not in useOperationsSameSameInformation and CommunicationsReminders about equipment safety are posted near all equipmentAuditor examines signs near all equipment to see that they are posted and in good conditionOperationsSameSameMonitoringManagement keeps logs of safety walk-throughs to see that equipment is covered when not in use and employees are following safety procedures. Auditor requests safety walk through logs and determines that comments have been addressed ComplianceRestaurant may lose its license due to not adhering to health regulationsTo ensure that all health regulations are followed so that restaurant does not lose its licenseControl EnvironmentManagement has policies and procedures on all health regulations; all new employees must read and sign off.Auditor examines policies and procedure manual to see that health regulations are included and are current; examines sign off by all employeesComplianceSameSameRisk AssessmentManagement reviews changes to health code on a regular basis to see if new regulations have added to their risksAuditor examines managements review of new health codes and evaluates conclusionsComplianceSameSameControl ActivitiesManagement has policy that no food should be left out of refrigerator for more than one hourCheck for written policy; auditor observes kitchen for food left out; auditor inquires of employees to see if they follow policyComplianceSameSameInformation and CommunicationsSigns are clearly posted stating that employees must wash hands after using the bathroomAuditor visits all bathrooms to see that signs are clearly visible and in good conditionComplianceSameSameMonitoringManagement goes through all city health inspection reports and implements all infractionsAuditor examines city health inspection reports and inquires if infractions have been correctedFinancial ReportingRestaurant sales will not be recorded accuratelyTo ensure that all sales are recorded accurately so that the financial reporting objective is met Control EnvironmentManagement has policies and procedures for the proper recording of sales by servers and cashiersAuditor examines policy on recording sales and inquires of servers and cashiersFinancial ReportingSameSameRisk AssessmentManagement conducts quarterly reviews to determine if employee turnover has caused changes to the financial proceduresAuditor requests managements quarterly review of changing circumstances and inquires as to resulting changesFinancial ReportingSameSameControl ActivitiesManagement requires use of prenumbered server order forms so that all meals can be accounted forAuditor samples server order forms and checks for completenessFinancial ReportingSameSameInformation and CommunicationsManagement prepares daily server reports to report on all tips for tax purposes; all