Professional Documents
Culture Documents
4.1 Introduction
4.2 The Meaning Of Internal Control
4.3 Means Of Achieving Internal Control
4.4 The Control Environment
4.5 Risk Assessment
4.6 Control Activities
1
4.1 Introduction
three major objectives:
1st , to explain the meaning and significance of internal control
2nd , to discuss the major components of a client's internal control structure
3rd , to show how auditors go about obtaining an understanding of internal con-
trol to meet the requirements of the second standard of field work.
As discussed in principles of accounting courses, internal control has attained
greatest significance in large-scale business organizations.
Accordingly, dealing with the problem of achieving internal control in a small
business.
2
4.2 The Meaning Of Internal Control
D/nces of opinion have long existed about meaning & objectives of internal control.
Many people interpret the term internal control as the steps taken by a business to
prevent fraud-both employee fraud and fraudulent financial reporting.
Others, while acknowledging the importance of internal control for fraud preven-
tion, believe that internal control has an equal role in assuring control over manufac-
turing and other processes.
Such d/nces in interpretation also exist in the professional publications issued by the
AICPA, the Institute of Internal Auditors, Inc—and the Research Foundation of the
Financial Executives Institute.
1990 and then that the various professional Organizations worked together to de-
velop a consensus on the nature and scope of internal control. 3
Cont’d …..
As a result of a number of instances of fraudulent financial reporting in the 1970 s
and early 1980s, the major accounting organizations' sponsored the National Com-
the causal factors that are associated with fraudulent reporting, and to make recom-
nal control.
For ex, it emphasized the importance of a competent and involved audit committee,
4
Cont’d ……
It also called on the sponsoring organization to work together to integrate the
study for that purpose, and its report, titled Internal Control-Integrated Frame-
Provide a standard against which business and other entities can assess their con-
6
The Study Defines Internal Control As:
This definition is important to auditors b/se it is being incorporated into the State-
control.
COSO's definition of internal control (IC) emphasizes that internal control is a
8
Cont’d ….
The use of budgetary techniques, production standards, inspection labo-
ratories, time and motion studies, and employee training programs in-
volves engineers and many others far removed from accounting and fi-
nancial activities: yet all of these devices are a part of internal control.
Although internal control is broadly defined, not all of the internal con-
trol structure policies and procedures are relevant to an audit of financial
statements.
Generally, the internal control structure policies and procedures that are
relevant to an audit are those that pertain (relate ) to the reliability of fi-
nancial reporting.
9
Cont’d …..
That is, those that affects the preparation of financial information for external
they affect the reliability of data that the auditors use to apply auditing proce-
dures.
For ex, controls applicable to no financial data that the auditors use in perform-
dit.
assets against loss from errors and irregularities are ordinarily relevant to an
audit.
10
4.3 Means Of Achieving Internal Control
For purposes of financial statement audits, the policies and procedures
next, Depending on such factors as the size, nature of operations, and ob-
11
Five Components of internal control
The internal control structures of all large organizations include five
components:
(1) The Control Environment
(2) Risk Assessment
(3) The (Accounting) Information And Communication System;
(4) Control Activities
(5) Monitoring.
12
1. The Control Environment
The control environment sets the tone (quality) of an organization by in-
fluencing the control consciousness of people.
It may be viewed as the foundation for the other components of internal
control.
Control environment factors include:-
Integrity and Ethical Values:
Commitment to Competence:
Board Of Directors or Audit Committee;
Management's Philosophy and Operating Style:
Organizational Structure:
Human Resource Policies and Practices:
Assignment Of Authority and Responsibility.
13
Integrity and Ethical Values
The effectiveness of the internal control structure depends directly upon the in-
tegrity and ethical values of the personnel who are responsible for creating,
14
Commitment to Competence
This is especially critical when the employees are involved in applying internal
control policies and procedures.
15
Board of Directors or Audit Committee
The control environment of an organization is significantly influenced by the ef-
fectiveness of its board of directors or the audit committee.
Factors that bear on the effectiveness of the board or audit committee include
the extent of its independence from management, the experience and stature of
its members, the extent to which it raises and pursues difficult questions with
management, and its interaction with the internal and external auditors.
the audit committee of the board of directors should be composed of neither
outside directors, who are neither officers nor employees of the organization.
This enables the audit committee to be effective at overseeing the quality of the
organization's financial reports, and acting as a deterrent to management over-
ride of internal controls and to management fraud.
