Chapter 5: Introduction to Internal Control 2.

Risk Assessment

1. What is Internal Control? Explanation: The process of identifying and analyzing relevant
risks to achieving the entity’s objectives, forming a basis for how
 Definition: Internal control is a process designed by risks should be managed.
management and those charged with governance to
provide reasonable assurance about achieving objectives Example: A company regularly reviews potential risks, such as
in: data breaches or financial fraud, and implements measures to
 Reliable Financial Reporting: Ensuring financial mitigate them.
statements are accurate and complete.
 Effective and Efficient Operations: Ensuring business 3. Information System
operations are carried out efficiently and effectively.
 Compliance with Laws and Regulations: Ensuring the Explanation: Systems for capturing, processing, and reporting
organization adheres to all relevant laws and regulations. financial transactions. This includes maintaining accountability
for assets.
Example: A company might implement internal controls such as
requiring two signatures on checks to prevent unauthorized Example: An automated accounting system that tracks all
payments and regular audits to ensure financial accuracy. financial transactions and provides real-time financial reports.

2. Reasons for Internal Controls 4. Control Activities

 Minimize Risks: Reduce business risks by identifying Explanation: Policies and procedures that ensure management
and mitigating potential issues. directives are carried out. This includes approvals, verifications,
 Ensure Effective Functioning: Keep the company reconciliations, reviews of operating performance, security of
running smoothly by ensuring processes are followed assets, and segregation of duties.
correctly.
 Compliance: Adhere to laws and regulations to avoid Example: Requiring manager approval for all major purchases to
legal penalties and maintain a good reputation. ensure they are necessary and within budget.

Example: Fairfood Co must have strict controls in food 5. Monitoring

preparation to comply with health regulations, ensuring the
company continues operating and avoiding fines or closures.
Explanation: Ongoing evaluations or separate evaluations to
ensure the internal control system is functioning as intended. This
3. Limitations of Internal Controls can include regular management and supervisory activities.

 Human Element: Errors can occur due to human Example: Regular internal audits to check the effectiveness of
mistakes, fatigue, or lack of knowledge. controls and identify areas for improvement.
 Collusion: Employees might conspire together to bypass
controls, leading to fraud or other issues. 5. Types of Control Activities
 Unusual Transactions: Standard controls might not
cover rare or unique transactions, which could go
undetected.  Authorization

Example: In a small company, a single person ordering supplies Explanation: Approving transactions and documents, ensuring
and approving payments increases the risk of mistakes or fraud they are valid and in accordance with policies.
compared to a larger company where these duties are separated.
Example: A manager must approve all expense reports before
reimbursement.
4. Components of Internal Control
 Performance Reviews
1. Control Environment
Explanation: Regularly comparing actual performance with
Explanation: The overall attitude, awareness, and actions of the
budgets, forecasts, and prior periods to identify any discrepancies.
board and management regarding internal controls. A strong
control environment features ethical values, competence, and a
supportive attitude towards internal controls. Example: Monthly financial performance reviews to compare
actual revenue and expenses against the budget.
Example: Management at a company sets a good example by
following the rules and encouraging employees to do the same.  Information Processing
Explanation: Checking the accuracy, completeness, and H. Meetings and Reporting
authorization of transactions. 1) Regular Meetings: At least quarterly, more if necessary.
Minutes and Records: Maintain detailed meeting minutes and
Example: Verifying the accuracy of invoice amounts before records.
payment is processed. 2) Reporting to the Board: Regular updates on significant issues
and audit activities.
 Physical Controls I. Best Practices
- Continuous Education: Keep updated on accounting and
auditing standards.
Explanation: Safeguarding assets through physical measures. - Effective Communication: Maintain open communication with
management, internal, and external auditors.
Example: Locking up valuable inventory in a secure warehouse - Performance Evaluation: Periodically evaluate and improve
and restricting access to authorized personnel. Audit Committee performance.
J. Example
 Segregation of Duties Scenario: XYZ Corporation’s Audit Committee found
discrepancies in inventory valuation, communicated with external
Explanation: Splitting responsibilities among different people to auditors, investigated the issue, and recommended internal control
reduce the risk of errors or fraud. enhancements.

