Consideration of Internal Control Questions

Answer the following questions concisely.

Kindly discuss your learning about the COSO internal control framework based on the lecture. *
10 points

Because of the changing business and operating environments,

The COSO Internal Control Framework focuses on five integrated components including the
Control Environment, Risk Assessment, Control Activities, Information & Communication, and
Monitoring Activities, which are not only applied on the top level management but all the
members of the organization such as the entity level, division level, operating unit, and function
unit. The COSO framework also classifies internal control objectives intro three groups namely
operations, reporting and compliance.

The Control Environment is the foundation of internal control, providing discipline and
structure that can be seen in the entity's and members' working environments. It refers to
management's and those in charge of governance's attitudes, awareness, and actions about the
entity's internal control and its significance. All other controls suffer in the absence of a good
control environment. Integrity and ethical values, management philosophy and opening style,
active participation of those charged with governance, commitment to competence, personnel
policies and procedures, and assignment of responsibility and authority or organizational
structure are all factors reflected in the control environment.

Every entity, regardless of size, structure, nature, or sector, faces risks at every level of their
organization. As a result, management must pay close attention to risks at all levels of the
organization and take the appropriate steps to control them. Risk Assessment involves the
organization’s analysis of the risks posed by internal and external changes, the ability to
establish objectives and determine their suitability for your business and the process for
weighing risks versus risk tolerances. All entities, regardless of size, structure, nature or
industry, encounter risks at all levels within their organizations.

Having an open flow of communication in a company is a necessity; employers must

communicate with the employees and vice versa all within a time frame that enables each to
carry out their responsibilities because effective internal control must provide timely
information and communication which help ensure that exceptions are reported and acted on.

Control activities are the policies and procedures that help ensure that management directives
are carried out. Control procedures relevant to financial statement audit are performance
reviews, information processing, physical controls and segregation of duties. Wherein in
performance reviews, an example would be a review the actual performance versus budgets,
forecasts and prior period performance, together with analyses of the relationships and
investigative and corrective actions. Information processing is done to check accuracy,
completeness, and authorization of transactions. Physical controls encompass the physical
security of assets, for example vaults, anti-theft sensor for clothes, password, and a CCTV
camera, whereas these can be classified into preventive, corrective and detective function of
controls. Lastly control activities would be the segregation of duties; as an external auditor, we
should be aware that various persons are in charge of asset handling, bookkeeping, and the
comparison or authorization of transactions.

Monitoring is a process of assessing the quality of internal performance over time. It is

accomplished through on-going monitoring activities, separate evaluations or a combination of
the two. Whereas the on-going monitoring include normal recurring activities like bank
reconciliation, while separate evaluation is where the internal audit functions take place.

Control Environment

Objectives of Internal Control

Operations

Reporting

Compliance

Risk Assessment

Control Activities

Information and Communication

Monitoring Activities

Entity Level

Division

Operating Unit

Function
The COSO Internal Control Framework focuses on the following integrated components such
as the Control Environment, Risk Assessment, Control Activities, Information & Communication,
and Monitoring Activities, which are applied to all members of the organization, including
entity, division, operating unit, and function unit. Internal control goals are divided into three
categories in the COSO framework including operations, reporting, and compliance.

The Control Environment is the foundation of internal control, providing discipline and
structure that can be seen in the entity's and members' working environments. It refers to
management's and those in charge of governance's attitudes, awareness, and actions about the
entity's internal control and its significance. All other controls suffer in the absence of a good
control environment. Integrity and ethical values, management philosophy and opening style,
active participation of those charged with governance, commitment to competence, personnel
policies and procedures, and assignment of responsibility and authority or organizational
structure are all factors reflected in the control environment.

Every company, regardless of size, nature, structure, or sector, faces risks at all stages of its
operations. As a result, management must keep a keen eye on risks at all levels of the
organization and take the appropriate actions to reduce them. The ability to create targets and
determine their feasibility for your business, as well as the technique for comparing risks with
risk tolerances, are all part of risk assessment. For information and communication, employers
must interact with workers and vice versa within a time period that allows them to carry out
their duties because effective internal control must give timely information and communication
that helps guarantee that exceptions are reported and acted on.

Control activities are the rules and processes that aid in the implementation of management
instructions. Performance evaluations, information processing, physical controls, and
segregation of duties are all control techniques pertinent to financial statement auditing. In
performance reviews, for example, a review of actual performance versus budgets, predictions,
and past period performance, as well as analysis of the relationships and investigative and
corrective activities, would be an example. The processing of information is done to ensure the
correctness, completeness, and authorization of transactions. Physical controls include the
physical protection of assets, such as vaults, anti-theft sensors for clothing, passwords, and
CCTV cameras, which can be categorized as preventive, corrective, or detective functions of
controls. And lastly for control activities would be the segregation of duties; as an external
auditor, we should be aware that various persons are in charge of asset handling, bookkeeping,
and the comparison or authorization of transactions.
Monitoring is the practice of evaluating the quality of internal performance over time. On-going
monitoring activities, separate evaluations, or a mix of the two are used to achieve this. On-
going monitoring includes regular operations such as bank reconciliation, whereas separate
evaluation is when internal audit functions are performed.

Discuss the relationship of the internal auditors and the external auditors. * 5 points

A healthy working relationship between the internal and external auditors, where information
is shared freely, is the best environment to create and provide the most value to the company

An efficient and effective

An internal auditors and external auditors

Internal auditor and external auditor have complementary functions within the assurance
framework and both are essential for the effective governance of an organization. However,
internal audit is distinct from external audit and both functions have their own value and
expertise. They perform very different roles but both need to be independent, objective,
properly resourced and to work according to their respective international standards.

Despite the need to preserve their independence and objectivity, internal and external audit
should maintain a close, constructive relationship. This is to ensure their work is coordinated
and there is an efficient use of resources.

Within the assurance framework, the roles of internal and external auditors are
complimentary, and both are necessary for a firm's good corporate governance. Internal
audit, on the other hand, is unique from external audit, and each role has its own value and
competence. They have quite distinct responsibilities to play, but they both need to be
independent, objective, well-resourced, and operate according to their respective
standards. However, the internal and external auditors should retain a healthy,
constructive relationship, despite the requirement to protect their independence and
objectivity. Internal and external auditors should make use of effective communication and
planning to become more involved at work, raise team morale, advance their careers, and
add more value to the organization or firm. This will guarantee that their work is well-
coordinated and that resources are used efficiently and effectively.
This will guarantee that their work is well-coordinated and that resources are used efficiently and
effectively.

Effective communication and planning of external and internal auditors ensure that audit
resources are allocated to the organization's most high-risk areas.

Internal and external auditors should both make use of the healthy interaction to become more
involved at work, raise team morale, advance their careers, and add more value to the
organization or firm. This will guarantee that their work is well-coordinated and that resources
are used efficiently and effectively.

Both internal and external auditors should take advantage of the harmonious relationship to make
them more engaged with work, elevate the team morale, improve career potential, and attain the
best interests of the organization they serve.