Learning ObjectivesLO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls.LO2 Explain why the auditor evaluates an auditee’s internal controls. LO3 Define seven internal control objectives, relating them to the assertions in management’s financial statements. LO4 Describe general and application control activities found in an accounting information system.

1

General Controls and Application Control ProceduresGeneral controls are those activities that have an overall impact on accounting processes.

Application controls address the control objectives relating to input, processing and output of data in each accounting process.

LO4

2

Control Activities

LO4

3

General Control ProceduresSeveral particular general control procedures are always important in a company’s internal controls.

These controls were listed in the control activity summary.

General controls are preventative in nature, and have a pervasive impact on the various business cycles.

Effective general controls are required in order to have effective application controls

LO4

4

Capable personnelThe most important feature of control is the people who make the system work.

High turnover in the business means that inexperienced people are performing control functions.

New accounting officers and managers may not have sufficient experience to make technical and judgment decisions.

LO4

5

Performance ReviewManagement reviews of reported performance to expectations is an effective control.

Compare actual to budget, and follow up any noted discrepancies.

LO4

6

Segregation of ResponsibilitiesProper segregation of responsibilities is a necessary condition for making detailed controls effective.

Proper segregation of responsibilities provides two main benefits: innocent errors are more likely to be found, as

more people are looking at a transaction, and irregularities are made more difficult to conceal as

this would require collusion of two or more people.

LO4

7

Segregation of ResponsibilitiesThe responsibilities that should be segregated are:

authorization to execute transactions, recording of transactions, custody of assets involved in the transactions,

and periodic reconciliation of existing assets to

recorded amounts.

LO4

8

SupervisionSupervision is important as management’s means of monitoring and maintaining a system of internal control.

Management must oversee the performance of general duties, including the performance of control activities.

LO4

9

Controlled Access Physical access to assets and important records, documents, and forms should be limited to authorized persons.

Assets such as cash, inventory, or securities should not be available to persons who have no need to handle them.

In addition, access to forms, such as sales forms or blank cheques, needs to be restricted.

LO4

10

Periodic ComparisonPeriodic comparison of recorded amounts to independent evidence needs to take place on a regular basis.

Periodic comparison may include petty cash counts, bank reconciliations, sub-ledger reconciliations, or counts of securities.

The comparison should be completed by someone who does not have the responsibilities for authorization, custody or record keeping for the assets.

LO4

11

Information Technology ControlsGeneral IT controls are policies and procedures that relate to the IT environment.

Good general IT controls are required before there can be good IT application controls.

These controls apply to all types of IT environments.

LO4

12

Information Technology ControlsGeneral IT controls commonly include:

a) operating system and application software acquisition, development and maintenance,

b) access security,c) controls over data centre and network

operations,d) system and application development and

maintenance,e) routine data and system backup procedures,f) disaster recovery plans, and g) physical security of IT assets.

LO4

13