INTERNAL CONTROL
According to PSA 315, internal control is the process designed and effected by those charged
with governance, management, and other personnel to provide reasonable assurance about the
achievement of the entity's objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable laws and regulations.
This definition embodies four essential concepts
1. Internal control is a process.
2. Internal control is effected by those charged with governance, management and other
personnel. Internal control is accomplished by people at every level of the organization.
3. Internal control can be expected to provide reasonable assurance of achieving the
entity’s objectives. This is because there are inherent imitations that may affect the
internal control's effectiveness:
Management's usual requirement that the cost of an internal control
should not exceed the expected benefits to be derived.
Most internal controls tend to be directed at routine transactions rather
than non-routine transactions.
The potential for human error due to carelessness, distraction, mistakes
of judgment and the misunderstanding of instructions.
The possibility of circumvention of internal controls through the collusion
among employees.
The possibility of management overriding the internal control.
The possibility that procedures may become inadequate due to changes
in conditions, and compliance with procedures may deteriorate.
4. Internal control is designed to help achieve the entity's objectives in the following
categories:
Reliability of financial reporting
Effectiveness and efficiency of operations.
Compliance with laws and regulations
In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the financial
statement assertions. Therefore, the objective that is most relevant to the audit is the financial
reporting objective.
Components of Internal Control
Although internal control policies and procedures significantly from one entity to another, there
are essential components of internal control that must be established to provide reasonable
assurance that the entity’s objectives will be achieved. There are five interrelated components of
the entity's internal control:
� Control Environment
Risk Assessment
Information and communication systems
Control activities
Monitoring
Control Environment
The control environment includes the attitudes, awareness, and actions of management and
those charged with governance concerning the entity's internal control and its importance in the
entity. The control environment also includes the governance and management functions and
sets the tone of an organization, influencing the control consciousness of its people. It is the
foundation for effective internal control, providing discipline and structure.
Factors reflected in the control environment include:
Integrity and ethical values
Management philosophy and operating style
Active participation of those charged with governance
Commitment to competence
Personnel policies and procedures
Assignment of responsibility and authority
Risk Assessment
Entity's business objectives cannot be achieved without some risks. Business risk is the risk that
the entity's business objectives will not be attained as a result of internal and external factors
such as technological developments, changes in customers demand and other economic
changes. Business risks are crucial to every organization. Management should adopt policies
and procedures that are designed to identify and analyze the risks affecting the entity's business
and to take the appropriate action to manage these risks.
For audit purposes, the auditor is concerned only with those risks that are relevant to the
preparation of reliable financial statements.
Information and Communication Systems
Effective internal control must provide timely information and communication. The information
system relevant to financial reporting objectives, which includes the financial reporting system,
consists of the procedures and records established to initiate, record, process, and report entity
�transactions (as well as events and conditions) and to maintain accountability for the related
assets, liabilities, and equity.
Control Activities
Control activities are the policies and procedures that help ensure that management directives
are carried out. Specific control procedures that are relevant to financial statement audit would
include:
Performance Reviews
Information Processing
Physical Controls
Segregation of duties
Monitoring
Monitoring is a process of assessing the quality of internal control performance over time. It
involves assessing the design and operation of controls on a timely basis and taking necessary
corrective actions. Monitoring is done to ensure that controls continue to operate effectively.
Monitoring of controls is accomplished through ongoing monitoring activities, separate
evaluations, or a combination of the two. Ongoing monitoring activities are built into the normal
recurring activities of an entity and include regular management and supervisory activities such
as preparation of monthly bank reconciliation. Separate evaluations are monitoring activities that
are performed on a non-routine basis, such as functions performed by internal auditors.