16
Management Philosophy and Operating Style
Mgmts differ in both their philosophies toward F/reporting and their attitudes
risk with prospect of high return but Other may be conservative & risk averse.
These differing philosophies and operating styles may have an impact on the
zation by dealing with such issues as decision making and appropriate segre-
19
Responsibilities of Finance and Accounting Departments
Finance and accounting are the two departments most directly involved in the financial af-
The division of responsibilities between these departments illustrates the separation of the
accounting function from operations and also from the custody of assets.
the finance departments are responsible for financial operations and custody of liquid as-
sets.
include planning future cash requirements, establishing customer credit policies, and ar-
The accounting department, under the authority of the controller, is responsible for all ac-
Thus, management's policies and practices for hiring, training, evaluating, pro-
Effective human resource policies often can mitigate other weaknesses in the
control environment.
dishonest employees and is often the most trusted employees who engineer
large embezzlements.
21
Assignment of Authority and Responsibility
sponsibilities and the rules and regulations that govern their action.
ployee job descriptions and clearly defines authority and responsibility within
the organization.
22
2. Risk Assessment
When considering the F/reporting objective, these risks include the
threats to preparing financial statements in accordance with generally ac-
cepted accounting principles.
For ex, the following factors might be indicative of increased financial re-
porting risk:
Changes in the organization's regulatory or operating environment
Changes in personnel.
Implementation of a new modified information system.
Rapid growth of the organizationChanges in technology affecting
production process or information systems.
Introduction of new lines of business, products, or processes.
Auditors are concerned only with the levels of inherent risk and control
risk that affect the organization's ability to produce F/statements that are
in accordance with GAAPs
23
3. Accounting Information & Communication System
Information and communication systems capture, process, and report informa-
tion to be used by parties both within and outside the organization.
An organization's accounting information system consists of the methods and
records established to identify, assemble, analyze, classify, record, and report an
entity's transactions and to maintain accountability for the related assets.
Accordingly, an accounting information system should:
Identify and record all valid transactions.
Describe transactions on a timely basis in detail to permit proper classifica-
tion for F/reporting.
Measure value of transactions in a manner that permits recording their
proper monetary value
Determine the time period in which transactions occurred
Present properly the transactions and related disclosures in the F/state-
ments.
24
Conted …….
In addition to the typical system of journal, ledgers, and other record keeping
of polices.
A chart of accounts is a classified listing of all accounts in use accompanied by
vide clear guidance that will allow proper and uniform handling of transac-
tions.
Personnel that process information should understand how their activities re-
late to the work of others, and the importance of reporting exceptions and
other unusual items to an appropriate level of management. 25
4. Control Activities
Control activities are policies and procedures that help to ensure
the management directives are carried out.
Those policies and procedures help to ensure that the actions are
taken to address the risks that face the organization.
While there are many different types control activities performed
in an organization, only the following type are generally relevant
to an audit of the organization's financial statements:
Performance reviews.
Information processing.
Physical controls.
Segregation of duties.
26
Performance Reviews
These controls include:
reviews of actual performance as compared to budgets, and
forecasts
prior period performance; relating different sets of data to one
another;
performing overall reviews of performance reviews
provide management with an overall indication whether person-
nel at various levels are effectively pursuing the objectives of
the organization.
By investigating the reasons for unexpected performance, man-
agement may make timely changes in strategies and plans, or
take other appropriate corrective action.
27
Information Processing
A variety of control activities are performed to check the accu-
racy, completeness, and authorization of transactions.
The two broad categories of information processing controls in-
clude general controls, which apply to all information-processing
activities, and application controls, which apply only to a single
application.
For example, general controls include those that restrict access to
the entire accounting information system.
To understand the nature of application controls. Consider the
controls over payroll that help to ensure that (1) only authorized
payroll transactions are processed, and (2) authorized payroll
transactions are processed completely and accurately
28
Contd’ …………
An important aspect of information processing controls is the
proper authorization of all types of transactions. Authoriza-
tion of transactions may be either general or specific.
General authorization occurs when management establishes
criteria for acceptance of a certain type of transaction.
For example, top management may establish general price
lists and credit policies for new customers.
Transactions with customers that meet these criteria can then be
approved by the credit department.
Specific authorization occurs when transactions are autho-
rized on an individual basis.
29
An internal control device of wide applicability is the use of serial numbers on
documents. Serial number of provide control over the number of documents is-
sued.
