You are on page 1of 26

INTERNAL

CONTROL
OVERVIEW
Internal Control Defined
All the policies and procedures adopted
by an entitys board of directors,
management, and other personnel,
designed to provide reasonable assurance
of regarding the achievement of
managements objectives.
Internal Control Defined
The internal control system extends
beyond those matters which relate directly to
the functions of the accounting system.
Internal Control Objectives
(AICPA SAS)
1. Safeguard assets of the firm
2. Ensure accuracy and reliability of
accounting records and information
3. Promote efficiency of the firms operations
4. Measure compliance with managements
prescribed policies and procedures
Modifying Assumptions to the
Internal Control Objectives
Management Responsibility
The establishment and maintenance of
a system of internal control is the responsibility
of management.
Reasonable Assurance
The cost of achieving the objectives of
internal control should not outweigh its benefits.
Modifying Assumptions to the
Internal Control Objectives
Methods of Data Processing
The techniques of achieving the
objectives will vary with different types of
technology.
Limitations of Internal Controls
Possibility of honest errors
Circumvention via collusion
Management override
Changing conditions--especially in companies
with high growth
Exposures of Weak Internal
Controls (Risk)
Destruction of an asset
Theft of an asset
Corruption of information
Disruption of the information system
Internal Control Process
Components of Internal Control
The entitys risk assessment process
The control environment;
Control activities;
The information system, including the related
business processes, relevant to financial reporting,
and communication; and
Monitoring of controls.
Internal Control Process
Entitys risk assessment process
Control environment
An entitys risk assessment process is its process
Control activities
for identifying and responding to business risks and
The control environment includes the attitudes,
the results thereof.
Information system
awareness, and actions of management and those
Control activities are the policies and procedures
charged
Monitoring withofgovernance
controls concerning the entitys internal
that help ensure that management
Anitsinformation directives are
control and importancesystem consists
in the entity. of infrastructure
Carried
(physicalout.
and hardware components), software,includes
Managements
Generally, control monitoring
activities of controls
that mayandbe relevant
people, procedures,
considering whether and
theydata.
are Infrastructure
operating as intendedsoftware to
will
an
be audit
absent,may be
or are categorized
havemodified as policies
less significance, and
in for changes in
and that
procedures they as appropriate
systems
conditions.thatthat
arepertain to theorfollowing:
exclusively primarily manual.
Performance reviews.
Information processing.
Physical controls.
Segregation of duties.
Preventive-Detective-Corrective
Internal Control Model
The Internal Control Shield
Preventive-Detective-Corrective
Internal Control Model
Preventive Controls
First line of defense
Designed to reduce frequency of occurrence of
undesirable events
More cost effective than detective and corrective
Preventive-Detective-Corrective
Internal Control Model
Detective Controls
Second line of defense
Designed to identify and expose undesirable
events that elude preventive controls
Reveal specific types of errors (actual vs.
standards)
Preventive-Detective-Corrective
Internal Control Model
Corrective Controls
Taken to reverse the effects of errors detected in
the previous step
Designed to troubleshoot the problems
A detected error may have more corrective action

Linking a corrective action to a detected error, as


an automatic response, may result in an incorrect
action which causes the problem to worsen
References:
Hall, J. (2011) Accounting Information Systems 7th
Ed.,USA
http://www.actcpas.com/what-we-do/consulting/system-
and-organization-controls
CPAR AT Notes

BIAG, Hanzel
CANDO, Christian
ECUAN, Jules
MAPANAO, Charlie
MEDRANO, James
Short Quiz!
1. Who is responsible for establishing and
maintaining the internal control system?
a. the internal auditor
b. the accountant
c, management
d. the external auditor
2. Which of the following is not a limitation of
the internal control system?
a. errors are made due to employee
fatigue
b. fraud occurs because of collusion
between two employees
c, the industry is inherently risky
d. management instructs the
bookkeeper to make fraudulent
journal entries
3. The most cost-effective type of internal
control is
a, preventive control
b. accounting control
c. detective control
d. corrective control
4. Which of the following is a preventive
control?
a, credit check before approving a
sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts
receivable subsidiary ledger to the
control account
5. A well-designed purchase order is an
example of a
a, preventive control
b. detective control
c. corrective control
d. none of the above
6. Which of the following is not an element
of the internal control environment?
a. management philosophy and
operating style
b. organizational structure of the firm
c, well-designed documents and
records
d. the functioning of the board of
directors and the audit committee
7. Which of the following is not an internal
control procedure?
a. authorization
b, managements operating style
c. independent verification
d. accounting records
8. The bank reconciliation uncovered a
transposition error in the books. This is an
example of a
a. preventive control
b, detective control
c. corrective control
d. none of the above
9. Which of the following indicates a strong
internal control environment?
a, the internal audit group reports to
the audit committee of the board
of directors
b. there is no segregation of duties
between organization functions
c. there are questions about the
integrity of management
d. adverse business conditions exist
in the industry
10. A physical inventory count is an example
of a
a. preventive control
b, detective control
c. corrective control
d. feedforward control