Chapter 11

Risk Assessment
Part 3
PHASE 1 -C .2 CONSIDERATION OF INTERNAL
CONTROL IN A FINANCIAL STATEMENT AUDIT
established to provide reasonable assurance that specific entity objectives will be
achieved.
Internal controls system includes a set of rules, policies, and procedures an organization
implements to provide direction, increase efficiency and strengthen adherence to
policies.

COMPONENT OF INTERNAL CONTROL

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring Activities
Control Environment
 1. Business shows a commitment to integrity and ethical values.
 2.Board of Directors shows independence from management and exercises
oversight of the development and performance of internal controls.
 3.Management sets up, with board oversight, structures, reporting lines, and
authorities and responsibilities in the pursuit of objectives.
 4.Business shows a commitment to attract, develop, and retain competent
employees in alignment with objectives.
 5. Business holds individuals accountable for their internal control
responsibilities in the pursuit of objectives.
Risk Assessment
1. Business specifies objectives with enough clarity to
enable the identification and assessment of risks
relating to objectives.
2. Business identifies risks to the achievement of its
objectives across the entity and analyzes risk as a
basis for determining how the risks are to be
managed.
3. Business considers the potential for fraud in assessing
risks to the achievement of objectives.
4. Business identifies and assesses changes that could
significantly impact the system of internal controls.
Control Activities
1. Business select and develops and control activities that
contribute to the mitigation of risks to achievement of
objectives to acceptable levels.
* Performance review
* Physical controls
* Segregation of duties
* Information processing controls
2. Business selects and develops general control activities over
technology to support the achievement of objectives.
3. Business sets up control activities through policies that
establish what is expected and procedures that put
policies into play.
Information and Communication
1. Business obtains or makes and uses relevant, quality information to support
the functioning of internal controls.
- Identify & record valid transactions
- Classify transaction correctly
- Measure the value of transaction correctly
- Record transactions in correct period
- Correctly present transaction & Disclosures.
2. Business communicates information internally. Communication includes
objectives and responsibilities for internal control, needed to support the
functioning of internal controls.
3. Business communicates with external parties regarding issues affecting the
functioning of internal controls.
Monitoring Activities
1. Business selects, develops, & performs ongoing and or
separate evaluations to determine whether the components of
internal controls are installed and functioning.
2. Business evaluates and communicates internal control
problems in a timely manner to parties responsible for taking
corrective action. Parties include senior management and the
board of directors as appropriate.