AUDITING

Course No:207
Learning Objective
• Internal Control System : definition,
features, Objective, basic principles,
advantages & limitation of internal control
• Internal Control System in Particular
Cases:
• Cash Payment
• cash received
• Cash Sales
• Credit sales
The components of an internal control system

This is further developed by ISA 315 (Revised) Identifying and

Assessing the Risks of Material Misstatement Through
Understanding the Entity and its states that auditors need to
understand an entity's internal controls.
The control environment includes the governance and
management function of an organisation. It focuses largely on the
attitude, awareness and actions of those responsible for
designing, implementing and monitoring internal controls.
The control activities include all policies and procedures designed
to ensure that management directives are carried out throughout
the organisation.
What Are the Components of Internal Control?

1. Control Environment
The control environment refers to the overall culture of compliance. In other words, it’s how
both executives and employees buy into internal controls. The more seriously the organization
views internal controls, the stronger the system will be.
If executive and management teams disregard existing controls, employees will likely follow suit.
Over time, this can create vulnerabilities across the system. Compliance can also happen from the
bottom up since audit teams can use their data to make a business case for cyber risk
management.

2. Risk Assessment
To effectively manage risk, organizations need to identify their potential risks, then implement
internal controls to mitigate them. Accounting teams should have an always-on approach to
monitoring since new risks can surface without warning. The teams should then deliver audit
reports to the board to surface any new risks.
This is especially important if a business’s products or services frequently evolve since changes in
the organization’s infrastructure will also impact its system of internal controls.

3. Control Activities
'Control activities' means ensuring that the proper controls are in place and using accounting
systems and automation to verify that controls are functioning as intended. This can include
regular controls testing or inventory audits, all of which should follow an internal audit
strategy.
4. Information and Communication
Knowledge is power. Communicating with management about any lapses in internal
controls is the best way to mitigate risks quickly. Though audit teams likely have
hundreds or even thousands of data points, taking a proactive approach to enterprise
risk management is essential.
Audit teams can likely tackle minor breaches independently, but they should inform
executives of any major vulnerabilities. Communicate precisely the information the
person needs to know, whether that’s a well-versed Chief Audit Executive or a board
member who’s more of a layperson in the components of internal controls.
5. Monitoring
Audit teams should monitor internal controls on an ongoing basis. Doing so ensures
that they’ll be able to identify when internal controls are functioning properly and when
there are potential lapses in the internal controls system.
That’s what makes this one of the key components of internal controls, since
monitoring is how teams identify failures and make improvements. Without
monitoring, vulnerabilities may go unchecked, turning minor issues into major
breaches.
:
Definition of Internal Control
Internal control is one of the basic factors in the management of
an organization. It is a system which normally applied in the
financial and organizational sector of a Business. The production
cost, development of product, budget etc are also included in
internal control system. The definition of internal control system is
given by different writer and organizations.
According to spicier and peglar, “Internal control is best regarded
as the whole systems of controls, financial and otherwise,
established by the management in the conduct of a business
including internal check, internal audit and other forms of control.”
According to AICPA “Internal control is the plan of organization
and all of the co-ordinate methods and measures adopted within a
business to safeguard its assets, check the accuracy and
reliability of its accounting data, promote operational efficiency
and encourage adherence to prescribed managerial policies.
 Importance of internal control

