INTERNAL CONTROL

1. Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the
entity’s objectives with regard to:
 Reliability of financial reporting;
 Effectiveness and efficiency of operations; and
 Compliance with applicable laws and regulations.

2. The auditor uses the understanding of internal control to:

 Identify types of potential misstatements;
 Consider factors that affect the risks of material misstatement; and
 Design the nature, timing and extent of further audit procedures.

3. Internal control consists of the following components:

1.) The control environment.

2.) The entity’s risk assessment process.
3.) The information system, including the related business processes, relevant to financial
reporting, and communication.
4.) Control activities.
5.) Monitoring of controls.

The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
internal control and its importance in the entity.

Elements of control environment:

a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Management’s philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.

The auditor should obtain an understanding of the entity’s risk assessment process, i.e., the entity’
process for identifying business risks relevant to financial reporting objectives and deciding about
actions to address those risks, and the results thereof.

The auditor should obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:

 The classes of transactions in the entity’s operations that is significant to the financial
statements.

 The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed and reported in the financial statements.
  The related accounting records, whether electronic or manual, supporting information, and
specific accounts in the financial statements, in respect of initiating, recording, processing
and reporting transactions.

 How the information system captures events and conditions, other than classes of
transactions that are significant to the financial statements.

 The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures.

Control activities are the policies and procedures to help ensure that management directives are
carried out. Examples of control activities include those relating to the following:
 Authorization
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.

Monitoring of controls involves assessing the design and operation of controls on a timely basis
and taking the necessary corrective actions modified for changes in conditions.

4. Obtaining an understanding of internal control involves:

a) Evaluating the design of a control; and

b) Determining whether it has been implemented.

SOURCE: CPAR