Scribd
Upload
68 views

Consideration of Internal Control - Notes

1. Internal control is a process effected by management and other personnel to provide reasonable assurance about achieving objectives related to operations, reporting, and compliance. 2. There are five components of internal control: control environment, risk assessment, information and communication systems, control activities, and monitoring activities. 3. When considering a client's internal control, auditors understand and document the control system to identify risks and design appropriate audit procedures, but are not responsible for establishing or maintaining the client's controls.

Uploaded by

Lovenia M. Ferrer
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views

Consideration of Internal Control - Notes

1. Internal control is a process effected by management and other personnel to provide reasonable assurance about achieving objectives related to operations, reporting, and compliance. 2. There are five components of internal control: control environment, risk assessment, information and communication systems, control activities, and monitoring activities. 3. When considering a client's internal control, auditors understand and document the control system to identify risks and design appropriate audit procedures, but are not responsible for establishing or maintaining the client's controls.

Uploaded by

Lovenia M. Ferrer
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

CONSIDERATION OF INTERNAL CONTROL

ASSESSING CONTROL RISK – process of evaluating the design and operating effectiveness of an
entity’s internal control

INTERNAL CONTROL
- process designed and effected by those charged with governance, management, and other
personnel
- provide reasonable assurance about the achievement of the entity's objectives

FOUR ESSENTIAL CONCEPTS

1. Internal control is a process


- means of achieving the entity's objectives
2. Internal control is effected by those charged with governance, management, and other
personnel
- Responsibility of the management to ESTABLISH A CONTROL ENVIRONMENT and MAINTAIN
POLICIES AND PROCEDURES to assist in achieving the entity's objectives.
3. Internal control can be expected to provide reasonable assurance of achieving the entity’s
objectives
- there are INHERENT LIMITATIONS that may affect the internal control's effectiveness
 cost of an internal control should not exceed the expected benefits to be derived
 directed at routine transactions rather than non-routine transactions
 potential for human error
 possibility of circumvention of internal controls through the collusion among employees
 possibility of management overriding the internal control
 possibility that procedures may become inadequate due to changes in conditions, and
compliance with procedures may deteriorate
4. Internal control is designed to help achieve the entity’s objectives
 EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
 COMPLIANCE WITH LAWS AND REGULATIONS
 RELIABILITY OF FINANCIAL REPORTING
COMPONENTS OF INTERNAL CONTROL
1. CONTROL ENVIRONMENT
- attitudes, awareness, and actions of management and those charged with governance
concerning the entity's internal control and its importance in the entity.
- influencing the control consciousness of its people

FACTORS REFLECTED IN THE CONTROL ENVIRONMENT:

 Integrity and ethical values


 Management philosophy and operating style
 assess the management attitudes towards financial reporting and their emphasis on
meeting projected profit goals
 Active participation of those charged with governance
 Must have an audit committee
 Commitment to competence
 Consider the level of competence required for each task and translate it to requisite
knowledge and skills
 Personnel policies and procedures
 Assignment of responsibility and authority/Organizational structure
 provides a framework for planning, directing, and controlling the entity's operations

2. RISK ASSESSMENT
- BUSINESS RISK is the risk that the entity's business objectives will not be attained as a result of
internal and external factors such as technological developments, changes in customers demand
and other economic changes.
- For audit purposes, the auditor is concerned only with those risks that are relevant to the
preparation of reliable financial statements.
3. INFORMATION AND COMMUNICATION SYSTEMS
 Identify and record all valid transactions
 Describe on a timely basis the transactions
 Measure the value of transactions
 Determine the time period in which transactions occurred
 Present properly the transactions and related disclosure in the financial statements
- COMMUNICATION involves providing an understanding of individual roles and responsibilities
pertaining to internal control over financial reporting.
4. CONTROL ACTIVITIES
- are the policies and procedures that help ensure that management directives are carries out.

Specific control procedures that are relevant to financial statement audit would include:

 Performance reviews
- Include reviews and analyses of actual performance versus budgets, forecasts, and prior period
performance
 Information processing
- A variety of controls are performed to check accuracy, completeness, and authorization of
transactions.
 Physical Controls
- encompass the physical security of assets, including adequate safeguards
 Segregation of duties
- assigning different people different responsibilities to reduce the opportunities to allow any
person to be in a position to both perpetrate and conceal errors or fraud in the normal course of
the person's duties
5. MONITORING
- is a process of assessing the quality of internal control performance over time.
- involves assessing the design and operation of controls on a timely basis and taking necessary
corrective actions.
- ONGOING MONITORING activities are built into the normal recurring activities of an entity
- SEPARATE EVALUATIONS are monitoring activities that are performed on a non-routine basis,
such as functions performed by internal auditors

CONSIDERATION OF INTERNAL CONTROL


- Auditors are not responsible for establishing and maintaining an entity's accounting and internal
control systems; THAT IS THE RESPONSIBILITY OF THE ENTITY'S MANAGEMENT.

Consideration of the entity’s internal control systems involves the following steps:

1. UNDERSTANDING OF THE INTERNAL CONTROL


- Involves evaluating the design of a control and determining whether it has been implemented
- EVALUATING THE DESIGN OF A CONTROL involves considering whether the control, individually
or in combination with other controls, is capable of effectively preventing, or detecting and
correcting, material misstatements.

Understanding the design of the entity involves:

 INQUIRIES of appropriate individuals


 INSPECTING documents and records
 OBSERVING of entity's activities and operations

Determining whether these controls have been implemented is accomplished through:

 WALK-THROUGH TEST involves tracing one or two transactions through the entire accounting
systems, from their initial recording at source to their final destination...
 Also confirms the auditor’s understanding of how the accounting systems and control
procedure’s function

The auditor uses the understanding of internal control to:

 Identify the types of potential misstatements that can occur


 Consider factors that affect the risk of material misstatements
 Design the nature, timing, and extent audit procedures to be performed
2. DOCUMENTING THE AUDITOR’S UNDERSTANDING OF INTERNAL CONTROL
- Documentation need not be in any particular form
 Narrative description
 Flowcharts
 Internal control questionnaire
3. ASSESSMENT OF CONTROL RISK
 internal control related to a particular assertion are not effective = control risk at a
HIGH LEVEL - no test of controls need to be performed and the auditor will rely primarily
on substantive tests
 appear to be reliable = auditor should determine whether it is efficient to obtain the
evidence to justify an assessment of control risk at a LOWER LEVEL
 concludes that it is more efficient to rely on the entity's internal control systems =
auditor would plan to assess control risk at LESS THAN HIGH LEVEL
 identify specific internal control policies or procedures that likely corrects
material misstatements
 perform tests of control to determine the effectiveness of such policies or
procedures
4. PERFORMING TESTS OF CONTROLS
This is performed to obtain evidence about the effectiveness of the:

- Design of the accounting and internal control systems


- Operation of the internal controls throughout the period

the auditor will only test those controls that he or she plans to rely upon

You might also like