employees sign formAuditor samples daily servers tip reports to ensure that all tips are accurately reported to the IRSFinancial ReportingSameSameMonitoringManagement accounts for all prenumbered server order form ticketsAuditor requests managements report on monitoring prenumbered tickets and inquires as to action taken on missing order forms Bibliography Chambers, Andrew D., Teaching Internal Auditing at a University-An Example in Content, The Accounting Review, (January 1978), Vol. LIII, No.1, PP. 143-147. Crockett, James R., The Dynamics of Accounting Education and Their Effects on Internal Auditing, Managerial Auditing Journal, (1993), Vol. 8, Iss. 4, pp. 27-32. Dittenhofer, Mortimer A., Teaching Internal Auditing: The Case-Study Method, Managerial Auditing Journal, (1992) Vol. 7, Iss3, pp. 17-24. Fernandes, John J., Preparing Tomorrows Internal Auditor, Managerial Auditing Journal, (1994), Vol. 9, Iss. 2; Pages 20-23. Fernandes, John J., Margaret L. Poposky and Linda J. Savage, Operational Auditing Education: High-Impact Techniques, Managerial Auditing Journal, (1995), Vol. 10, Iss. 3, pp 19-22. Foster, Sheila D. and Mary Brady Greenawalt, Internal Auditing Education: A Comparison Across Countries, Managerial Auditing Journal, (1995), Vol. 10, Iss. 3, pp. 31-36. Greenawalt, Mary B., and Sheila Foster-Stinnett, Experiential Learning for the Internal Auditing Student, Managerial Auditing Journal, (1992), Vol. 7, Iss. 3, pp. 8-12. Phillips, T. J., and B. T. Lewis, Internal Audit Education: The Accounting Curriculums Greatest Deficiency, Journal of Education for Business, (Jan/Feb 1991), Vol. 66, Issue 3, pp 176-180. Sinason, David H., Attracting Students to Internal Auditing Careers, Internal Auditing, Jan/Feb 2004, Vol. 19, Iss. 1, pp. 39-42. Wilson, Dennis, Teach the Process, Not the Content, Managerial Auditing Journal, (1995), Vol. 10, Iss. 3, pp, 15-18.  The Committee on Sponsoring Organizations published the COSO framework in 1992. It is the most widely recognized internal control framework used in the United States today.     PAGE  PAGE 11 +,ab Pkmrs%%%a&6*h******8+Q+++++++3,q,, -i--...k001/1111111 2+292D2233.3 j0JU>*5 5\aJjUjU0JjU jUQ4WXY~-.Ibx1a$a$$a$p:q`q! _`ghP _$`d$a$$a$?tu  !!$$$$%%%%%& $$Ifa$$a$`d&&&&&& &!&"&#&$Ifh$$IfTl4,"" t0644 la #&$&/&0&1&2&9D3333$If$$IfTlֈd H,"t\rrrr t0644 la2&3&4&5&@&A&3D$$IfTlֈd H,"t\rrrr t0644 la$IfA&B&C&D&E&F&3h$$IfTlֈd H,"t\rrrr t0644 la$IfF&Z&[&\&]&^&_&$If_&`&a&''(97111`$$IfTlֈd H,"t\rrrr t0644 la((3*4*5*6*>*?*h*i*j*k***|v|vv$Iff$$IfTl|~ $ t0$644 la $$Ifa$$a$ _$` ******3$$IfTlֈ|e[~  y t0$644 la$If*******$If***8+9+:+9h3333$If$$IfTlֈ|e[~  y t0$644 la:+;+<+=+Q++3($$IfTlֈ|e[~  y t0$644 la$If++++++3$$IfTlֈ|e[~  y t0$644 la$If+++++++++++3,4,5,6,$Iff$$IfTl|~ $ t0$644 la $$Ifa$$a$6,7,B,q,,,93333$If$$IfTlֈ| q%~ # HY t0$644 la,,,,, -3$$IfTlֈ| q%~ # HY t0$644 la$If -i-j-k-l-m-3$$IfTlֈ| q%~ # HY t0$644 la$Ifm---....