• At the beginning of 19th century most business were small in size

and owner operated. These owner managers were involved with
most of the decision making. As business grow larger in size and
complexity. Professional managers replaced the owner
operators. At the passes of time the importance of internal
control in business operation are describe below.
• Processional mangers do not have the same first hand
knowledge of all aspects of the business as did the owner
operators, consequently, they rely heavily on the information
supplied to them by the accounting and other information
systems.
• To assure management that the information it receives is both
reliable and accurate, as system of internal control is developed.
Internal control system also helps ensure that assets
are secure and that management policy is being
followed.
Not only management but also the independent
auditors heavily rely on the system of internal control in
determining the timing, nature, and extent of their audit
work.
The existence of a good internal control system
reduces to a great extent the work of an independent
auditor.
Where, good internal system is existence, an
independent auditor examining a representative
sample.
A good internal control system ensuring accuracy,
completeness, reliability, and timely preparation of
accounting data.
Essential features of Internal Control System:-
• There are some fundamental features in proper and system ethic
internal control system. These features are dies-cussed below: -
There are some fundamental features in proper and System.
These features are discussed below:-
• 1. Distribution of specific duties responsibilities: Specific
duty should be distributed among different level according to the
skill and fitness of employees. Concerned employees to the duty
can be responsible as a result of specific distribution of duly
among the employees.
• 2. Division of labor and specialization: Duties and
responsibilities are distributed according to division and
specialization of labor in internal control system. As a result the
interest of employees in the business firm increase as well as
their skill and experience also magnify. In such a system skills
and experience of the employees are valued very importantly.
3. Ability of staff: Necessary knowledge, skills
and awareness required to perform duties
imposed properly and beautifully are needed to
be available in the organization
4. Recording of each type of work: Recording
and evaluating is another feature of internal
control system.
5. Valuation of work: - there must have the
system of valuating of perform manna of employs
6. Controlling over accounts: Controlling over
accounts must be to show the true and logic
accounts of the organization.
7. Verification of assets with its accounts:
whether every assets in the business is recorded
or not that must be verified.
8. Protection of Assets: Duty and responsibility
to prepare papers of buying and selling must be
given on authorized and responsible employee.
9. Sound environment of work: It must be assured that the
sound environment in every department of the organization.
10. Specific rules of distinction of capital and revenue
transaction: There must have the accurate principles of
differentiation between capital oriented income-expenditure and
profit-oriented income-expenditure and that must be foll0wed
properly.
11. Supervision by management authority: Management
authority should supervise whether the internal control system
properly followed or not.
The internal control system is says to be proper and efficient if the
above features of internal control system are available in any
organization.
Objective of internal control systems
• Now the objectives of internal control system are discussed
below-
• (1) Saving of Assets : To save the assets from different types of
unfavorable situation such as fraud or errors, firing or any other
accident is an important objective of internal control system.
• (2) Development of Accounting System: Development of
accounting system of an organization is another objective of
internal control system.
• (3) Implementation of rules and regulations: Internal control
system also observes those rules and regulation which are
following in Accounting and management process of the
organization.
• (4) Maintaining of fixed assets: There are so many fixed assets
in an organization internal control system also trying to maintain
those fixed assets appropriately.
(5) To ensure the correction of Account: Sometime different types of errors
are account by the clerks. Internal control system tries to removes those errors
by observing the duties of clerks appropriately.
(6) To express real and reliable condition in financial statement: Internal
control system tries to implement real and reliable condition in case of
preparing financial statement.
(7) Developing the adroitness of workers: Adroitness of workers is very
important for every organization. Internal control system tries to measure the
efficiency or adroitness of workers by division of labor.
(8) Helps in administration and management process:-Internal control
system also helps administrating and management process so that an
organization performs their duties appropriately.
(9) To stop fraud client work: Internal control system plays an important role
in case of stop at fraudulent work by maintaining the accounts appropriately.
Internal control system tries to stop different types of fraudulent works.
(10) To control producer and other cost: Manufacturing organization always
tries to control production cost and other cost which is related in production
activity. Internal control system helps the manufacturing organization for
controlling production cost.
Basic principles of Internal Control system
• Division of work: - Division of work is a basic and fundamental principle in
Internal Control Systems. It means divide the works and responsibilities to the
adroit or expert parsons.
• Increasing of efficiency:- Increasing of efficiency of an organization is
another important principle of internal control system. Normally internal
control system tries to increase the efficiency of on organization by
developing workers efficiency.
• Saving the Assets:- There are different types of asset, cornets assets in an
organization such as Fixed Asset, current Assets etc. Saving all types of
Assets, from unfavorable situation is also a fundamental principle of internal
control system.
• Showing respect ness on principle: Every workers of an organization
should be showed respect ness on their organizational principle. Internal
control systems try to motivate the workers for following that principle.
• Increasing the reliability or faith ness: Reliability or faith ness is a big asset
of an organization. Internal control system can try to increase the faintness of
people by developing its rules and regulation.
 Scope of Internal Control
• Accounting controls: Accounting controls comprise primarily the plan of
organizations the methods and procedures that are concerned with the
safeguarding of assets, prevention and detection of fraud and error,
accuracy and completeness of accounting records, and timely preparation
of reliable financial information.
• Administrative controls: Administrative controls include all other
managerial controls concerned with the decision making process. An
example of administrative controls is the maintenance of record giving
details of customers conducted by the salesmen. The distinction between
accounting controls and administrative controls is significant. An auditor of
financial information is primarily concerned with the accounting controls
since these have a direct and significant bearing on the reliability of
financial information. Administrative controls, on the other hand, have only
those administrative controls which have a bearing on the reliability of
financial records. Thus, the auditor of financial information may not
normally be interested in evaluating the system of getting the production
managers approvals of the samples of a manufactured product.
Need For Evaluation of Internal Control