Checks, tickets, sales invoices, purchase order, stock certificates, and many
For some documents such as checks, it may be desirable to account for the se-
For other documents, as in the case of serially numbered admission tickets, con-
trol may be achieve by noting the last serial number issued each day, and
thereby computing the total value of tickets issued during the day
30
Physical Control
31
Segregation of Duties
no one dept. or person should handle all aspects of a transaction
from beginning end.
no one individual should perform more than one functions (autho-
rizing transactions, recording transactions, and maintaining cus-
tody over asset)
Top management may authorize the sale of merchandise at speci-
fied credit terms to customers who meet certain requirements.
credit dept may approve the sales transactions by ascertaining that
the extension of credit and terms of sale are in compliance with
company policies.
once the sale is approved, the shipping dept executes the transac-
tion by obtaining custody of the merchandise from the inventory
stores dept and shipping it to the customer.
Accounting dept uses copies of documentation created by the
sales, credit, and shipping departments as a basis for recording the
transaction and billing the customer.
32
4.7 Limitations Of Internal Control
Internal control can do to protect against both errors and irregular-
ities and ensure the reliability of accounting data.
Still, there is existence of inherent limitations in any internal con-
trol structure, Mistakes may be made in the performance of inter-
nal control policies and procedures
as a result there is misunderstanding of instructions, mistakes of
Judgment, carelessness, distraction, or fatigue,
Finally, control activities dependent upon separation of duties may
be circumvented by collusion among employees.
The extent of the internal controls adopted by a business also is
limited by cost considerations.
It is not feasible from a cost standpoint to establish a control struc-
ture that provides absolute protection from fraud and waste; rea-
sonable assurance in this regard is the best that generally can be
achieved. 33
4.8 The Auditors' Consideration Of Internal Control
The second standard of fieldwork states: A Sufficient understanding of the in-
ternal control structure is to be obtained to plan the audit and to determine the
nature, timing, and extent of the tests to be performed.
The auditors' understanding of their clients' internal control provides a basis
both to
(1) Plan the audit, and (2) assess control risk
In planning an audit it is essential that the auditors have a sufficient under-
standing of the client's internal control structure.
This encompasses both and understanding of the design of the policies, proce-
dures, and records, and knowledge of whether they have been placed in opera-
tion by the client.
34
Cont’d …
The auditors' consideration of the internal control also provides a basis for their assess-
ment of Control Risk - the risk that material misstatements will not be prevented or de-
tected by the client's internal control structure.
If the auditors determine that the client's internal control is effective, they will assess con-
trol risk to be low.
They can then accept a higher level of detection risk, and substantive testing can be de-
creased. Conversely, If internal controls are weak, control risk is high and the auditors
must increase the scope of their substantive tests to limit the level of detection risk.
Therefore, the auditors' the auditor's understanding of internal control is a major factor in
determining the nature, timing, and extent of substantive testing necessary to verify the
financial statement assertion.
35
Obtaining and Understanding of the Internal Control Structure
In every audit the auditors must obtain an understanding of the internal control
structure, the auditors consider knowledge related to the above three factors
36
Cont’d …….
Auditors also consider their assessment of inherent risk,
judgments about materiality and the nature of the entity's op-
erations.
37
The Control Environment
Risk Assessment:
auditors must obtain sufficient knowledge of the risk assessment process
1. Revenue (or sales and collections) cycle- including procedures and policies
for obtaining orders from customers, approving credit, shipping merchandise,
preparing sales invoices (billing ) recording revenue and accounts receivable,
and handling and recording cash receipts.
2. Acquisition (or purchases and disbursements) Cycle- including procedures
and policies for initiating purchases of inventory, other assets, and services;
placing purchase orders, inspecting good upon receipt, and preparing receiving
reports; recording liabilities to vendors; authorizing payment; and making and
recording cash disbursements.
3. Conversion (production ) cycle - including procedures and policies for string
materials, placing materials in to production, assigning productions costs to in-
ventories and accounting for the cost of good sold. 40
Cont’d …
4. Payroll cycle - including procedures and policies for hiring terminating,
taxes, and amount withheld from gross pay; maintaining payroll records
and securities.
41
Monitoring
Finally, the auditors should obtain a sufficient understanding of the entity's
client personnel, inspecting various entity documents and records, and observ-
42
Auditors may ascertain the duties and responsibilities of client personnel by inspecting or-
Many clients have procedures manuals and flowcharts describing the approved practices
Another excellent source of information is in the reports, working papers, and audit pro-
The auditors' understanding of the internal control structure encompasses not only the de-
sign of the policies and procedures, but also whether they have been placed in operation.
