Scribd Logo
Upload

Welcome to Scribd!

  • Assurance Chapter-5 (04-09-2018)

    Uploaded by

    Shahid Mahmud
    5 views9 pages
    ICAB doc-21

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ICAB doc-21

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views9 pages

    Assurance Chapter-5 (04-09-2018)

    Uploaded by

    Shahid Mahmud
    ICAB doc-21

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    9/3/2018

    BIG Picture – Internal Control

    1. Internal control
    1.1 Internal Control (IC) Definition
    1.2 Reasons for IC
    1.3 Limitations of IC

    2. Components of IC
    2.1 The Control Environment
    2.1.1 Audit Committee
    2.2 Risk Assessment Process
    2.3 The Information Systems
    2.4 Control Activities
    2.4.1 Types of Control Activities
    2.4.2 IT control
    2.5 Monitoring of Controls

    3. Information about Controls


    3.1 Information about internal control
    3.2 Recording of Internal Control

    1
    9/3/2018

    Internal Control

    Introductory
    Definition
    Internal control is the process designed and effected by those charged with governance, management and
    other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard
    to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable
    laws and regulations”.
    A process;
    By those charged with governance (management);
    To provide reasonable assurance about the achievement of the entity’s objectives;
    Regarding reliability of financial reporting, effectiveness and efficiency of operations and
    compliance.

    Objective of Internal Control in Business:


     To Minimize the company’s business risks;
     To Ensure the continuing effective functioning of the company and
     To Ensure compliance with relevant laws and regulations.

    Limitation of Internal Control:


     Expense
     Human Elements
     Unusual Transaction
    The objectives of a company are to ensure:
    - Reporting financial position correctly to shareholders;
    - Operating effectively and efficiently and
    - Complying with relevant laws and regulation.

    Internal Control

    Components – Internal Control comprises 5 (Five) Components


    1. Control Environment
     The functions and attitudes, awareness and actions of those charged with
    governance and management
     Its importance in the entity;

    2. Risk Management Process


     Identification of Business Risks relevant to financial reporting objectives
     Deciding what action is required take to address those risks;

    3. Information Systems
     Procedures and records designed to initiate, record, process and report
    entity transactions
     To maintain accountability for the related assets, liabilities and equity;

    4. Control Activities
     The policies and procedures that help ensure that management directives
    are carried out.
     Details are discussed in next slides

    5. Monitoring of Controls
    Review, effectiveness and
    adjustment, if required

    Business Risks : The risk inherent to the company in its operations at all levels.

    2
    9/3/2018

    Internal Control

    Components of IC – Control Environment

    The control environment includes the governance and management functions and attitudes,
    awareness and actions of those charged with governance and management concerning the
    entity’s internal control and its importance in the entity;

    Activities of Audit Committee


     To review the integrity of the
    financial statements and
    announcements of performance;
     To review the internal
    financial controls and risk
    management systems;
     To monitor and review the
    effectiveness of the internal
    Tone from the Top audit function;
     To recommend the board
    about the external auditor;
     To monitor the independence
    of the external auditors;
     To implement policy on the
    Audit Committee (AC) provision of non- audit services
    An audit committee is a subsection of the board of directors which has a
    by the external auditor.
    particular interest in the finance and accounting activities of the company.
    - Itself a control regarding Information Systems
    - Also responsible for identification of risks and monitoring control

    Internal Control

    Components of IC – Control Environment

    Factors reflected in control environment include:


     The function of Board of Directors and its committee
     Management’s philosophy and operating style
     The entity’s organizational structure and methods of assigning authority and responsibility
     Management’s control system including the internal audit function, personnel policies and
    procedures and segregation of duties

    Evaluation of entity’s Control Environment:


    Auditor considers how following elements have been incorporated in entity’s processes:
     Communication and enforcement of integrity and ethical values;
     Commitment to competence;
     Participation of those charged with governance;
     Management’s philosophy;
     Organizational structure;
     Assignment of authority and responsibility
     Human resources policies and practices

    3
    9/3/2018

    Internal Control

    Components of IC – Risk Management Process

    The process by which management in a business identities, Business risks relevant to financial
    reporting objectives and decides what action to take to address those risks. If the risk
    assessment process is weak, the resulting internal controls may not be effective.

    Identify Relevant Estimate the impact of


    Business Risks identified Risks.
    Action Estimate
    to Impact
    Manage

    Action to Manage
    identified Risks.
    (Internal Control, Assess
    Likelihood
    Assess the Likelihood of
    Insurance, Operational occurrence
    changes)

    Risk assessment process should become a part during audit risk assessment cause this will assist
    auditors in identifying audit risks.

