CHAPTER 3

INTERNAL CONSIDERATION
 ACCOUNTING AND
INTERNAL
CONTROL SYSTEMS
• Accounting system - series of tasks and records of
an entity by which transactions are processed as a
means of maintaining financial records
• Internal control system - all policies and
procedures adopted by the management of an
entity to assist in achieving management’s
objective of ensuring:
 orderly and efficient conduct of its business, adherence
to management policies
 safeguarding of assets
 prevention and detection of fraud and error
 accuracy and completeness of the accounting records,
and
 timely preparation of reliable financial information
 INTERNAL
CONTROL

• a process effected those charged with

governance, management designed to
provide reasonable assurance regarding
the achievement of the following
objectives:
 effectiveness and efficiency of operations
(operational objective)
 reliability of financial reporting (reporting
objective)
 compliance with applicable laws and regulations
(compliance objective)
 INHERENT
LIMITATIONS OF
INTERNAL CONTROL

• Management’s cost benefit consideration

• Management overriding the control
• Circumvention of controls through collision with
parties outside the entity or with employees of
entity
• Inadequacy of internal controls due to changes
in condition
• Potential of human errors due to carelessness,
distraction, mistake of judgments
• Most controls are directed to routine
transactions and not to unusual and non routine
transactions.
 COMPONENTS OF
INTERNAL
CONTROL

1. Control environment
2. Entity’s risk assessment
process
3. Information and
communication system
4. Control activities
5. Monitoring controls
 COMPONENTS OF
INTERNAL
CONTROL
1. CONTROL ENVIRONMENT
• governance and management functions and the
attitudes , awareness and actions of those
charged with governance and management
concerning the entity’s internal control and its
importance in the entity
• Elements of control environment
 Integrity and ethical values
 Management’s philosophy and operating style
 Commitment to competence
 Participation by those charged with governance
 Assignment of authority and responsibility
 Human resources policies and procedures
 Organizational structure.
 COMPONENTS OF
INTERNAL
CONTROL
2. ENTITY’S RISK ASSESSMENT PROCESS
• the process of identifying and responding to business
risk s and the results thereof
• risks can be due to
 changes in operating environment
 new personnel
 new or revamped information systems
 rapid growth
 new technology
 new business models, products or activities
 corporate restructuring
 expanded foreign operations
 new accounting pronouncements
 COMPONENTS OF
INTERNAL
CONTROL
2. ENTITY’S RISK ASSESSMENT PROCESS (continued…)
• Auditor shall obtain an understanding of
whether the entity has a process for:
 Identifying business risks relevant to
financial reporting objectives
 Assessing the significance of risks and
likelihood of their occurrence
 Deciding how to manage those risks
 COMPONENTS OF
INTERNAL
CONTROL
3. INFORMATION AND COMMUNICATION SYSTEM
An information system consists of:
• Infrastructure (physical and hardware
components)
• Software
• Process and procedures
• People, and
• Input or data
 COMPONENTS OF
INTERNAL
CONTROL
4. CONTROL ACTIVITIES (APIPS)
Policies and procedures to help ensure that management
directives are carried out.
Examples of control activities:
• A uthorization
 Specific – for unusual , material or infrequent
transactions
 General – for regular transactions
• P erformance reviews (actual vs budget vs prior period)
• I nformation processing (controls from initiation up to
the inclusion of transactions in the financial reports
• P hysical controls (both assets and documents)
 COMPONENTS OF
INTERNAL
CONTROL
4. CONTROL ACTIVITIES (continued)
• S egregation of duties – incompatible functions
 The following should be separated (I CARE)
I ndependent checks
C ustody of assets
A uthorizaton of transactions
R ecording of transactions
E xecution of transactins
 COMPONENTS OF
INTERNAL
CONTROL
5. MONITORING OF CONTROLS
 Process of assessing the quality of internal control
performance over time
 assessing the design and operations of controls on
a timely basis and taking the corrective actions
 Monitoring can be accomplished through:
 on-going monitoring activities (performed by
persons within the same line functions)
 separate evaluations (performed by internal
auditors, audit committee and or external auditors)
 combination of the two
 INTERNAL
CONTROL
CONSIDERATION
Auditor should obtain understanding of the accounting
and internal control systems sufficient to plan the audit
and develop an effective audit approach

STEPS

1. Obtain an understanding of the client’s internal

control
2. Preliminary assessment of control risk
3. Determine the overall response to assessed risks
4. Perform test of controls
5. Reassess control risk
6. Final assessment of control risk
7. Determine the nature, timing, and extent of
substantive tests necessary to restrict detection
risks to an acceptable level
 INTERNAL
CONTROL
CONSIDERATION
1. OBTAIN AN UNDERSTANDING OF THE INTERNAL
CONTROL

Auditor should understand the policies and

procedures that are relevant to financial reporting
system.