The term placed in operation means that the policy or procedure actually exists and is in
43
• While obtaining understanding of internal control, the auditors may also obtain
44
The distinction between knowing that a control has been placed in operation
To properly plan the audit, auditors are required to determine that the major
controls have been placed in operation they are not required to evaluate their
operating effectiveness.
However, if the auditors wish to assess control risk at a level lower than the
maximum, they must have evidence of the operating effectiveness of the con-
trols.
45
Document the Understanding of the Internal Control Structure
46
Internal Control Questionnaire:
• The traditional method of describing an internal control structure is to fill in a standardized inter-
• The questionnaire usually contains a separate section for each major transaction cycle enabling the
work of completing the questionnaire to be divided conveniently among several audit staff mem-
bers.
• Most internal control questionnaires are designed so that a "no" answer to a question indicates a
• In addition, questionnaires may provide for a distinction between major and minor control weak-
nesses, indication of the sources of information used in answering questions, and explanatory com-
47
• A disadvantage of standardized internal control questionnaires is their lack of flexibility.
• They often contain many questions that are "not applicable" to specific systems, particu-
• Also the situation in which internal control strength compensates for a weakness in the
dency for the auditors to fill in the "yes" and "no" answers in a mechanical manner,
• For this reason, some public accounting firms prefer to use written narratives or flow-
49
• Flowcharts usually begin in the upper let- hand corner; directional flow lines
then indicate the sequence of activity.
• The normal flow of activity is from top to bottom and from left to right.
• The advantage of a flowchart over a questionnaire or a narrative is that a flow-
chart provides a clearer, more specific portrayal of the client's system.
• There is less opportunity for misunderstanding, blank spots, or ambiguous
statements when one uses lines and symbols rather than words to describe in-
ternal control.
• Furthermore, in each successive annual audit, updating a flowchart is a simple
process requiring only that the auditors add or change a few lines and symbols.
50
• A flowchart may not provide so clear a signal that a particular internal Control is absent or is not being properly
enforced.
• For that reason, some CPA firms use both flowcharts and questionnaires to describe internal control. The flowchart
clearly depicts the system, while the questionnaire serves to remind the auditors of controls that should be present
in the system
• Walk -Through Test: After describing internal control in their working papers, the auditors will generally verify
that the system has been placed in operation by performing a walk- through of each transaction cycle.
• walk-through refers to tracing several transactions (perhaps only one or two) through each step in the cycle.
• To perform a walk-through of the sales and collection cycle, for example, the auditors might begin by selecting
several sales orders and following the related transactions through the client's sequence of procedures.
• The auditors would determine whether such procedures as credit approval, shipment of merchandise, preparation
of sales invoices, recording of the accounts receivable, and processing of the customers' remittances were per -
formed by appropriate client personnel and in the sequence indicated in the audit working papers.
• If the auditors find that the system functions differently from the working paper description. they will amend the
After documenting their understanding of internal controls, the auditors will determine a
planned assessed level of control risk for the various financial statement assertions.
For assertions with weaker internal controls, the auditors may simply plan to assess con-
trol risk at the maximum level, and no tests of the related controls need to be performed.
For financial statement assertions that appear to have more effective controls, the audi-
tors may plan to assess control risk at a lower level.
To assess control risk at less than the maximum level for a particular assertion, the audi-
tors must:
Identify those internal control structure policies and procedures that are likely to prevent
or detect material misstatements of the assertion.
Perform tests of controls to evaluate the effectiveness of such policies and procedures.
53
• The auditors' planned assessed level of control risk is used to develop the initial audit
program of substantive testing.
• For assertions with a high planned assessed level of control risk, the auditors will plan
substantial substantive procedures. Planned substantive procedures can be restricted or
eliminated for assertions with a low planned assessed level of control risk.
• Therefore, in making decisions about the planned assessed levels of control risk, the audi-
tors must consider the trade-off between tests of controls and substantive testing.
• Tests of controls allow the auditors to reduce their assessments of control risk, which, in
turn, allows them to reduce the time spent performing substantive procedures.
• For each test of control, the auditors must ask themselves, "Is the time required to per-
form the test justified in terms of its resulting decrease in the scope of substantive test-
ing?"
54
• Design and Perform Additional Tests of Controls: The auditors may have
gathered some evidence about the effectiveness of certain policies and proce-
dures while they obtained an understanding of the client's internal control struc-
ture. In some audits, especially those involving small clients, these preliminary
tests of controls may be adequate to support the auditors' planned assessed level
of control risk. In these cases the auditors need not perform additional tests of
controls and may proceed directly to documenting their assessed level of con-
trol risk and completing the planned substantive tests. However, for many au-
dits additional tests of controls are necessary to support the auditors' assessed
level of control risk. The auditors will use their understanding of the internal
control structure to design these additional tests of controls.
