Module 4

Ethics,
Fraud
And
Internal Control
Part 2
 Internal Control Objectives

⦿ Safeguard assets of the firm

⦿ Ensure accuracy and reliability of accounting

records and information.

⦿ Promote efficiency of the firms operations.

⦿ Measure compliance with management’s

prescribed policies and procedure.
Modifying Assumption to the Internal
Control
⦿ Management Responsibility
- the establishment and maintenance of a system
of internal control is the responsibility of
management.
⦿ Reasonable Assurance
- the cost of achieving the objectives of internal
control should not outweigh its benefits.
⦿ Methods of Data Processing
- the technique of achieving the objectives will
vary with different types of technology.
 Limitations of Internal Control

⦿ Possibility of honest errors

⦿ Circumvention via collusion
⦿ Management override
⦿ Changing conditions –especially in companies
with high growths.
 Exposures of Weak Internal Control

⦿ Destruction of an asset.
⦿ Theft of an asset.
⦿ Corruption of information.
⦿ Disruption of the information system.
Five Internal Control Components
“CRIME”
• Control Activities
• Risk Assessment
• Information and Communication
• Monitoring
• Control Environment
 Control Environment
⦿ Integrity and ethics of management
⦿ Organizational Structure
⦿ Role of the board of directors and the audit
committee
⦿ Management’s policies and philosophy
⦿ Delegation of responsibility and authority
⦿ Performance evaluation measures
⦿ External Influences – regulatory agencies
⦿ Policies and practices managing human resources.
 Risk Assessment
⦿ Identify, analyze and manage risks relevant to
financial reporting:
● changes in external environment
● risky foreign markets
● significant and rapid growth that strain internal controls
● new product lines
● restructuring, downsizing
● changes in accounting policies.
 Information and Communication
⦿ The AIS should produce high quality
information which:
● identifies and records all void transactions
● provides timely information in appropriate detail to permit
proper classification and financial reporting
● accurately measures the financial value of transactions
● accurately records transactions in the time period in which
they occurred
 Monitoring

⦿ The process for assessing the quality of

internal control design operation

● Separate procedures – test of control by internal auditors.

● On going monitoring:
● computer modules integrated into routine operations
● management from normal performance.
 Control Activities
⦿ Policies and procedures to ensure that the
appropriate actions are taken in response to
identified risks.
⦿ Fall into two distinct categories:
● IT Controls – relate specifically to the computer
environment.
● Physical Control – primarily pertain to human activities.
 Two Types of IT Control
⦿ General Controls – pertains to the entity wide
computer environment.
● Examples: control over the data center, organization
database, systems development, and program maintenace.

⦿ Application Controls – ensure the integrity of

specific systems.
● Examples: control over sales order processing, accounts
payable, and payroll applications.
 Six Types of Physical Control

⦿ Transaction Authorization
⦿ Segregation of Duties
⦿ Supervision
⦿ Accounting Records
⦿ Access Control
⦿ Independent Verification
 Physical Control

⦿ Transaction Authorization
● used to ensure that employees are carrying out only
authorized transactions.
● general (everyday procedures) or specific (non-routine
transactions) authorizations
⦿ Segregation of Duties
● in manual systems, separation between:
● Authorizing and processing a transaction
● custody and recordkeeping of the assets
● subtasks
• In computerized system, separation between:
● program coding
● program processing
● program maintenance
⦿ Supervision
• a compensation for lack of segregation; some may be
built into computer system.

⦿ Accounting Records
• provide an audit trail
⦿ Access Control
• help to safeguard assets by restricting physical access
to them.

⦿ Independent Verification
• reviewing batch totals or reconciling subsidiary
accounts with control accounts.
END
THANK
YOU