2 Internal Control Definition A process, effected by the entity’s boardof directors, management and otherpersonnel, designed to provide reasonableassurance regarding the achievement ofobjectives.
3 Internal Control Objectives 1. Reliability of financial reporting2. Efficiency and effectiveness of operations3. Compliance with laws and regulations
4 Five Components of Internal Control Control EnvironmentRiskassessmentInformation andcommunicationControlactivitiesMonitoring
5 The Control Environment Integrity and ethical valuesCommitment to competenceBoard of directors or auditcommittee participation
6 The Control Environment Management’s philosophy and operating styleOrganizational structureHuman resource policies and practices
7 Risk Assessment Identify factors that may increase risk Estimate the significance of the riskAssess the likelihood of the risk occurringDetermine actions necessary to manage the risk
8 Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records5. Independent checks on performance
9 Adequate Separation of Duties Custody of assetsfromAccountingAuthorizationof transactionsfromThe custody ofrelated assetsOperationalresponsibilityfromRecord-keepingresponsibilityIT dutiesfromUser departments
10 Proper Authorization of Transactions and Activities General authorizationSpecific authorization
11 Adequate Documents and Records Prenumbered consecutivelyPrepared at the time of transactionDesigned for multiple useConstructed to encourage correct preparation
12 Physical Control Over Assets and Records The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
13 Independent Checks on Performance The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
14 Information and Communication The purpose of an accounting informationand communication system is to…initiate, record, process, and reportthe entity’s transactions and to maintainaccountability for the related assets.
15 Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of thequality of internal control performance…to determine whether controls are operatingas intended and modified when needed.
16 Methods Used to Document Understanding NarrativeFlowchartInternalcontrolquestionnaire
17 Evaluating Internal Control Operation Update and evaluate auditor’s previousexperience with the entityMake inquiries of client personnelExamine documents and recordsObserve entity activities and operationsPerform walk-throughs of the accounting system
18 Evaluating Significant Control Deficiencies SIGNIFICANCEMaterialMaterialWeaknessLIKELIHOODRemoteProbableImmaterial
19 Identify Deficiencies and Weakness Identify existing controlsIdentify the absence of key controlsConsider the possibility of compensating controlsDecide whether there is a significant deficiencyor material weaknessDetermine potential misstatements that could result
20 Communications Communications to those charged with governance Internal audit reports
21 Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed controlrisk are called tests of controls.