Professional Documents
Culture Documents
OBJECTIVES
• Requirements for an internal control
system.
• Nature of internal controls
• Typical systems
– Sales system
– Purchases
– Payroll
NEED FOR INTERNAL CONTROL
SYSTEM
• Companies Act
C.2 The board should maintain sound risk management and internal control
systems.
C.2.1 The board should, at least annually, conduct a review of the effectiveness
of the company’s risk management and internal control systems and should
report to shareholders that they have done so.
• Sarbanes Oxley
DEFINITION OF INTERNAL
CONTROL
Internal control is the process designed,
implemented and maintained by those charged
with governance, management and other
personnel to provide reasonable assurance about
the achievement of the entity’s objectives with
regard to reliability of financial reporting,
effectiveness and efficiency of operations and
compliance with applicable laws and regulations.
(ISA 315)
COMPONENTS OF AN INTERNAL
CONTROL SYSTEM
– Identify risk
– Prioritise risk
– Implement control strategies
• Accept
• Transfer
• Avoid
• Control
– Monitor
INFORMATION SYSTEM
An information system consists of infrastructure
(physical and hardware components), software,
people, procedures and data.
Comprises:
– Initiation of transaction
– Recording.
– Processing.
– Reporting.
QUALITY OF THE INFORMATION
SYSTEM
• Procedures to ensure transactions are:
– Identified
– Adequate described
– Measured
– Recorded in correct period.
– Properly included in the financial statements
• Business continuity plan
• Communication
CONTROL ACTIVITIES
The policies and procedures that help
ensure management directives are carried
out. They have various objectives and are
applied at various organisational and
function levels.
CONTROL ACTIVITIES
• Performance reviews
• Information processing.
• Physical controls.
• Segregation of duties.
The separation of those responsibilities or duties
which would, if combined enable one individual
to record and process a complete transaction.
MONITORING
Assessing the design and operation of
controls on a timely basis and taking
necessary corrective actions.
DETERMINING SYSTEM
• Materiality
• The nature, potential impact and likelihood of
risks facing the company.
• Geographical distribution of the enterprise
• Degree of initiative required of staff
• Public interest in the entity
• Controls exercised personally by management
• Costs of setting up controls & benefits
obtained
DETECTION V PREVENTION
• Prevention Applied before or during
the process and will usually
only cover one process
• Circumvention by collusion