Professional Documents
Culture Documents
Internal Control
1. The importance of Internal Control
1.1 The auditor’s assessment of internal controls:
Assessment of risk at both financial statement level and assertion level.
The responses at the assertion level involve the auditor selecting appropriate audit
procedures as per assessment.
Inherent risk
Control risk
1.2 The meaning of Internal Control
Defined as the process designed, put in place and maintained to provide assurance of a
reasonable level regarding the achievement of the objectives of an entity.
Reliability of the financial reports
Efficiency and effectiveness of operations
Adherence to relevant and applicable laws and regulations.
Internal control are a part of the internal control systems.
1. The importance of Internal Control
1.3 How the auditor uses internal controls
With ‘system based approach’ the auditor relies on the accounting systems and the related controls
to ensure that the transactions are properly recorded.
If the systems and internal controls are adequate, the transactions should be processed correctly.
The audit emphasis on the systems processing the transactions rather than the transaction themselves.
Understanding of what these systems and controls are;
And how to carry out an evaluation of the effectiveness of the controls.
The degree of effectiveness of an internal control system will depend on the following two factors:
Design of the internal control system
Is the control system able to prevent material misstatement?
Is it able to detect and correct material misstatement if they occur?
Segregation of duties: dividing the work to be done between two or more individuals.
Purpose: Work done by one individual acts as a check on the work of other, reduces the risk of
error or fraud.
It is more difficult for a person to commit fraud , because a colleague may identify suspicious
transactions by a colleague who is trying to commit a fraud.
2. The elements of Internal Control
2. The elements of Internal Control
2. The elements of Internal Control
2. The elements of Internal Control
Fewer chances of lower code of conduct so a culture of integrity and ethical behavior will be a key to auditor’s
risk assessment.
Auditor will often see management involvement as only a partial substitute for ‘normal’ control system.
3. LIMITATIONS OF INTERNAL CONTROL
SYSTEMS
The following problems may arise when control system rely excessively on the involvement
of the senior management:
Lack of evidence as to how systems are supposed to operate.
Rely more on enquiry than on review of documentation.
Lack of evidence of controls
Existence and application of controls
Management may override other controls that are in place.
Management may lack the expertise necessary to control the entity effectively.
Lower chances to have an independent person within the management team.
Lower tests of control and higher substantive testing.
4. EVALUATION OF CONTROLS AND
AUDIT RISK ASSESSMENT
4.1 The purpose of evaluating controls
2 stage process
Whether controls are effective ‘on paper’.
Obtain a general picture of the effectiveness of control established by management.
Whether the controls are applied properly, and so whether they are actually working and operating
effectively.
4.2 The evaluation process
If ‘paper’ review shows major weaknesses, the audit approach will have to focus on tests of transactions
(substantive tests) rather than on tests of control (a system-based approach)
Good for high level of control risk
If the controls appear to be acceptable on paper, the auditor has to perform tests of control.
If tests indicate that the controls are operating effectively, audit can be system based with lower
substantive testing.
ISA 330 requires that the substantive procedures are carried out for each material class of transactions,
account balances and disclosures.
4. EVALUATION OF CONTROLS AND AUDIT
RISK ASSESSMENT
4.3 Management Letter
A report typically presented in columnar fashion detailing weaknesses observed in the
client’s system of internal controls.
Control weaknesses is a by-product of external audit not an objective.