Example: One employee handles cash receipts, while another Summary

records the transactions in the accounting system.
Internal control is essential for ensuring reliable financial
reporting, efficient operations, and compliance with laws. It
6. Audit Committee
includes components such as the control environment, risk
assessment, information system, control activities, and
A. Definition and Role
monitoring. These controls help mitigate risks and ensure smooth
 Subcommittee of Board of Directors: Oversees financial
operations, though they have limitations like human errors and
reporting, audit processes, and internal controls.
collusion. Understanding and implementing effective internal
 Primary Function: Ensures integrity of financial
controls is crucial for the overall health and compliance of a
statements, effective internal controls, and compliance
business.
with regulations.
B. Responsibilities
 Financial Reporting: Active Recall Questions
1) Review and ensure accuracy of financial statements.
2) Communicate with management and external auditors.
1. What is internal control?
 Internal Control:
Answer: A process designed by management and governance to
ensure reliable financial reporting, effective operations, and
1) Evaluate and assess internal control systems.
compliance with laws.
2) Oversee risk management policies.
2. Why are internal controls important?
C. External Audit:
Answer: They minimize risks, ensure effective functioning, and
ensure compliance with laws and regulations.
1) Recommend and appoint external auditors.
3. Name two limitations of internal controls.
2) Review and approve audit plans.
Answer: Human errors and collusion.
3) Discuss audit findings and recommendations.
4. What are the five components of internal control?
D. Internal Audit:
Answer: Control environment, risk assessment, information
system, control activities, and monitoring.
1) Oversee internal audit function and Chief Audit Executive
5. Give an example of a control activity.
(CAE).
Answer: Authorization of transactions or performance reviews
2) Review internal audit plans and reports.
comparing actual results to budgets.
E. Compliance:
6. What is the purpose of risk assessment in internal
control?
1) Ensure legal and regulatory compliance.
Answer: Identifying and analyzing relevant risks to achieving the
2) Promote and monitor ethical standards.
entity’s objectives.
F. Whistleblower Mechanism:
7. How does segregation of duties help in internal
control?
1) Establish procedures for handling complaints.
Answer: It reduces the risk of errors or fraud by splitting
2) Ensure confidentiality and protection for whistleblowers.
responsibilities among different people.
G. Composition
8. What does the control environment component of
1) Members: Independent directors, not part of management.
internal control encompass?
2) Expertise: Financial literacy, with at least one member having
Answer: It encompasses the overall attitude, awareness, and
financial management expertise.
actions of the board and management regarding internal controls,
3) Independence: Unbiased oversight by independent members.
including ethical values, competence, and a supportive attitude
towards internal controls.
9. Give an example of a physical control.
Answer: Locking up valuable inventory in a secure warehouse
and restricting access to authorized personnel.
10. Why is monitoring important in internal control?
Answer: Monitoring is important because it ensures the internal
control system is functioning as intended through ongoing or
separate evaluations, allowing for timely identification and
correction of deficiencies.
11. What is the role of information systems in internal
control?
Answer: Information systems capture, process, and report
financial transactions, maintaining accountability for assets and
providing real-time financial reports.
12. How can collusion affect internal control?
Answer: Collusion can allow employees to bypass internal
controls, leading to fraud or other issues, as controls designed for
individual responsibilities can be circumvented by coordinated
actions.
13. What is the purpose of performance reviews in
control activities?
Answer: The purpose of performance reviews is to compare
actual performance with budgets, forecasts, and prior periods to
identify discrepancies and take corrective actions.
14. Describe an example of segregation of duties.
Answer: One employee handles cash receipts while another
records the transactions in the accounting system, reducing the
risk of errors or fraud.
15. What are the key objectives of internal control?
Answer: The key objectives are reliable financial reporting,
effective and efficient operations, and compliance with laws and
regulations.
16. How do authorization controls work?
Answer: Authorization controls work by requiring approval of
transactions and documents to ensure they are valid and comply
with policies.
17. What is risk assessment, and why is it crucial?
Answer: Risk assessment is the process of identifying and
analyzing relevant risks to achieving the entity's objectives,
forming a basis for managing those risks. It is crucial because it
helps an organization anticipate and mitigate potential threats.
18. What limitations can affect the effectiveness of
internal controls?
Answer: Limitations include human errors, collusion among
employees, and controls not covering unusual or unique
transactions.
Chapter Notes: Evidence and Sampling o Explanation: Enhances efficiency and
accuracy in data analysis.
1. Procedures to Obtain Evidence
3. Audit Software
 Inspection of Tangible Assets
o Example: Auditing inventory by physically  Functions
counting items in a warehouse. o Example: Generating exception reports for
o Explanation: Confirms the existence of unusual transactions.
assets but may not verify ownership or o Explanation: Automates calculations and
valuation. improves the effectiveness of audits.
 Inspection of Documentation
o Example: Reviewing supplier invoices to 4. Analytical Procedures
verify purchase transactions.
o Explanation: Ensures completeness,  Steps:
valuation, and rights/obligations related to 1. Develop Expectation
transactions.  Example: Expecting utility
 Inquiry expenses to be in line with prior
o Example: Asking management about years, adjusted for changes in
significant variances in financial operations.
statements. 2. Compare Actual vs. Expected
o Explanation: Reliability depends on the  Example: Noticing that current
honesty and knowledge of the respondent. utility expenses are significantly
 External Confirmation higher than expected.
o Example: Confirming bank balances 3. Investigate Significant Differences
directly with the bank.  Example: Investigating reasons for
o Explanation: Provides high reliability due the higher utility expenses, such as
to third-party verification. rate increases or operational
 Recalculation changes.
o Example: Recalculating depreciation
expense to verify accuracy. 5. Directional Testing
o Explanation: Strong evidence as
calculations are performed by the auditor.  Overstatement Testing
 Reperformance o Example: Verifying sales invoices to
o Example: Auditor independently ensure revenue is not overstated.
reperforming a client's bank reconciliation. o Explanation: Starts with recorded figures
o Explanation: Strong evidence due to and traces back to source documents.
independent execution by the auditor.  Understatement Testing
 Analytical Procedures o Example: Reviewing expense
o Example: Comparing current year sales to documentation to ensure all expenses are
prior year sales to identify trends. recorded.
o Explanation: Helps identify unusual o Explanation: Starts with source documents
fluctuations and relationships. and traces forward to ensure completeness.

