INTERNAL CONTROL Internal Control Systems The Use of Internal Control Systems by Auditors Transaction Cycles Tests of Control The Evaluation of Internal Control Component Communication on Internal Control
Internal Control Systems
Why must Auditors understand the Accounting System and Control Environment of an entity? Auditor must understand the accounting system and control environment in order to determine their audit approach. How would you define what Internal Control is? Internal control is the process designed and put in place by those whose job it is to govern and manage the company to provide reasonable assurance about the reliability of financial reporting, the efficiency and effectiveness of operations and compliance with applicable laws and regulations. What are the elements that make up the Internal Control? The control environment The entity’s risk assessment process The Information system relevant to financial reporting Control activities Monitoring of controls
What is the Control Environment? The control environment includes the functions, attitudes, awareness and actions of those responsible for governance and management concerning the entity’s internal control and its importance in the entity. Because controls are more likely to operate well in an environment where they are treated as being important a strong control environment does not, by itself, ensure the effectiveness of the overall internal control system but a weak control environment can undermine the effectiveness of controls. What is the Entity’s risk assessment process? The entity’s risk assessment process involves processes the entity has put in place to identify business risk relevant to financial reporting objectives, estimating the significance of the risk, assessing the likelihood of their occurrence, and deciding upon actions to address those risk.
What is the Information System Relevant to Financial Reporting? The information system relevant to financial reporting includes the financial reporting system, it consists of procedures and records established to start, record, process and report entity transactions and maintain accountability for the related assets, liabilities and equity. What are Control Activities? Control activities are those policies and procedures that help ensure that management directives are carried out. Control activities include those activities to prevent or to detect and correct errors. This includes activities relating to authorisation, performance reviews, information processing, physical controls and segregation of duties. Note: Segregation of duties is a part of the control activities. Segregation implies more people being involve in the accounting process and this makes it more difficult for fraud or accidental errors to slip through. The key functions that should be segregated are the carry out of a transaction, the recording of a transaction and the maintaining custody of assets that arise from the transaction. What is involved in Monitoring of Controls? Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It includes assessing the design and operation of controls on a timely basis and taking necessary corrective actions modified for changes in conditions. What do the internal controls in a computerised environment include? The internal controls in a computerised environment include general controls and application controls? What are General Controls in a computerised environment? Development of computer application o Standards over systems design, programming and documentation o Testing procedures using test data o Approval by computer users and management o Segregation of duties from those who design and those who test o Installation procedures o Training of staff Prevention or detection of unauthorised changes to program o Full records of program changes o Password protection o Restricted access to central