1

Chapter 6
Internal Control
2
Meaning
. Any organization wishing to conduct its business in
an orderly and efficient manner and to produce
reliable financial accounting information, both for its
own and for others’ use needs some controls to
minimize the effects of these endemic human
failings(with the best intentions or intentional
falsification).
When such controls are implemented within the
organization’s systems they are described as internal
controls.
Internal controls are mechanisms designed to control all of an
entity’s functions, not just its accounting function.
  Internal control is broadly defined as a
process, effected by an entity’s board of
directors, management and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives in
the following categories:
 Effectiveness and efficiency of operations (performance and
profitability goal and safeguarding of resources)
 Reliability
of financial reporting
 Compliance with applicable laws and regulations.

3
4

 An internal control system encompasses the

policies, processes, tasks, behaviors and other
aspects of a company that, taken together:
 Facilitateits effective and efficient operation by enabling
it to respond appropriately to significant business,
operational, financial, compliance and other risks to
achieving the company’s objectives
 Help ensure the quality of internal and external reporting
 Help ensure compliance with applicable laws and
regulations
5

 Internal control is geared to the achievement of

objectives in one or more separate overlapping
categories. Objectives fall into four categories:
1. Operations – relating to effective and efficient use
of the entity’s resources
2. Financial reporting – relating preparation of
reliable published financial statements
3. Compliance – relating to the entity’s compliance
with applicable laws and regulations; and
4. Safeguarding of assets
 The Control Process
6

 Management designs systems of internal control to

accomplish all three objectives(Reliability of Financial
Reporting , Efficiency and Effectiveness of Operations
and Compliance with Laws and Regulations).
 The auditor’s focus in both the audit of financial statements
and the audit of internal controls is to operations and to
compliance with laws and regulations objectives that could
materially affect financial reporting.
 Put another way, the entity’s accounting system is designed
to capture accounting data and to convert and output this
data as useful financial information.
 In order for financial information to be useful, it must be
reliable. Thus, the underlying accounting data must be
valid, complete and accurate.
7

 To secure data which meets these controls, which we refer to as ‘internal

accounting controls’, are designed, in particular, to ensure that transactions
which give rise to the accounting data are;
1. properly recorded; that is, all relevant details of transactions are recorded
at the time the transactions take place;
2. properly authorized; that is, all transactions are authorized by a person
with the requisite authority;
3. valid; that is, transactions recorded in the accounting system represent
genuine exchanges with bona fide parties:
4. complete; that is, all genuine transactions are input to the accounting
system; none are omitted;
5. properly valued; that is, transactions are recorded in the correct accounts;
6. Properly classified; that is, transactions are recorded in the correct
accounts;
7. Recorded in the correct accounting period
8

 Contrast management’s responsibilities for

maintaining and reporting on internal
controls with the auditor’s responsibilities for
understanding, testing, and reporting on
internal controls.
 Management and Auditor Responsibilities
Related to Internal Control
9

 Management’s responsibility
for establishing internal control
 Reasonable assurance

 Inherent limitations
 Management and Auditor Responsibilities Related
to Internal Control
10

 Management’s reporting
responsibilities
 Design of internal control

 Operating effectiveness of controls

 Management and Auditor Responsibilities Related
to Internal Control
11

 Auditor responsibilities for understanding

internal control
 Control over classes of transactions

 Auditor responsibilities for testing

and reporting on internal control

 Sales Transaction-Related Audit
12
Objectives
Transaction-Related Audit Sales Transaction-Related
Objective – General form Audit Objectives
Recorded transactions Sales are for shipments
exist (existence). to existing customers.
Existing transactions are Existing sales transactions
recorded (completeness). are recorded.

Transactions are stated Sales for goods shipped

correctly (accuracy). are correctly billed.
 Sales Transaction-Related Audit
13
Objectives
Transaction-Related Audit Sales Transaction-Related
Objective – General form Audit Objectives
Transactions are properly Sales transactions are
classified (classification). properly classified.
Transactions are recorded Sales are recorded on
on correct dates (timing). the correct dates.
Transactions are properly Sales transactions are
filed (posting and properly included in the
summarization). master files.
 Basic Internal Control Structure
14

 The most widely accepted internal control framework

in the United States, describes internal control as
consisting of five components that management
designs and implements to provide reasonable
assurance that its control objectives will be met.
 Each component contains many controls, but auditors
concentrate on those designed to prevent or detect
material misstatements in the financial statements.
 The internal control components include the following
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication systems support
5. Monitoring
 1. The Control Environment
15

 The control environment serves as the umbrella for

the other four components.
 With out an effective control environment, the
other four are unlikely to result in effective internal
control, regardless of their quality.
 The essence of an effectively controlled
organization lies in the attitude of its management.
16

 The control environment consists of the actions, policies,

and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about
internal control and its importance to the entity.
 To understand and assess the control environment, auditors
should consider the most important control subcomponents,
which are:
1. Integrity and Ethical Values
2. Commitment to competence
3. Board of Directors of Audit Committee Participation
4. The audit committee’s independence
5. Organizational Structure
6. Human resource polices and practices
17