This will enable auditor to:

 Identify types of material
misstatements that could occur
 consider factors that affect the risk of
material misstatements; and
 design appropriate procedures
 INTERNAL
CONTROL
CONSIDERATION
OBTAIN AN UNDERSTANDING OF THE INTERNAL
CONTROL consists of:
 evaluating the design of relevant controls
 can it prevent, detect or correct
material misstatements?
 determining whether controls have been
implemented
 do controls exist and being used?
 documenting the system’s internal
controls and identifying transaction cycles
 through flowchart, narrative, etc
 Performing “walk through” test to
determine whether controls are
implemented
 Identifying controls that are potentially
reliable.
 INTERNAL
CONTROL
CONSIDERATION
Procedures used in obtaining understanding of
entity’s internal control:
 Inquiring of entity personnel
 Observing the application of specific controls
 Inspecting documents and reports
 Tracing transactions through the information
system relevant to financial reporting (i.e.
walkthrough)

Documentation of internal control system:

 Narrative memorandum – written description
 Flowchart or Data Flow Diagram – interrelated symbols
that describes the flow of the transactions identifying the
key controls
 Internal control Questionnaire (ICQ) – series of
questions designed to detect control deficiencies
 Checklist
 INTERNAL
CONTROL
CONSIDERATION
1. PRELIMINARY ASSESSMENT OF CONTROL RISK

After obtaining an understanding of the accounting

and internal control, auditor should make a
preliminary assessment of control risk, at the
assertion level, for each material account balance or
class of transactions

Preliminary assessment of control risk – the

process of evaluating the effectiveness of an
entity’s accounting and internal control
systems in preventing or detecting and
correcting material misstatements
 INTERNAL
CONTROL
CONSIDERATION
ASSESSMENT OF CONTROL RISK

1. Maximum or high level:

 accounting and internal control systems are
not effective
 evaluating the effectiveness of the entity’s
accounting and internal control systems
would not be efficient

2. Below maximum or less than high:

 auditor is able to identify internal controls
relevant to the assertion which are likely to
prevent or detect and correct a material
misstatement and plans to perform tests of
controls to support the assessment
 auditor’s judgment is that substantive audit
procedures alone do not provide sufficient
appropriate audit evidence
 INTERNAL CONTROL
CONSIDERATION
OVERALL RESPONSE TO ASSESSED RISKS

 If preliminary control risk assessment is:

 HIGH – auditor relies primarily on substantive
tests
 LESS THAN HIGH - auditor performs test of
controls

PERFORM TEST OF CONTROLS

 to obtain sufficient evidence as to the operating
effectiveness of the relevant controls. It focuses
on
 Design – of the accounting and internal
control system
 Implementation of the accounting and
internal control system
 Operating effectiveness of the accounting
and internal control system.
 Test of control procedures includes:
Inspection Observation Walk-through
Inquiry Reperformance Recalculation
 INTERNAL
CONTROL
CONSIDERATION
TEST OF CONTROL RISKS

 If preliminary control risk assessment is:

 HIGH – auditor relies primarily on substantive
tests
 LESS THAN HIGH - auditor performs test of
controls

PERFORM TEST OF CONTROLS

 to obtain sufficient evidence as to the operating
effectiveness of the relevant controls. It focuses
on
 Design – of the accounting and internal
control system
 Implementation of the accounting and
internal control system
 Operating effectiveness of the accounting
and internal control system.
 INTERNAL CONTROL
CONSIDERATION

REASSESS CONTROL RISK

 Based on the results of test of controls, auditor

should evaluate whether the internal controls are
operating as assessed in the preliminary
assessment of control risk

Effect of the reassessment of control risk on the audit approach

Reassessment of Audit Approach Effect on substantive
control risk test
• Less effective procedures
CR assessment remains at Reliance or Systems • Interim testing maybe
LESS THAN HIGH approach appropriate
• Smaller sample size

CR assessment is changed to
HIGH
• More effective
Switch to no reliance procedures
approach • Test nearer or at year-
end
• Large sample size
 INTERNAL CONTROL
CONSIDERATION

FINAL ASSESSEMENT OF CONTROL RISK

 Based on the results of test of controls, auditor

should evaluate whether the internal controls are
operating as assessed in the preliminary
assessment of control risk

Effect of the reassessment of control risk on the audit approach

Reassessment of Audit Approach Effect on substantive
control risk test
• Less effective procedures
CR assessment remains at Reliance or Systems • Interim testing maybe
LESS THAN HIGH approach appropriate
• Smaller sample size

CR assessment is changed to
HIGH
• More effective
Switch to no reliance procedures
approach • Test nearer or at year-
end
• Large sample size