Professional Documents
Culture Documents
Module 1 (Part 2)
CONTROL ENVIRONMENT
THE CONTROL ENVIRONMENT MEANS THE OVERALL ATTITUDE, AWARENESS AND ACTIONS
OF DIRECTORS AND MANAGEMENT REGARDING THE INTERNAL CONTROL SYSTEM AND ITS
IMPORTANCE IN ENTITY
STRONG CONTROL ENVIRONMENT = EFFECTIVE INTERNAL CONTROL SYSTEM
THE ENVIRONMENT IN WHICH INTERNAL CONTROL OPERATES HAS AN IMPACT ON THE
EFFECTIVENESS OF THE SPECIFIC CONTROL PROCEDURES
INFORMATION SYSTEM
AN INFORMATION SYSTEM CONSISTS OF INFRASTRUCTURE (PHYSICAL AND HARDWARE
COMPONENTS), SOFTWARE, PEOPLE, PROCEDURE, AND DATA
BUSINESSES WITH MANUAL PROCESSES HAVE NO INFORMATION SYSTEM
AN ENTITY’S CONTROL STRUCTURE MUST PROVIDE FOR THE IDENTIFICATION, CAPTURE
AND EXCHANGE OF INFORMATION BOTH WITHIN THE CHAPTER AND WITH EXTERNAL
PARTIES. INFORMATION COMMUNICATED SHOULD BE TIMELY AND ACCURATE.
INFORMATION SYSTEM RELEVANT TO FINANCIAL REPORTING OBJECTIVES FOCUSES ON
PROPER INITIATION, RECORDING, AND REPORTING OF TRANSACTIONS
RELATED BUSINESS PROCESSES – ARE THE ACTIVITIES DESIGNED TO (1) DEVELOP, PRODUCE
AND SELL AN ENTITY’S PRODUCTS, (2) ENSURE COMPLIANCE WITH LAWS AND
REGULATIONS, AND (3) RECORD INFORMATION
INFORMATION SYSTEM RELEVANT TO FINANCIAL REPORTING OBJECTIVES FOCUSES ON
PROPER INITIATION, RECORDING, AND REPORTING OF TRANSACTIONS
RELATED BUSINESS PROCESSES – ARE THE ACTIVITIES DESIGNED TO (1) DEVELOP, PRODUCE
AND SELL AN ENTITY’S PRODUCTS, (2) ENSURE COMPLIANCE WITH LAWS AND
REGULATIONS, AND (3) RECORD INFORMATION
COMMUNICATION INVOLVES PROVIDING AN UNDERSTANDING OF INDIVIDUAL ROLES AND
RESPONSIBILITIES PERTAINING TO INTERNAL CONTROL OVER FINANCIAL REPORTING
COMMUNICATION CAN TAKE SUCH FORMS AS POLICY MANUALS, ACCOUNTING AND
FINANCIAL REPORTING MANUALS, AND MEMORANDA
CONTROL ACTIVITIES
CONTROL ACTIVITIES HELP ENSURE RISK RESPONSES ARE EFFECTIVELY CARRIED OUT AND
INCLUDE POLICIES AND PROCEDURES, APPROVALS, AUTHORIZATIONS, VERIFICATIONS,
RECONCILIATIONS, SECURITY OVER ASSETS, AND SEGREGATION OF DUTIES. THESE
ACTIVITIES OCCUR ACROSS AN ENTITY, AT ALL LEVELS AND IN ALL FUNCTIONS, AND ARE
DESIGNED TO HELP PREVENT OR REDUCE THE RISK THAT ENTITY OBJECTIVES WILL NOT BE
ACHIEVED.
THESE ARE THE POLICIES AND PROCEDURES THAT HELP ENSURE THAT MANAGEMENT
DIRECTIVES ARE CARRIED OUT
THE MAJOR CATEGORIES OF CONTROL PROCEDURES ARE:
PERFORMANCE REVIEW
INFORMATION PROCESSING CONTROLS
PHYSICAL CONTROLS
IN PERFORMANCE REVIEW MANAGEMENT USES ACCOUNTING AND OPERATING DATA TO
ASSESS PERFORMANCE, AND IT THEN TAKES CORRECTIVE ACTIONS.
