Internal Control Checklist & Paper
Phases of Internal Control There are five major phases of the internal control cycle. These phases consist of the following: Phase 1is to Understand and Document the Client’s Internal Control, Phase 2 is to Assess the Control Risk, Phase 3 is to Perform Tests and Controls and Reassess Control Risk.
The phases were designed to ensure audits were being conducted in an efficient and standardized matter. Companies need an effective way to understand and mitigate risk, and a process had to be in place to do just that. There are five components that outline the cycle of an audit and each of these fit into one of the three above phases.
The five components are Control Environment, Risk Assessment, Control Procedures, Information and Communication, and Monitoring. In phase one of the internal control audit cycle, the auditor is looking at the control environment and more specifically trying to figure out who makes major decisions and who has the authority to execute them. “The control environment is concerned with the actions, policies, and procedures that reflect the overall attitude of the client’s top management, directors, and owners of an entity about internal control and its importance.”
In phase two, the auditor is conducting a risk assessment and is reviewing “Client management’s identification and analysis of risks relevant to the preparation of the financial statements in accordance with GAAP.” The auditor is also looking at the “Policies and procedures that client management has established to meet its objectives for financial reporting.” In phase three, Information and Communication, auditor can figure out where the major gaps are and present suggestion to management of how they tighten any processes that are already in place and make them as effective as possible to ensure success. They can also make recommendations of any new policies and procedure the company should adopt to further protect them from risk.
In phase three, the auditor is also ensuring Client management’s ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and modified when needed.” They continually monitor that the company is complying with all internal controls and following any recommendations and procedures that might have been put into place due to the findings discovered during risk assessment.
Each of the five components is vital to a successful internal control audit and each one provides information that is necessary in order to move on to the next phase of the cycle. A successful audit will help the company operate as efficiently as possible, as well minimize any possible risk that may have been a potential threat prior to the audit. In many cases, conducting an internal control auditor will look at specific items, often using an internal control checklist. Please see below for an example checklist. 3
Sample Internal Controls Checklist
□ Who is responsible for preparing a daily list of all cash and checks immediately upon receipt?
□ Who is responsible of actual cash and checks?
□ Does the company have one person appointed to deposit cash and checks on a daily basis?
□ Is any cash received, counted, and confirmed by at least two employees?
□ Are any employee expenses approved in advance by authorized person or Manager?
□ Does the company have a policy in place in regards to the expense reports