$If....i0k097727d$$IfTlֈ| q%~ # HY t0$644 lak0s0t00000001/10111X$Iff$$IfTl|,"% t0%644 la $$Ifa$$a$ 1121=1l1119@3333$If$$IfTlֈ|E ,"FF t0%644 la1111113x$$IfTlֈ|E ,"FF t0%644 la$If1111113$$IfTlֈ|E ,"FF t0%644 la$If1111112$If2222 2+293333$If$$IfTlֈ|E ,"FF t0%644 la+2,2-2.2/2423d$$IfTlֈ|E ,"FF t0%644 la$If4292D2E2F2G230$$IfTlֈ|E ,"FF t0%644 la$IfG2R222333$If33333.39x3333$If$$IfTlֈ|E ,"FF t0%644 la.3/3031323733$$IfTlֈ|E ,"FF t0%644 la$If73<3O3P3Q3R33$$IfTlֈ|E ,"FF t0%644 la$If.3<3O3]3|333@4T4b4r444444444"55666 7p7777P8q8892:R:::L;d;;;8<<S=s==>w>>>>>?[?^?_?p?q?t?u????????????"B+BGBHBIBJB(CSCTCG?GGCHDHyI J JCJ5CJ5aR3S3X3]3|3}3~3$If~3333339d3333$If$$IfTlֈ|E ,"FF t0%644 la3333333$$IfTlֈ|E ,"FF t0%644 la$If3@4T4U4V4W43x$$IfTlֈ|E ,"FF t0%644 la$IfW4X4]4b4r4s4t4$Ift4u4v4{44493333$If$$IfTlֈ|E ,"FF t0%644 la4444443$$IfTlֈ|E ,"FF t0%644 la$If4444443d$$IfTlֈ|E ,"FF t0%644 la$If4444444$If44444472222$a$$$IfTlFֈ|E ,"FF t0%644 la44"5#5$5%5?5U55566{ $$Ifa$$Iff$$IfTl$( t0)644 la4 $$Ifa$$a$ 666?6~6693333$If$$IfTlֈp,P$|%TT$ @  t0)644 la46666663 $$IfTlֈp,P$|%TT$ @  t0)644 la4$If66 7p7q7r73$$IfTlֈp,P$|%TT$ @  t0)644 la4$Ifr7s7x7}7777$If77777893333$If$$IfTlֈp,P$|%TT$ @  t0)644 la48P8Q8R8S8X83$$IfTlֈp,P$|%TT$ @  t0)644 la4$IfX8]8q88993$$IfTlֈp,P$|%TT$ @  t0)644 la4$If9 9V9992:3:$If3:4:5:::?:R:9D3333$If$$IfTlֈp,P$|%TT$ @  t0)644 la4R::::::3$$$IfTlֈp,P$|%TT$ @  t0)644 la4$If:::L;M;N;3$$IfTlֈp,P$|%TT$ @  t0)644 la4$IfN;O;T;Y;d;;;$If;;;;;;93333$If$$IfTlֈp,P$|%TT$ @  t0)644 la4;8<9<:<N<<3l$$IfTlֈp,P$|%TT$ @  t0)644 la4$If<<<S=T=U=3\$$IfTlֈp,P$|%TT$ @  t0)644 la4$IfU=V=[=`=s===$If=====>943333$If$$IfTlֈp,P$|%TT$ @  t0)644 la4>w>x>y>z>>3$$IfTlֈp,P$|%TT$ @  t0)644 la4$If>>>>>>3$$IfTlֈp,P$|%TT$ @  t0)644 la4$If>>???[?\?$If\?]?^?_?`?p?7X1111$If$$IfTlFֈp,P$|%TT$ @  t0)644 la4p?q?r?s?t?u?1d$$IfTlFֈp,P$|%TT$ @  t0)644 la4$Ifu?v?????1$$IfTlFֈp,P$|%TT$ @  t0)644 la4$If???????$If??????7D1111$If$$IfTlFֈp,P$|%TT$ @  t0)644 la4??????1//$$IfTlFֈp,P$|%TT$ @  t0)644 la4$If?!B"B*B+BGBHBIBJBdBzBBB(CSC($Ife$$IfTl$( t0(44 la4 $$Ifa$$a$dSCTC_CCCCG?G@G5$$IfTlֈT\ l$p$ t0(44 la4$If@GEGJGUGGGGAHBHCH$If CHDHOHHH IyI;55555$If$$IfTlֈT\ l$p$ t0(44 la4yI J J JJJ%J5$$IfTlֈT\ l$p$ t0(44 la4$If%JJJJJJJ5$$IfTlֈT\ l$p$ t0(44 la4$If JJJJeKKKjLLL4MMMNOOOPPPPPUQQQQQRRVVGYSYsYtYuYvYZZ[[\\]]^^__[a\aEbFbLcMc3d4dee|f}fggahbhminiiiWj[jijpp:q;q=q>q@qAqCqDqFqGqMqNqOqQqRq0J j0JU jU j0JU5>*5CJCJXJKeKKKKK5t$$IfTlֈT\ l$p$ t0(44 la4$IfKKLjLLLL5D$$IfTlֈT\ l$p$ t0(44 la4$IfLLLL4MMM5$$IfTlֈT\ l$p$ t0(44 la4$IfMMM=NQNNO$IfOOO OOOO;55555$If$$IfTlֈT\ l$p$ t0(44 la4OPPP PP!P5$$IfTlֈT\ l$p$ t0(44 la4$If!PPPPPPP5$$IfTlֈT\ l$p$ t0(44 la4$IfPPUQQQQQ5\$$IfTlֈT\ l$p$ t0(44 la4$IfQQQRRR3$$IfTlFֈT\ l$p$ t0(44 la4$IfRRRUUVVVVCYDYFYGYRYSYsY $$Ifa$$a$`sYtYuYvYYYY