• The auditors are increasingly recognizing the importance of evaluating

internal controls before undertaking specific audit tests.
• Various professional accounting bodies now recognize the fact that the
evaluation of internal control system helps in formulating a programmed of
detailed verification. In the context of an audit of financial inform, SAP 1,
Basic Principles Governing an Audit, states: “The auditor should gain an
understanding of the accounting system and related internal controls and
should study and evaluate the operation of those internal controls upon
which he wishes to rely in determining the nature, timing and extent of
other audit procedures. Where the auditor concludes that he can rely on
certain internal controls, his substantive procedures would normally be less
extensive that would otherwise be required and may also differ as to their
nature and timing.”
• If an auditor finds that internal controls in certain areas are inadequate, he
may decide to apply more effective substantive procedures, or change the
timing of the tests to be applied, or extend his audit tests to carry out a
more detailed examination of the unsatisfactory aspects of the system.
Internal control and Auditor:
• The work of auditors depend much on a good internal control.
Because of good internal control auditor can be certain about
protection of assets and transaction dependence. So, it
depends on internal control of a company how much make
wide auditor his works. Auditor can decrease his working
criteria if he certain about that the control of the company is
good. If auditor does not satisfied about the internal control he
would examine the transactions properly. So, it can be said
that, the internal control system and its apply is duty of the
management, auditor have not duty on it. But he can advise to
eliminate the errors. At least it can be said that how much a
auditor depends on internal control system is a matter of his
personal decision, of course, according to how he can not be
left from his self-created responsibility.
Testing internal controls
Internal controls can be tested by the following mechanisms:

• Enquiry. Ask employees how they carry out certain

transactions. Seek management’s views by asking them if
they feel the system of internal control is operating
effectively. Ask management how internal control could
be improved. You might be able to find some evidence of
management views by looking into board minutes or the
minutes of departmental meetings.

• Inspection. Look at a result of internal control procedures.

For example, inspect the file of paid supplier invoices to see
if they have indeed been cancelled or initiated in some way
proving that they had been paid
• Observation. Watch employees as they carry out certain
transactions and procedures..

• Recalculation and re-performance. For example,

recalculate the invoice, or the wages and salaries. Re-
perform what the employees have done to make sure that
they have done it correctly.

