22
Internal Control
Internal Control
10 - 10 - 22
Internal Control Definition
A process, effected by the entity’s board
of directors, management and other
personnel, designed to provide reasonable
assurance regarding the achievement of
objectives.
10 - 10 - 33
3. Compliance with laws and regulations
2. Efficiency and effectiveness of operations
1. Reliability of financial reporting
Internal Control Objectives
10 - 10 - 44
Five Components of Internal Control
Riskassessment
Controlactivities
Information andcommunication
Monitoring
10 - 10 - 55
The Control Environment
Integrity and ethical values
Commitment to competence
Board of directors or auditcommittee participation
10 - 10 - 66
The Control Environment
Management’s philosophy and operating style
Organizational structure
Human resource policies and practices
10 - 10 - 77
Risk Assessment
Identify factors that may increase risk
Assess the likelihood of the risk occurring
Determine actions necessary to manage the risk
Estimate the significance of the risk
10 - 10 - 88
Control Activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
10 - 10 - 99
Adequate Separation of Duties
Custody of assets Accounting
Authorizationof transactions
The custody ofrelated assets
Operationalresponsibility
Record-keepingresponsibility
IT duties User departments
from
from
from
from
10 - 10 - 1010
Proper Authorization of Transactions and Activities General authorization
Specific authorization
10 - 10 - 1111
Adequate Documents and Records
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple use
Constructed to encourage correct preparation
10 - 10 - 1212
Physical Control Over Assetsand Records
The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
10 - 10 - 1313
Independent Checks on Performance
The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
10 - 10 - 1414
Information and Communication
The purpose of an accounting informationand communication system is to…
initiate, record, process, and reportthe entity’s transactions and to maintainaccountability for the related assets.
10 - 10 - 1515
Monitoring
Monitoring activities deal with management’songoing and periodic assessment of thequality of internal control performance…
to determine whether controls are operatingas intended and modified when needed.
10 - 10 - 1616
Methods Used to Document Understanding
Narrative
FlowchartInternalcontrol
questionnaire
10 - 10 - 1717
Evaluating Internal Control Operation
Update and evaluate auditor’s previousexperience with the entity
Make inquiries of client personnel
Examine documents and records
Observe entity activities and operations
Perform walk-throughs of the accounting system
10 - 10 - 1818
Evaluating Significant Control Deficiencies
MaterialWeakness
LIKELIHOOD
SIGNIFICANCE
Material
Immaterial
ProbableRemote
10 - 10 - 1919
Identify Deficiencies and Weakness
Identify existing controls
Identify the absence of key controls
Consider the possibility of compensating controls
Decide whether there is a significant deficiencyor material weakness
Determine potential misstatements that could result
10 - 10 - 2020
Communications
Internal audit reports
Communications to thosecharged with governance
10 - 10 - 2121
Tests of Controls
The procedures to test effectiveness of controlsin support of a reduced assessed controlrisk are called tests of controls.
End of Chapter