2. Risk Assessment
Identifying and analyzing risk is an ongoing process
and a critical component of effective internal
control. Management must focus on risks at all
levels of the organization and take necessary
actions to manage them
 3. Control Activities
18

 are the policies and procedures, in addition to those

included in the other four components that help ensure
that necessary actions are taken to address risks in the
achievement of the entity’s objectives. There are
potentially many such control activities in any entity,
including both manual and automated controls.
 Control activities generally relate to policies and
procedures that pertain to
 Segregation of duties
 information processing
 Physical controls, and
 Performance reviews.
19

 The development of control activities related to

these types of policies and procedures generally
falls into the following five types of specific
control activities:
1. Adequate separation of duties
2. proper authorization of transactions and activities
3. Adequate document and records
4. Physical control over assets and records
5. Independent checks on performance
 Adequate Separation of Duties
20

Custody of assets Accounting

Authorization The custody of

of transactions related assets

Operational Record-keeping
responsibility responsibility

IT duties User departments

 Proper Authorization of Transactions
21
and Activities

General authorization

Specific authorization
 Adequate Documents and Records
22

Prenumbered consecutively

Prepared at the time of transaction

Simple enough to ensure understanding

Designed for multiple use

Constructed to encourage correct preparation

 Physical Control over Assets
23
and Records

The most important type of protective

measure for safeguarding assets and
records is the use of physical precautions.
 Independent Checks on Performance
24

The need for independent checks arises

because internal control tends to change
over time unless there is a mechanism
for frequent review.
 Information and Communication
25

The purpose of an accounting information

and communication system is to…

initiate, record, process, and report

the entity’s transactions and to maintain
accountability for the related assets.
 Monitoring
26

Monitoring activities deal with management’s

ongoing and periodic assessment of the
quality of internal control performance…

to determine whether controls are operating

as intended and modified when needed.
 How the Size of the Business Affects
27
Internal Control

In general small businesses should be

expected to adhere
to the same internal control standards that
apply to larger public companies.
28

 Obtain and document an understanding of internal

control.
 Four Phases of a Financial Statement
29
Audit

Obtain an
understanding of Design, perform,
Phase 1 internal control: Phase 3 and evaluate tests
design and of controls
operation

Decide planned
Assess control detection risk
Phase 2 risk. Phase 4 and substantive
tests.
 Obtain and Document Understanding
30
of Internal Control

The auditor to obtain an understanding

of internal control for every audit.

Procedures to obtain an understanding:

• Design of internal controls
• Whether placed in operation
• Uses this information as a basis for the
integrated audit.
 Methods Used
31

Narrative

Flowchart
Internal
control
questionnaire
 Narrative
32

1. The origin of every document

and record in the system

2. All processing that takes place

3. The disposition of every document

and record in the system

4. An indication of the controls relevant

to the assessment of control risk
 Evaluating Internal Control Operation
33

Update and evaluate auditor’s previous

experience with the entity.

Make inquiries of client personnel.

Examine documents and records.

Observe entity activities and operations.

Perform walkthroughs of the accounting system.

34

 Assess control risk by linking key controls,

significant deficiencies, and material weaknesses to
transaction-related audit objectives.
 Evaluating Significant Control
Deficiencies
35

SIGNIFICANCE
Material

Material
Weakness

LIKELIHOOD Remote Probable

Immaterial
36

 Describe the process of designing and performing

tests of controls.
 Tests of Controls
37

The procedures to test effectiveness of controls

in support of a reduced assessed control
risk are called tests of controls.
 Procedures for Tests of Controls
38

1. Make inquiries of client personnel.

2. Examine documents, records, and reports.

3. Observe control-related activities.

4. Reperform client procedures.

 Extent of Procedures
39

Reliance on evidence from prior year’s audit

Testing less than the entire audit period

 Decide Planned Detection Risk and
40
Design Substantive Tests

The auditor uses the results of the control risk

assessment process and tests of controls to
determine the planned detection risk and
related substantive tests.

The auditor links the control risk assessments

to the balance-related audit objectives.
41

 Understand requirements for auditor reporting on

internal control.
 Reporting on Internal Control
42

The auditor’s opinion on whether management’s

assessment of the effectiveness of internal
control over financial reporting as of the
end of the fiscal period is fairly stated,
in all material respects.
 Reporting on Internal Control
43

The auditor’s opinion on whether the company

maintained, in all material respects, effective
internal control over financial reporting
as of the specified date.
 Types of Opinions
44

Unqualified

Adverse

Qualified or disclaimer of opinion

 Internal Audit
45
 Many of the audit procedures performed by internal auditors
are similar in nature to those employed by independent
auditors.
 The work of internal auditors cannot be substituted for the
work of independent auditors.
 However, the independent auditors should consider the
existence and quality of an internal audit function in their
assessment of the client’s internal control structure.
 Through its contribution to internal control, the work of the
internal auditors may reduce the amount of substantive testing
performed by the independent auditors.
 In assessing the contribution of the internal audit function to
internal control, the independent auditors should consider the
competence and objectivity of the internal audit staff and
evaluate its work.
46

 To reduce the time and cost of an audit, the internal

auditors may provide direct assistance to the
auditor in preparing working papers and
performing certain audit procedures.
 The auditor, however, should supervise and test any
audit work done for them by the internal auditors.
 Also, the judgments regarding matters to be
investigated, the effectiveness of internal control,
and the fairness of the financial statements must be
those of the independent auditors.
47

End of Chapter 6