• Testing: This refers to the internal controls operating on a

computerized accounting system.
The sales system

A good internal control system for sales will ensure:

• Orders are accepted from credit-worth customers only.
• The ordered goods are promptly dispatched
• The goods are received by customers
• All deliveries are invoiced promptly and accurately.
• Invoices are entered properly into the receivables ledger.
• Payment is received when due
• Receipts form customers are accurately recorded
• Credit control procedures should target long-outstanding
receivables
• It should be possible to trace from order through to cash account
entry and from cash account entries back to orders and dispatch
notes.
The purchases system

A good internal control system for purchases will

ensure:
• Goods are ordered only as and when needed
• They are ordered at competitive prices, in the required
quantities and are of the required quality
• They are ordered from authorized suppliers
• The goods are received as expected (correct time, type,
quantity and condition)
• They are booked into inventory
• Invoices are checked to goods received noted and orders
• Invoices are entered properly into the payables ledger
• Payments are made properly to suppliers.
The wages and salaries system/ Payroll Systems

A good internal control system for wages and salaries

will ensure:
• Employees are hired only as necessary
• Employees are paid competitive rates
• Hours worked are accurately recorded
• Overtime is authorized
• Net pay and deductions are accurately calculated
• Payments are made accurately to employees, the
government and others as necessary
• Employees leaving are promptly removes form the wages
system
Limitation of Internal control
• (1) Costly: Internal control system so costly so many organizations do not
take this system in this organizational process.
• (2) Lack of implement of work field: In most of the cases, it has seen that
the governing bodies breaks the rules and regulation of Internal control
system. As a result some unfavorable situation will arise.
• (3) Errors: Some errors can be aroused in internal control system because
of increasing the business transaction.
• (4) Creation of frauds:Inspite of internal control system in different
position of organization some frauds can be raised be dishonest
communication of clerks’ or workers.
• (5) Lack of controlling system over special work: In most of the cases,
general organizational activities are included in internal control system. As
a result, there has some possibility of damagers in case of special work.
Internal Audits: USA (IIA) “Internal Auditing is an independent and objective
assurance and consulting activity designed to add value and improve
organizations operations. It helps an organization accomplish its objectives
by brining a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and government process.” We
got the following essential aspects from the above definition.
• Independent objective activity.
• Assurance and consulting
• Adding value
• organizational objectives
• Systematic and Disciplined approach
• Risk Management control and governance process.
IIA further states that internet audit activities are performed by Persons within
or outside the organization. Finally we can say that, “Internal audit is the
independent appraisal of activity within an organization for the review of
accounting, financial and other business practices as a protective and
constructive arm of management. It is a type of control which functions by
measuring and evaluating the effectiveness of other types of control”.
Objectives of Internal Auditing
• Reviewing and apprising the soundness, adequacy
and application of accounting financial and operating
controls.
• Ascertaining the extent of compliance with
established policies, plans and procedures.
• Ascertaining the extent to which company assets
accounted for and safeguarded from bases of all
kinds.
• Ascertaining the reliability of accounting and other
data developed within the organization.
• Appraising the quality of performance in caring out
assigned responsibilities.
 Scope of Internal Auditing:
• (1) Risk management and control (2) governance.
• Risk management & control: The internal audit
activity should assist the organization by identifying
and evaluating significant exposures to risk and
contributing to the improvement of risk management
and control systems. This involves evaluation of the
following.
• (i) Reliability and integrity of financial and
operational information: It means used to identify
measure classify and report such information. This
involves an examination to ascertain whether-
• Financial and operating records and reports
contain accurate, reliable timely complete
and useful information.
• Control over record keeping and reporting is
adequate and effective.
(ii) Compliance with laws Regulations and contracts: Internal auditors
should review the systems
established to ensure compliance with those laws contract, policies, plans and
Procedures which could have significant impact on operations and reports and
should determine whether the organization has compliance with there or not the cost
of compliance with legal and regulatory requirements can be optimized through
proper systems.
(iii) Safeguarding assets: Internal auditors show review the means of
safeguarding assets and as appropriate verify the existence of such assets.
(iii) Effectiveness and efficiency of operations: Internal auditors should
appraise the economy and efficiency with which resources are employed.
Audits related to economical and efficient use of resources should identify
such condition as under utilized facilities non-productive work procedures
