PRELIMINARY INTERNAL CONTROL EVALUATION

The auditor shall obtain an understanding of internal control relevant to the audit. It is a
matter of the auditor’s professional judgment whether a control, individually or in
combination with others, is relevant to the audit. Internal control is designed, implemented
and maintained to address identified business risks that threaten the achievement of any
of the entity’s objectives that concern:
• The reliability of the entity is financial reporting;
• The effectiveness and efficiency of its operations; and
• Its compliance with applicable laws and regulations.

The way in which internal control is designed, implemented and maintained varies with an
entity’s size and complexity. In the case of Lone Star Western Apparel Co., different internal
controls is implemented within the entity such as having the EDP area isolated from the
rest of the administrative offices by a door, which permits entry only with an authorized
pass card. Within this area the computer is separated by a clear glass wall from the systems
and programming area. Another form of control is the packing slip that is placed in the
box when the hats are finished and packed in boxes.

Internal control, no matter how effective, can provide an entity with only
reasonable assurance about achieving the entity’s financial reporting objectives.
The likelihood of their achievement is affected by limitations inherent to internal
control. These include the realities that human judgment in decision-making can
be faulty and that breakdowns in internal control can occur because of human
error.