55
• The audit procedures used to test the effectiveness of internal
control policies and procedures include:
(1) inquiries of appropriate client personnel,
(2) inspection of documents and reports,
56
To illustrate this distinction, assume that the client has implemented the control of re-
quiring a second person to review the quantities, prices, extensions, and footing of
each sales invoice.
The purpose of this control is to prevent material errors in the billing of customers and
the recording of sales transactions. A substantive test of financial statement amounts
might involve selecting a sample of recorded sales transactions to determine that they
have been properly recorded and included in the year's total sales.
To test the effectiveness of this control, the auditors may make inquiries of client per-
sonnel and observe application of the procedure.
They might also select a sample of, say, 30 sales invoices prepared throughout the
year. They would inspect the invoice copy for the initials of the reviewer, and re-per-
form the procedure by comparing the quantities to those listed on the related shipping
documents, comparing unit prices to the client's price lists, and verifying the exten-
sions and footings.
The results of this test provide the auditors with evidence as to the existence and valua-
tion of the recorded sales and accounts receivable.
57
If numerous deviations from the control procedure are found, the auditors will expand
their substantive procedures with respect to existence and valuation of accounts receiv-
perform their duties, and inquiring as to who performed those duties throughout the pe-
tions when other employees were absent from work on sick leave or vacation.
58
Reassess Control Risk and Modify Planned Substantive Tests: After
the auditors have completed the tests of controls, they are in a posi-
tion to reassess control risk based on the results of the tests. The re-
sults of the tests of controls may reveal that the level of control risk is
actually higher than the planned level. If this is the case, modifica-
tions must be made in the nature, timing, and extent of the planned
substantive tests in the audit program. For example, the auditors may
decide to increase the extent of their substantive testing, or perform
certain substantive tests at year-end rather than at an interim date.
59
• Document the Assessed Level of Control Risk: The auditors as-
sessed level of control risk will have identified the financial
statement assertions with maximum control risk, and those asser-
tions for which control risk is considered to be less than the max-
imum level.
• The auditors must document these conclusions in their working
papers. They must also describe the basis for all assessments that
are at less than the maximum level.
• A working paper is often used to summarize the auditors' assess-
ments of control risk and the resulting modifications in substan-
tive tests.
• Notice that the extensions and limitations of audit procedures are
described in detail to facilitate completion of the final version of
the audit program.
• The auditors' consideration of internal control is very complex. 60
Consideration of the Work of Internal Auditors
• Many of the audit procedures performed by internal auditors are similar in nature to those employed by independent
auditors. This raises the question of how the work of the internal auditors affects the independent auditors' work. The
Auditing Standards Board has addressed this issue in SAS No. 65 (AU 322), "The Auditor's Consideration of the In-
ternal Audit Function in an Audit of Financial Statements."
• Because the internal audit function is an important aspect of the client's monitoring system, the independent auditors
consider the existence and quality of the function in their assessment of the client's internal control structure.
Through its contribution to internal control, the work of the internal auditors may reduce the amount of audit testing
performed by the independent auditors.
• The independent auditors begin by obtaining an understanding of the work of the internal auditors to determine its
relevance to the audit. They make inquiries about such matters as the internal auditors' activities and audit plans. If
the independent auditors conclude that the internal auditors' work is relevant and that it would be efficient to con-
sider it, they assess the competence and objectivity of the internal audit staff, and evaluate the quality of their work.
• In evaluating the competence of the internal auditors, the independent auditors consider the educational level, pro-
fessional experience, and professional certifications of the internal audit
61
• staff. They also investigate the internal auditors' policies, programs, procedures, working
papers, and reports, and the extent to which the internal auditors' activities are supervised
and reviewed. Objectivity is evaluated by considering the organizational status of the direc-
tor of internal audit, including whether the director reports to an officer of sufficient status
to ensure broad audit coverage, and has direct access to the audit committee of the board of
directors. The internal auditors' policies for assigning independent staff to audit areas are
also reviewed.
• If, after assessing competence and objectivity, the independent auditors intend to use the in-
ternal auditors' work, they will evaluate and test their work. The evaluation includes a re-
view of the scope of the internal auditors' work, and the quality of their programs and re-
ports. This investigation and evaluation provides the independent auditors with a sound
basis for determining the extent to which the work of the internal auditors allows them to
limit their own audit procedures.