    Internal Control

    Components of IC – Information System

    Information system relevant to financial reporting objectives includes the procedures


    and records designed to initiate, record, process and report entity transactions and
    to maintain accountability for the related assets, liabilities and equity

    Components of an information system


    Infrastructure (Hardware components),
    Software,
    People,
    Procedures and
    Data to be processed.

    Emphasis to be given by Auditors on:


    - Significant transactions;
    - Recording Procedures;
    - Accounting record and supporting information;
    - F/S preparing processes etc.

    Link to other internal controls should also be addressed.

    4
    9/3/2018

    Internal Control

    Components of IC – Control Activities

    Control activities represents the policies and procedures that help ensure that
    management directives are carried out.

    Most tangible
    Control

    Controls Controls
    Control corrects an
    prevents error Activities
    or defects error

    Manual or IT
    Control
    Activities

    Internal Control

    Components of IC – Control Activities - Examples

    Types of control activity Examples

    Authorization Approval and control of documents

     Reconciliations
    Performance review  Comparing internal data with external sources of information
     Reviewing Control accounts and trial balances

    Information processing Checking the arithmetic accuracy of records

    Comparing the results of cash, security and inventory counts with


    Physical control
    accounting records

     Segregation of functions
    Segregation of duties  The various steps in carrying out any transactions
     The carrying out of various accounting operations

    5
    9/3/2018

    Internal Control

    Components of IC – Control Activities

    IT Controls
    The internal controls in a computerized environment include both manual
    procedures and procedures designed to computer programs. Such manual and
    computer control procedures comprise two types of control.

    Application Controls
    Application controls are manual and automated procedures that ensure transactions
    are completely and accurately recorded processed.

    General Controls
    General controls are policies and procedures that ensure the continued proper
    operation of information system.

    Internal Control

    Components of IC – Control Activities – IT Control

    The internal controls in a computerized environment include both manual


    procedures and procedures designed to computer programs. Such manual and
    computer control procedures comprise two types of control (1) General Control and
    (2) Application Controls

    General Controls
    Policies and procedures that relate to many applications and supports the effective function of
    application controls for ensuring continued proper operation of information system.

    Few Examples General Controls


     Developments of computer applications;
     Prevention of unauthorized changes to programs;
     Testing and documentation of programs changes;
     Controls over wrong programs;
     Controls over unauthorized amendments to data files; and
     Controls to ensure continuity of operation.

    6
    9/3/2018

    Internal Control

    Components of IC – Control Activities – IT Control

    Application Controls
    Manual as well as automated procedures that apply to the processing of individual applications
    to ensure:
    • occurrence of transactions
    • authorization of the same and
    • complete and accurate processing and recording of those transactions.

    Few Examples Application Controls


     Controls over input in completeness;
     Controls over input accuracy;
     Controls over input authorization;
     Controls over processing and
     Controls over master files and standing data.

    Testing of Application Controls


     Manual controls exercised by the users
     Controls over system output
     Programmed control procedures (Test data, reprocessing, programming language

    Internal Control

    Components of IC – Monitoring of Control

    Periodic review of its overall control systems to ensure that the existing control
    system is still:
    • meets the objective
    • operates effectively and efficiently

    And to ensure that necessary correction/adjustment are made on timely basis.


    Otherwise optimum operation of control system may not be achieved.

    Auditor’s feedback may be taken in case of smaller organization.

    7
    9/3/2018

    Internal Control

    Information about Controls

    Auditors obtain information from variety of sources like Company’s internal control
    manuals, observing control in operation and record those information about the
    internal control in a variety of ways like Notes, Flow Charts and Questionnaire in
    their files.
    There are broadly three types of documents which are used for recording the
    understanding of the business and its operations:
     Narrative notes
    Good for short notes on simple systems and background information
     Questionnaires and checklists
    Good as aide memories to ensure covering all the bases but:
    - can lead to a mechanical approach so that an important extra question is never asked
    - tick boxes often get ticked whether the brain is engaged or not.
     Diagrams
    Flowchart, Organization charts, Family trees, record of related parties

    Comprehensive way of Best way of recording


    recording system subject Relationship,
    to time consuming and
    difficulty to assimilate
    Reporting lines etc.

    Internal Control

    Summary

    8
    9/3/2018

    You might also like