ZTZZ($Ife$$IfTl$( t0(44 la4 ZZZZZ [h[;55555$If$$IfTlֈT\ d $p t0(44 la4h[[[[[[\5$$IfTlֈT\ d $p t0(44 la4$If\k\\\\\\5d$$IfTlֈT\ d $p t0(44 la4$If\]\]]]]]5@$$IfTlֈT\ d $p t0(44 la4$If]]],^^^^58$$IfTlֈT\ d $p t0(44 la4$If^^^^7_8_9____$If ____L````;55555$If$$IfTlֈT\ d $p t0(44 la4`[a\agalaqaa5$$IfTlֈT\ d $p t0(44 la4$IfaaEbFbQbVb[b5$$IfTlֈT\ d $p t0(44 la4$If[bnbbLcMcXc]c5$$IfTlֈT\ d $p t0(44 la4$If]cbccc3d4d?d5l$$IfTlֈT\ d $p t0(44 la4$If?dDdIdTddee5$$IfTlֈT\ d $p t0(44 la4$Ife#eTeee,f|f$If|f}fffff"g;L55555$If$$IfTlֈT\ d $p t0(44 la4"ggggggg5H$$IfTlֈT\ d $p t0(44 la4$Ifg"hahbhvh{hh50$$IfTlֈT\ d $p t0(44 la4$Ifhhiminiii5$$IfTlֈT\ d $p t0(44 la4$IfiiiiWjXj3$$IfTlFֈT\ d $p t0(44 la4$IfXjYj[jhjijkkkk8l9lllpmqmnnnnoopppppp9q:q$a$$a$:q*<A@< Default Paragraph Font6@6  Footnote TextCJaJ8&@8 Footnote ReferenceH*, @, Footer  _$&)@!& Page Number.U@1. Hyperlink >*B*phBC@BB Body Text Indentd`,B@R, Body Text5>*:'@a: Comment ReferenceCJaJ4@r4 Comment TextCJaJramam^4WXY~-.Ibx1a! _ ` ghP?tu !!!!!"""""" "!"""#"$"/"0"1"2"3"4"5"@"A"B"C"D"E"F"Z"["\"]"^"_"`"a"##$$3&4&5&6&>&?&h&i&j&k&&&&&&&&&&&&&&&&8'9':';'<'='Q'''''''''''''''''3(4(5(6(7(B(q((((((( )i)j)k)l)m)))*******i,k,s,t,,,,,,,-/-0-1-2-=-l------------------.... .+.,.-.../.4.9.D.E.F.G.R...///////.///0/1/2/7/">*>+>G>H>I>J>d>z>>>(?S?T?_????<@@@@@@@5AAAAAAABxByBzBBBBB>C?C@CECJCUCCCCADBDCDDDODDD EyE F F FFF%FFFFFFFGeGGGGGGHjHHHHHHH4IIIII=JQJJKKK KKKKLLL LL!LLLLLLLLUMMMMMMMNNNNNQQRRRRCUDUFUGURUSUsUtUuUvUUUU VTVVVVVV WhWWWWWWXkXXXXXXY\YYYYYYY,ZZZZZZZ7[8[9[[[[[[[L\`\\[]\]g]l]q]]]E^F^Q^V^[^n^^L_M_X_]_b___3`4`?`D`I`T``aa#aTaaa,b|b}bbbbb"ccccccc"dadbdvd{dddemeneeeeeeWfXfYf[fhfifgggg8h9hhhpiqijjjjkkllll:m>>\?p?u?????SC?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]_`abcdefghijklmnopqrstuvwxyz{|}~`q=+aamXXX !(!!8@0(  B S  ?~19  s | ~ 1:<:5;@;G>H>I>J>d>z>>>(?S?T?_????<@@@@@@@5AAAAAAABxByBzBBBBB>C?C@CECJCUCCCDDDODDD EyE F F FFF%FFFFFFFGeGGGGGGHjHHHHHHH4IIIII=JQJJKKK KKKKLLL LL!LLLLLLLLUMMMMMMMNNNSUsUtUuUvUUUU VTVVVVVV WhWWWWWWXkXXXXXXY\YYYYYYY,ZZZZZZZ9[[[[[L\`\\[]\]g]l]q]]]E^F^Q^V^[^n^^L_M_X_]_b___3`4`?`D`I`T``aa#aTaaa,b|b}bbbbb"ccccccc"dadbdvd{dddemeneeeeeeWfXfbm@DUDUODUDUam`@UnknownGz Times New Roman5Symbol3& z Arial?5 z Courier New;Wingdings"1h)˶&~Y-^0!0dmoo2qHX2Teaching Auditing Students About Internal Controls footballOh+'0   4@ \ h t 3Teaching Auditing Students About Internal Controlseac acacac Normal.dotd footballtd5otMicrosoft Word 9.0t@ԭ@A@yD@GV~Y՜.+,D՜.+,t0 hp   Saint Joseph Balleth-m 3Teaching Auditing Students About Internal Controls Title 8@ _PID_HLINKSADyTmailto:relson@valdosta.edu*mailto:jpvwalker@aol.com mailto:socallaghan@pace.edu  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FVVData 1TableoWordDocument"^SummaryInformation(DocumentSummaryInformation8CompObjjObjectPoolVVVV  FMicrosoft Word Document MSWordDocWord.Document.89q