62
• In addition to reducing the extent of the independent auditors' substantive
procedures, the internal auditors' work may affect the independent auditors'
procedures when obtaining an understanding of the client's internal control
structure and assessing risk. For example, the independent auditors may use
the internal auditors' documentation of the internal control structure. The in-
ternal auditors also may provide direct assistance to the independent auditors
in preparing working papers and performing certain audit procedures. How-
ever, the independent auditors should not over rely on the internal auditors'
work; they must obtain sufficient, competent, evidential matter to support
their opinion on the financial statements. Regardless of the extent of the inter-
nal auditors' work, the independent auditors must perform direct testing of
those financial statement assertions with a high risk of material misstatement.
Judgments about assessments of inherent and control risks, the materiality of
misstatements, the sufficiency of tests performed, and other matters affecting
the opinion must be those of the independent auditors. Also, the independent
auditors should be directly involved in evaluating audit evidence that requires
significant subjective judgment.
63
Communication of Control Structure Related Matters
along with the auditors' recommendations for corrective action. This is a service in addi-
tion to issuance of the audit report. SAS 60 (AU 325), "Communication of Internal Control
Structure Related Matters Noted in an Audit" uses the term reportable conditions to refer to
those matters that must be communicated by the auditors to the audit committee of the
committee exists).
• A reportable condition is a significant deficiency in the design or operation of the internal control that
could adversely affect the organization's ability to record, process, summarize, and report financial
data. Reportable conditions may be communicated orally, but they are usually set forth in a letter.
64
• A reportable condition may be of such magnitude as to be considered a material weakness in internal
control; that is, a condition that results in more than a relatively low risk of material misstatement of
the financial statements. While the auditors are not required to identify those reportable conditions that
are material weaknesses, they may do so if requested by the client. A written communication may indi-
cate that the auditors found no material weaknesses, but one should never be issued that states that the
• Auditors often communicate operational suggestions and less significant weaknesses in greater detail
to management in a report called a management letter. This report serves as a valuable reference doc-
ument for management and may also serve to minimize the auditors' legal liability in the event of a de-
falcation or other loss resulting from a weakness in internal control. Many auditing firms place great
emphasis upon providing clients with a thorough and carefully considered management letter. These
firms recognize that such a report can be a valuable and constructive contribution to the efficiency and
effectiveness of the client's operations. The quality of the auditors' recommendations reflects their pro-
fessional expertise and creative ability and the thoroughness of their investigation. 65
• Internal Control in the Small Company
• The preceding discussion of internal control and its consideration by the independent auditors has been
presented in terms of large corporations. In the large concern excellent internal control may be achieved
by extensive segregation of duties so that no one person handles a transaction completely from begin-
ning to end. In the very small concern, with only one or two office employees, there is little or no op-
portunity for division of duties and responsibilities. Consequently, internal control tends to be weak, if
not completely absent, unless the owner/manager recognizes the importance of internal control and par-
ticipates in key activities.
• Because of the absence of strong internal control in small concerns, the independent auditors must rely
much more on substantive tests of account balances and transactions than is required in larger organiza-
tions. Although it is well to recognize that internal control can seldom be strong in a small business,
this limitation is no justification for ignoring available forms of control. Auditors can make a valuable
contribution to small client companies by encouraging the installation of such control procedures as are
practicable in the circumstances.
66
• The following specific practices are almost always capable of use in even the smallest business:
• Record all cash receipts immediately.
– For over- the- counter collections, use cash registers easily visible to customers. Records register readings daily.
– Prepare a list of all mail remittances immediately upon opening the mail and retain this list for subsequent comparison with bank
deposit tickets and entries in the cash receipts journal.
67
• Adherence to these basic control practices significantly reduces the risk of material er-
ror or major defalcation going undetected.
• If the size of the business permits a segregation of the duties of cash handling and
record keeping, a fair degree of control can be achieved.
• If it is necessary that one employee serve as both accounting clerk and cashier, then ac-
tive participation by the owner in certain key functions is necessary to guard against the
concealment of fraud or errors.
• In a few minutes each day the owner, even though not trained in accounting, can create
a significant amount of internal control by personally (1) reading daily cash register to-
tals, (2) reconciling the bank account monthly, (3) signing all checks and canceling the
supporting documents, (4) approving all general journal entries, and (5) critically re-
viewing comparative monthly statements of revenue and expense
68