Topic 6 Internal Control

8/9/2019 Topic 6 Internal Control

1/23

1

TOPIC 6

INTERNAL CONTROL


2/23

2

Reasons Why Fraud Occurred

1. Poor internal control

2. Management override of internalcontrols

3. Collusion between employees

and third parties

4. Collusion between employees or

management


3/23

3

Accounting system

Internal control

Internal Control and

Accounting System


4/23

4

Accounting System

SAS 300

j In planning the audit, auditors

should obtain and document anunderstanding of the accounting

system and control environment

sufficient to determine their auditapproach


5/23

5

Accounting System contd

Obtain understanding to enablethem to identify and understand:

Major classes of transactions;

How such transactions areinitiated;

Significant accounting records,

supporting documents, accounts; Accounting and financial

reporting process


6/23

6


Input capture a mass accounting data

Process converting the mass of raw

data into useful info.Output prepare the accounting info in

a form useful to those who wish to use it


7/23

7


Effective accounting systemprovide reasonable assurance on:

Identification and record of allvalid transactions;

Proper classification for fin.reporting;

Proper measurement on the valueof transaction

Proper presentation in f/s


8/23

8

Internal Control

jA process, affected by an entitys board ofdirectors, management and other personnel,designed to provide reasonable assurance

regarding the achievement of objectives :

Effectiveness and efficiency of operations

Reliability of financial reporting

Prevention and detection of fraud and error Compliance with applicable laws and

regulations


9/23

9

Internal Control System

Comprises control environment (CE)and control procedures (CP)

Includes policies and procedures

adopted by directors and management Objectives:

Adherence to internal policies,

safeguarding assets, prevention anddetection of F & E, accuracy andcompleteness of acc. records, timelypreparation of fin. info.


10/23

10

Control environment

Overall attitude, awareness and

actions of directors and

management regarding internal

controls and their importance in

the entity.


11/23

11

Factors Affecting the Control

Environment Integrity and ethical values

Commitment to competence

Participation of the BOD and auditcommittee

Managements philosophy and

operating style Assignment of authority and

responsibility

Human resource policies andpractices


12/23

12

Control Procedures

Policies and procedures in addition tothe control environment

Being establish to achieve entitys

specific objectives Particular procedures to prevent,

detect and correct error.Performance review

Controls in Information ProcessingPhysical Control

Segregation of Duties


13/23

13

Control Procedures contd

Specific control procedures:

Approval and control documents;

Controls over computerizedapplications;

Check arithmetical accuracy ofrecords;

Maintain and review control accountsand trial balances;

Reconciliation


14/23

14

Risk Assessment and Monitoring

Internal Control

j Changes in internal and ext. events

j Consider circumstances that may affect

entitys ability to record, process, reportj Example :

Changes in the operating environment

New personnel

New or revamped info. system

Rapid growth

Foreign operations


15/23

15

Limitations of Int. Control

j Reasonable assurance due to

inherent limitations

j Example : Management override of int.

control

Personnel errors and mistakes

Collusion

Cost benefit analysis


16/23

16

Internal control Planning and

Performing and Auditj ISA 400- auditor should assess the

entitys control risk at high unless :

(a) the auditor is able to identifyinternal controls which are likely toprevent or detect materialmisstatements in f/s and;

(b) the auditor plan to perform test ofcontrols to support the assessmentof control risk as less than high


17/23

17

Auditors Consideration of

Internal Control and Its

Relation to Substantive Tests

Substantive Strategy or

Reliance Strategy ?


18/23

18

Substantive Strategy

jSet control risk at the highest for

some or all assertion because :

The control do not pertain to anassertion

The controls are assessed as

ineffective

Evaluating the effectiveness of

control is inefficient


19/23

19

Reliance Strategy

jAssess control risk at less than

high and should:

(a) identify specific internalcontrols relevant to specific

assertion that are likely to prevent

or detect material misstatements (b) Test controls to evaluate their

effectiveness


20/23

20

Test of Control

j Audit procedures that evaluate

the effectiveness of internal

control

j Reliance strategy to support

the lower level of control risk


21/23

21

Test of Control contd

jCarry out to provide reasonable

assurance whether:

The control is suitably designed toprevent material misstatements;

Control was applied, consistent with

which it was applied during auditperiod, and by whom it was applied.


22/23

22

Test of Control contd

jExample:

Inquiry of appropriate clientpersonnel

Inspection of documents, reports

Observation of the application ofthe policies

Reperformance of the applicationof the policy or procedure by theauditor


23/23

23

Understanding Internal Control

Copies of the entitys procedures

Narrative description

Internal control questionnaires

(ICQ)

Flowcharts

Documents

Topic 6 Internal Control