Professional Documents
Culture Documents
Audit I - Chapter 5, Internal Control
Audit I - Chapter 5, Internal Control
INTERNAL CONTROL
Internal Control Meaning & Objectives
Control Environment
Involves a process for identifying and analyzing risks that may prevent the
organization from achieving its objectives
The process includes:
-identifying,
-evaluating, and
-deciding how to manage these events…
Management will assess:
A. What is the likelihood of the event occurring?
B. What would be the impact if it were to occur?
C. What can we do to prevent or reduce the risk?
Risk assessment for financial reporting is -management’s identification and analysis of risks relevant to
the preparation of financial statements in conformity with appropriate accounting standards.
• Factors that may lead to increased risk include:
– Poor quality of personnel(eg. Not know revenue
recognition),
– Geographic dispersion of company operations,
– Complexity of core business processes,
– Introduction of new information technologies(affects
production process and information system) ,
– Economic downturns, and
– Entrance of new competitors
…Risk ass…
Once management identifies a risk,:
o it estimates the significance of that risk (it evaluates as high, medium, low)
o assesses the likelihood of the risk occurring, and
o develops specific actions that need to be taken to reduce the risk to an
acceptable level. (management addresses the high category risk); How?
management will respond to the risk:
eg. -by transferring it to third party (insurance);
– by tolerating it-deciding to live with the risk (tolerable /accept risk) if it
is too expensive to treat it;
– by terminating the risk- (terminate/discontinue the activity) involving a
high risk
If management effectively assesses and responds to risks:
=the risk of misstatement of financial statement will reduce,
= the auditor will accumulate less evidence
o
…Risk ass….
Purpose of Management’s & Auditors’ assessment of risk:
• Management -it assesses risks as a part of designing and operating internal
controls (to minimize errors and fraud)
• Auditors -they assess risks to-( decide the evidence needed in the audit (to satisfy
various audit objectives. –timing, extent, and audit guide)
How Auditors obtain knowledge about management’s risk assessment?
• -Through (questionnaires and discussions) with management
As general rule, preventive controls are better than detective controls, any
good system of internal control should have a good mixture of both.
– However, it is not advisable to place excessive reliance only on preventive
control and ignoring detective control, because, once preventive controls
are compromised there is no way of detecting the illegal act that has occurred
Controls can also be categorized as Soft Controls and Hard Controls
– Soft Controls include tone at the top: performance evaluations, and training
programs
– Hard controls include segregation of duties, reviews and approvals and
reconciliations
4. Information system and Communication
Adequate internal control requires an entity to- maintain an
information system:
That allow the flow of information across organizations
• Audit evidence
• ;
• ; =Sampling
• ; ‘’’’’’’’’’’’’’’’’Mixed’’’’’’’’’’’’’’’’
• ; ‘’’’’’’’’’’’’Substatntive ‘’’’’’’’’’’
• ;AR Model
• ; ; ;
• IR CR DR