PERFORMANCE REVIEWS MAY BE USED BY MANAGERS FOR THE SOLE PURPOSE OF MAKING
OPERATING DECISIONS
FOR EXAMPLE THE USE OF STANDARDS, BUDGETS, FORECASTS, PRIOR PERIOD
PERFORMANCE
INFORMATION PROCESSING CONTROLS ARE POLICIES AND PROCEDURES DESIGNED TO
REQUIRE AUTHORIZATION OF TRANSACTIONS AND TO ENSURE THE ACCURACY AND
COMPLETENESS OF TRANSACTION PROCESSING
CONTROL ACTIVITIES MAY BE CLASSIFIED INTO GENERAL AND APPLICATION CONTROLS.
PROPER SEGREGATION OF TRANSACTIONS AND ACTIVITIES, SEGREGATION OF DUTIES,
ADEQUATE DOCUMENTS AND RECORDS, ACCESS TO ASSETS, AND INDEPENDENT CHECKS
ON PERFORMANCE
THE EXTENT TO WHICH PHYSICAL CONTROLS INTENDED TO PREVENT THE THEFT OF ASSETS
ARE RELEVANT TO THE RELIABILITY OF FINANCIAL STATEMENT PREPARATIONS, AND
THEREFORE THE AUDIT, DEPENDS ON CIRCUMSTANCES SUCH AS WHEN ASSETS ARE HIGHLY
SUSCEPTIBLE TO MISAPPROPRIATION
MONITORNG OF CONTROLS
MONITORING INVOLVES ASSESSING THE DESIGN AND OPERATION OF CONTROLS ON A
TIMELY BASIS AND TAKING CORRECTIVE ACTION AS NECESSARY
MONITORING IS EFFECTIVE WHEN IT LEADS TO THE IDENTIFICATION AND CORRECTION OF
CONTROL WEAKNESSES BEFORE THEY MATERIALLY AFFECCT THE ACHIEVEMENT OF THE
CHAPTER’S OBJECTIVES
DOCUMENTATION OF UNDERSTANDING
THE AUDITOR SHOULD DOCUMENT THE UNDERSTANDING OF THE ENTITY’S INTERNAL
CONTROL STRUCTURE ELEMENTS OBTAINED TO PLAN THE AUDIT
THE MORE COMPLEX THE INTERNAL CONTROL STRUCTURE AND THE MORE EXTENSIVE THE
PROCEDURES PERFORMED, THE MORE EXTENSIVE THE AUDITOR'S DOCUMENTATION
SHOULD BE
1. INTERNAL ACCOUNTING CONTROL QUESTIONNAIRES CONTAINS A SERIES OF QUESTIONS
DESIGNED TO DETECT CONTROL WEAKNESSES
a) MOSTLY ANSWERABLE BY “YES” OR “NO”
i. “YES” GENERALLY INDICATED SATISFACTORY DEGREE OF INTERNAL ACCOUNTING
CONTROLS
ii. “NO: INDICATED A POSSIBLE WEAKNESS IN CONTROL OR AT LEAST INDICATES
FURTHER INVESTIGATION IS NEEDED
2. FLOWCHART IS SYMBOLICDIAGRAM OF A SPECIFIC PART OF AN INTERNAL ACCOUNTING
CONTROL SYSTEM INDICATING THE SEQUENTIAL FLOW OF DATA AND/OR AUTHORITY
a) IT PROVIDES A PICTORUAL OVERVIEW OF A CLIENT’S INTERNAL CONTROL ACTIVITIES
b) TECHNIQUES OFTEN USED BY AUDITORS: (1) STANDARDAIZED SYMBOLS. (2)
FLOWLINES, (3) DOCUMENTS, (4) PROCESSING, AND (5) ANNOTATIONS
3. NARRATIVE DESCRIPTION IS A WRITTEN DESCRIPTION OF A PARTICULAR PHASE OR PHRASES
OR A CONTROL SYSTEM
a) IF THE STSTEMS ARE EXTENSIVE AND/OR COMPLEX, SEPARATE NARRATIVES MAY BE
PREPARED FOR SMALLER GROUPS OF CONTROLS WHICH RELATE TO SPECIFIC CLASSES
OF TRANSACTIONS OR ACCOUNTS
4. INTERNAL CONTROL CHECKLIST CONTRAINS A DETAILED ENUMERATION OF THE METHODS
AND PRACTICES WHICH CHARACTERIZED GOOD INTERNAL CONTROL OR OF ITEM TO BE
CONSIDERED IN REVIEWING INTERNAL CONTROL
a) PROVIDES ONLY A GUIDE TO REVIEW THE INTERNAL CONTROL, NOT A RECOD OF
AUDIT FINDINGS