2. Computer Assisted Audit Techniques (CAATs) 6. Audit of Accounting Estimates

 Test Data  Example: Reviewing management's estimation of

o Example: Running a set of fictitious bad debt provision.
transactions through the client's payroll  Explanation: Involves evaluating assumptions,
system to test controls. methodologies, and data used in estimates.
o Explanation: Validates the effectiveness of
controls by simulating real transactions. 7. Concepts of Sampling
 Audit Software
o Example: Using software to analyze large  Sampling Risk
volumes of transaction data for anomalies.
 o Example: Auditor may incorrectly  Controls Testing
conclude that controls are effective based o Example: Larger sample size for high-risk
on a non-representative sample. areas.
o Explanation: Risk that the sample does not o Explanation: Higher risk or expected
represent the population. deviation increases sample size.
 Non-sampling Risk  Details Testing
o Example: Auditor misinterprets the results o Example: Sampling more transactions
due to incorrect application of procedures. when there's a high risk of material
o Explanation: Errors arising from factors misstatement.
other than sampling. o Explanation: Tolerable misstatement
influences the sample size.
8. Design of the Sample
11. Tolerable Misstatement, Tolerable Deviation
 Factors: Risk assessment, control reliance,
expected deviation/misstatement.  Tolerable Misstatement
 Steps: o Example: The acceptable error margin in a
1. Define the Population $1 million account might be $50,000.
 Example: All sales transactions in o Explanation: Misstatement level auditor
the fiscal year. can accept without changing the opinion.
2. Determine the Sample Size  Tolerable Deviation
 Example: Based on the level of o Example: Accepting a 5% deviation rate in
assurance needed and the expected control testing.
error rate. o Explanation: Deviation rate auditor can
3. Select the Sampling Method tolerate in control testing.
 Example: Choosing between
random sampling and systematic 12. Selecting the Sample
sampling.
 Random Sampling
9. Misstatement, Error, Sampling Risk, Non-sampling o Example: Using a random number
Risk generator to select transactions.
o Explanation: Each item has an equal
 Misstatement chance of being selected.
o Example: Incorrectly reporting revenue  Systematic Sampling
figures. o Example: Selecting every 10th transaction
o Explanation: Deviations from correct from a list.
financial reporting. o Explanation: Items are selected at regular
 Error intervals.
o Example: Unintentional recording of  Haphazard Sampling
incorrect expense amounts. o Example: Arbitrarily picking transactions
o Explanation: Unintentional misstatements. from a file.
 Sampling Risk o Explanation: Non-structured selection
o Example: Auditing a small sample of without bias.
transactions may lead to an incorrect  Stratified Sampling
conclusion about the whole population. o Example: Dividing sales into high,
o Explanation: Risk that the sample is not medium, and low-value strata and sampling
representative. each.
 Non-sampling Risk o Explanation: Ensures representation across
o Example: Auditor fails to detect a different subgroups.
misstatement due to incorrect audit  Monetary Unit Sampling
procedure application. o Example: Selecting transactions based on
o Explanation: Errors not related to monetary value.
sampling. o Explanation: Each monetary unit in the
population has an equal chance of selection.
10. Factors Influencing Sample Size
13. Drawing Conclusion from Sampling
  Evaluate Results
o Example: Assessing the sample results to
infer about the whole population.
o Explanation: Determines if the sample
results support the financial statement
assertions.
 Consider Risks
o Example: Assessing if sampling and non-
sampling risks are within acceptable levels.
o Explanation: Ensures the conclusion is
reliable.

14. Evaluation of Misstatements

 Aggregate Misstatements
o Example: Summing identified
misstatements to see if they exceed the
tolerable misstatement.
o Explanation: Helps determine the overall
impact on financial statements.
 Qualitative Factors
o Example: Evaluating the nature and cause
of misstatements, such as intentional fraud.
o Explanation: Considers the broader
implications of misstatements.

Summary

This detailed summary covers the key procedures to obtain

evidence, the use of CAATs, the importance of audit
software, and the application of analytical procedures. It
explains directional testing, the audit of accounting
estimates, and sampling concepts, including the design and
evaluation of samples. It also addresses misstatements,
errors, and the factors influencing sample size, as well as
the process of selecting samples and drawing conclusions
from them. The evaluation of misstatements and the
implications for financial statements are crucial for
understanding the overall audit process.