Internal Auditing

(Control: Types And Techniques)

Bashir Abdisamad Hared

 Definition of Control
 Control is
 “any action taken by management, the
board, and other parties to manage risk
and increase the likelihood that established
objectives and goals will be achieved.
 Management plans, organizes, and directs
the performance of sufficient actions to
provide reasonable assurance that
objectives and goals will be achieved
 Control Processes and
Procedures
 Control processes are:
 “the policies, procedures (both manual and automated), and
activities that are part of a control framework, designed and
operated to ensure that risks are contained within the level
that an organization is willing to accept.
 The control process includes
 Establishing standards for the operation to be controlled,
 Measuring performance against the standards,
 Examining and analyzing deviations,
 Taking corrective action, and
 Reappraising the standards based on experience
 CLASSIFYING CONTROLS
 Primary Controls
 Preventive controls. deter the occurrence of unwanted
events. For example: storing petty cash in a locked safe
or segregating duties
 Detective controls: alert the proper people after an
unwanted event. For example: a burglar alarm, an
automated reporting of all rejected batch items
 Corrective controls: Correct the negative effects
of unwanted events. For example: all cost variances
over a certain amount must be justified.
 Directive controls: Cause or encourage the
occurrence of a desirable event. 
For example: policy and procedure manuals, training,
job descriptions.
 CLASSIFYING CONTROLS

 Secondary Controls
 Compensatory controls: may reduce risk when
the primary controls are ineffective. However,
they do not, by themselves, reduce risk to an
acceptable level.
 Complementary controls; work with other
controls to reduce risk to an acceptable level. In
other words, their synergy is more effective than
either control by itself.
 CLASSIFYING CONTROLS

 Two types of Input Controls

 Batch Input Controls: for example: Financial
Totals summarize monetary amounts and the total
produced by the system should match the total
produced manually before hand.
 Online Input Controls: For example: making
the input screen match the paper form, edit checks in
input screens, validity checks in input screens, limit
and range checks, self-checking digits.
 OBJECTIVITY OF INTERNAL
AUDITORS

 Internal auditors must be objective in

performing their work
 Standard 1100
 Objectivity is an unbiased mental attitude that allows
internal auditors to perform engagements in such a
manner that they believe in their work product and that no
quality compromises are made.
 Objectivity requires that internal auditors do not
subordinate their judgment on audit matters to others.
 Threats to objectivity must be managed at the individual
auditor, engagement, functional, and organizational
levels