INTRO TO INTERNAL CONTROL

Internal Control can be defined in a broad or narrow sense/

procedures designed to minimize risk of loss, info, assets.

Broad View equates internal control with management control,

i.e. the process by which managers assure that resources are
obtained and used effectively and efficiently in the
accomplishment of organizational goals.(Management sets the
tone for the organization)
Culture/Environment-how are things done there???-

Narrow View restrict internal control to its relationship to the

accounting system, even more narrowly, to its relationship with
those aspects of the accounting system that effect the financial
statements.

Auditors are required to evaluate internal control in the second

standard of field work which states:

A sufficient understanding of internal control structure is to be

obtained to plan the audit and to determine the nature, timing,
and extent of tests to be performed.

SAS 319
Internal control comprises the plan of organization
& all the coordinate methods & measures adopted within a
business.
1. Safeguard its assets
2. Check the accuracy&reliability of its accounting data
3. Promote operational efficiency,
4. Encourage adherence to prescribed managerial policy.
Internal control includes controls which may be classified as
either accounting or administrative controls.

SAS 319
I. Accounting controls comprise the plan of organization and
all methods and procedures that are concerned with and relate
directly to, the safeguarding of assets and the reliability of financial
records. They generally include such controls as the systems of
authorization and approval, separation of duties concerned with
record keeping and accounting reports from those concerned
with operations or asset custody, physical controls over assets,
and internal auditing.

II. Administrative controls comprise the plan of organization

and all methods and procedures that are concerned mainly with
operational efficiency and adherence to managerial policies and
usually relate only indirectly to the financial records, i.e.
performance reports, employee training programs, quality controls.
(such as a gym, daycare, cafeteria)

The independent auditor is primarily concerned with the

accounting controls .

Fundamental Control Objectives

i.e. statements of desired results or purposes to be achieved
 Quality of information
      

accurate, complete, relevant, timely

 Security over Resources
      

 Compliance with internal and external rules & regulations

      

 Efficient Operations
      
Specific Control Objectives-Two primary categories
 General Control Objectives - those relating to the
      

information services function, the internal audit function,

systems development and maintenance, systems operation,
data bases, distributed data processing, EDI, LANs, expert
systems, microcomputers
 Have more than one application that is
      

affected/broader
 E.G password to log onto the computer
      

 Application Control Objectives - those relating to the

      

capture, input, processing, and output of data

 Transaction based-one transaction at a time
      

 E.G password to log onto Great Plains (specific)

      

*The auditor will look at the general controls first and then at the
application control

The need to reduce risk- Risk is the potential loss of assets or

damage to the org. SAS 48

improvements in consistency introduced by computer processing

 may process large numbers of transactions incorrectly
      

 computer must be programmed to detect errors

      

 does not have the benefit of human oversight

      

Inherent vs. Control Risk

 inherent risk - the risk that the error or irregularity will
      

occur
 control risk - the risk that the error or irregularity will
      

occur and not be detected by the control in place - the risk

that the control will fail to meet its objective
Types of Risks
 inadequate training, development, and supervision of
      

personnel
 errors and irregularities in transaction authorization
      

 errors and irregularities in data entry, transmittal, and

      

storage
 system failure
      

 system inability to meet organization and user needs

      

 excessive hardware and software acquisition

      

 excessive operating and maintenance costs

      

 inefficient use of system resources

      

 theft of assets
      

 computer abuse
      

 fradulent financial reporting

      

 concealment of illegal acts

      

Who bears ultimate responsibility for the financial statements?

An effective accounting system: (SAS 319)

1. Identifies and records all valid transactions.
2. Describes transactions on a timely basis and in sufficient detail
to permit proper classification of transactions for financial
reporting.
3. Measures the value of transactions in a manner that permits
recording their proper monetary value.
4. Determines the time period in which transactions occurred to
permit recording of transactions in the proper accounting period.
5. Presents properly the results of transactions and related
disclosures in financial reports.