Professional Documents
Culture Documents
1. Internal control
1.1 Internal Control (IC) Definition
1.2 Reasons for IC
1.3 Limitations of IC
2. Components of IC
2.1 The Control Environment
2.1.1 Audit Committee
2.2 Risk Assessment Process
2.3 The Information Systems
2.4 Control Activities
2.4.1 Types of Control Activities
2.4.2 IT control
2.5 Monitoring of Controls
1
9/3/2018
Internal Control
Introductory
Definition
Internal control is the process designed and effected by those charged with governance, management and
other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard
to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable
laws and regulations”.
A process;
By those charged with governance (management);
To provide reasonable assurance about the achievement of the entity’s objectives;
Regarding reliability of financial reporting, effectiveness and efficiency of operations and
compliance.
Internal Control
3. Information Systems
Procedures and records designed to initiate, record, process and report
entity transactions
To maintain accountability for the related assets, liabilities and equity;
4. Control Activities
The policies and procedures that help ensure that management directives
are carried out.
Details are discussed in next slides
5. Monitoring of Controls
Review, effectiveness and
adjustment, if required
Business Risks : The risk inherent to the company in its operations at all levels.
2
9/3/2018
Internal Control
The control environment includes the governance and management functions and attitudes,
awareness and actions of those charged with governance and management concerning the
entity’s internal control and its importance in the entity;
Internal Control
3
9/3/2018
Internal Control
The process by which management in a business identities, Business risks relevant to financial
reporting objectives and decides what action to take to address those risks. If the risk
assessment process is weak, the resulting internal controls may not be effective.
Action to Manage
identified Risks.
(Internal Control, Assess
Likelihood
Assess the Likelihood of
Insurance, Operational occurrence
changes)
Risk assessment process should become a part during audit risk assessment cause this will assist
auditors in identifying audit risks.
Internal Control
4
9/3/2018
Internal Control
Control activities represents the policies and procedures that help ensure that
management directives are carried out.
Most tangible
Control
Controls Controls
Control corrects an
prevents error Activities
or defects error
Manual or IT
Control
Activities
Internal Control
Reconciliations
Performance review Comparing internal data with external sources of information
Reviewing Control accounts and trial balances
Segregation of functions
Segregation of duties The various steps in carrying out any transactions
The carrying out of various accounting operations
5
9/3/2018
Internal Control
IT Controls
The internal controls in a computerized environment include both manual
procedures and procedures designed to computer programs. Such manual and
computer control procedures comprise two types of control.
Application Controls
Application controls are manual and automated procedures that ensure transactions
are completely and accurately recorded processed.
General Controls
General controls are policies and procedures that ensure the continued proper
operation of information system.
Internal Control
General Controls
Policies and procedures that relate to many applications and supports the effective function of
application controls for ensuring continued proper operation of information system.
6
9/3/2018
Internal Control
Application Controls
Manual as well as automated procedures that apply to the processing of individual applications
to ensure:
• occurrence of transactions
• authorization of the same and
• complete and accurate processing and recording of those transactions.
Internal Control
Periodic review of its overall control systems to ensure that the existing control
system is still:
• meets the objective
• operates effectively and efficiently
7
9/3/2018
Internal Control
Auditors obtain information from variety of sources like Company’s internal control
manuals, observing control in operation and record those information about the
internal control in a variety of ways like Notes, Flow Charts and Questionnaire in
their files.
There are broadly three types of documents which are used for recording the
understanding of the business and its operations:
Narrative notes
Good for short notes on simple systems and background information
Questionnaires and checklists
Good as aide memories to ensure covering all the bases but:
- can lead to a mechanical approach so that an important extra question is never asked
- tick boxes often get ticked whether the brain is engaged or not.
Diagrams
Flowchart, Organization charts, Family trees, record of related parties
Internal Control
Summary
8
9/3/2018