which are not justified on cost benefit considerations and overstaffing.
(vi) Accomplishment of objectives and goals for operations or
Programmes:
Internal auditors should review the operations or programme to ascertain
whether result are consistent with established objectives and goals for
operations or Programmes are being carried out as planned.
Governance: The internal audit should evaluate and make
recommendations for improving the governance process for
achieving the following objectives-
(a) Promoting appropriate ethics and values within the
organization.
(b) Ensuring effective organizational performance management
and accountability.
(c) Effectively communicating risk and control information to
appropriate areas of the organization.
(d) Effectively coordinating the activities and communicating
information among the board, External and internal auditors and
managements.
The modern concept of internal auditing covers not only the
traditional functions dealing with a of custodianship and safe-
guarding of assets compliance with policies and reliability of
accounting information, but it also emphasizes new areas like
reviewing the economical and efficient use of resources and
organizational performance.
Internal audit assignments
The four main assurance type activities completed by an internal audit function
are discussed below:
Financial;
Compliance;
Performance;
IT audits.
Skills on environmental auditing may also be developed to address
environmental risks as part of a performance audit. These include:
Financial audits – an audit of financial information provided by the Finance
One system and supporting modules. These audits are performed to validate
the accuracy and completeness of financial information. Financial audits also
incorporate compliance issues dealing with respective areas, which include
compliance with the treasury instructions, accounting procedures manual and
other documents which control the use of financial resources.
Compliance audits – an audit of a subject area which ensures compliance
with suitable criteria such as the PFM Act 2001, Government policies and
frameworks, procedures, instructions, rules and regulations. Compliance audits
include spot checks and investigations into irregularities. Results of compliance
audits are considered when planning financial, performance and ICT audits.
Performance audits – an audit of the management system to ensure it is able
to report accurately and in a timely manager on issues of importance to the
Government.
ICT audits – an audit of the computer system to ensure the data accurately
reflects the intention of the business process.
In addition separate compliance audits may be required on non-financial areas
such as health and safety, time recording and annual leave, personnel
management, performance management which are completed separate from
the financial audit.
Steps are being taken to introduce performance and IT audits into the work
plan
of the IAID in order to keep pace with Public Financial Management Reforms in
computerisation of Government systems and changes in performance
management systems.
The audits will be performed under the direction of the Principal with overall
responsibility resting with the ACEO IAID / Audit Manager.
ASSIGNMENT PLANNING
The internal audit assignment will be generated from the annual plan for the IAID which is
prepared prior to the start of the financial year by the ACEO IAID, or it may be as a result
of a specific request placed to the IAID to complete the audit assignment from the CEO of
the Ministry of Finance. The ACEO as manager of the internal audit function is responsible
for establishing what is going to be audited (planning) ensuring that the approved plan is
implemented (Performing) and communicating the results of the work completed
(Reporting).
The internal auditing process contains 3 main phases
Planning;
Performing (fieldwork);
Reporting.
During each phase, the auditor is required to document the work that they have completed
with conclusions reached and the impact that those conclusions have. This will usually
either be additional work to be performed by the auditor or action to be taken by the
management of the area under review.
It is difficult to give a step by step guide to the activities performed during the planning
phase as many of the activities are performed simultaneously however the following step
diagram portrays the general sequence of activities to be performed.
Forward Looking Approach to Internal Auditing:
• 1. Evaluation of internal control: This should test
the adequacy of accounting system from the
following view points :
• Information is adequate and accurate ; Resources
of business ; Projected against losses resulting
from-
• 2. Review of accounting Efficiency: This should
cover the following aspects:
• Procedures and effectiveness, Space is fully
utilized; Personal is adequate.
• 3. Appraisal of performance of organization:
Aspect to be covered include the following
• implementation of policies ; Compliance with
Procedures ;Review of individual performance.
 Difference between Internal Auditor and External Auditor

Basic Point Internal auditor External Auditor

Appointment Appointed by management Appointed by

shareholders
2. Nature He is an employee of company He is an outsider

3. Major concern Serving the needs of compliance of statutory

management requirements
4. Basic job Review of operations and internal Expression of an
controls for development independent opinion on
improvements and ensuring financial statements.
compliance of policies and
procedures
5. Scope of work Determined by management Determined by status
Thank
You