CHAPTER 13

OVERVIEW OF INTERNAL CONTROL

NATURE AND PURPOSE 0F INTERNAL CONTROL
Internal Control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of`
the entity's objectives with regards to reliability of. financial reporting, effectiveness and
efficiency of operations and compliance with applicable laws and regulations.
Those objectives fall into three categories:
• Reliability of the entity's financial reporting
• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations
INTERNAL CONTROL SYSTEM DEFINED
Internal Control System means all the policies and procedures (internal controls) adopted by
the management of an entity to assist in achieving management's objective of ensuring, as far
as practicable, the orderly and efficient conduct of its business including adherence to
management policies, the safeguarding of assets` the prevention and detection of fraud and
error, the accuracy and completeness of the accounting records, and the timely preparation of
reliable financial information.
ELEMENTS / COMPONENTS OF INTERNAL CONTROL
The internal control system extends beyond these matters which relate directly to the
functions of the accounting system and consists of the following components in accordance
with the COSO's updated Internal Control - Integrated Framework.
a. the control environment;
 The overall attitude, awareness and actions of directors and management
regarding the internal control system and its importance in the entity.
Factors reflected in the control environment include:
• The function of the board of directors and its committees;
• Management's philosophy and operating style;
• The entity's organizational structure and methods of assigning authority and
responsibility;
• Management's control system including the internal audit function, personnel
policies and procedures and segregation of duties.
b. the entity's risk assessment process;
  Risk Assessment is the "identification, analysis, and management of risks
pertaining to the preparation of financial statements".
 An entity's risk assessment process is its process for identifying and responding to
business risks and the results thereof.
 Risks relevant to financial reporting include external and internal events and
circumstances that may occur and adversely affect all entity's ability to initiate,
record, process, and report financial data consistent with the assertions of
management in the financial statements.
c. the information system, including the related business processes, relevant to financial
reporting, and communication
 An information system consists of infrastructure (physical and hardware
components), software, people, procedures, and data. Infrastructure and software
will be absent, or have less significance, in systems that are exclusively or
primarily manual. Many information systems make extensive use of IT.
d. control activities;
 Control activities are the policies and procedures that help ensure that
management directives are carried out, for example, that necessary actions are
taken to address risks that threaten the achievement of the entity's objectives.
The major categories of control procedures are:
A. Performance Review
B. Information processing controls
I ) Proper authorization of transactions and activities
2) Segregation of duties
3) Adequate documents and records
4) Safeguards over access to assets; and
5) Independent checks on performance
C. C. Physical controls
e. monitoring of controls
 Monitoring, the final component of internal control is the process that an entity
uses to assess the quality of internal control over time. Monitoring involves
assessing the design and operation of controls on a timely basis and taking
corrective action as necessary.