The document discusses internal controls and their importance for auditing. It defines internal controls as policies and procedures adopted by management to achieve objectives like ensuring orderly and efficient operations, safeguarding assets, and preparing reliable financial reports. The two main components of internal controls are the control environment and control procedures. The control environment reflects management's attitude towards controls, while control procedures are specific policies that help achieve objectives. Understanding internal controls is essential for auditors to plan the nature, timing, and extent of audit procedures.
2. OBJECTIVE
A sufficient understanding of
internal control is to be obtained to
plan the audit and to determine the
nature, timing and extent of tests
to be performed
3. MEANING
All the policies and procedures adopted by
the management of an entity to assist in
achieving management’s objective of
ensuring, as far as practicable,
The orderly and efficient conduct of business
Safeguarding of assets
Prevention and detection of fraud and error
Accuracy and completeness of accounting
records
Timely preparation of reliable financial
information
4. COMPONENTS Internal control includes two categories
of controls that management designs
and implemented to provide reasonable
assurance that the management's control
objectives will be met. These are:
1. Control Environment
2. Control Procedures
5. CONTROL ENVIRONMENT
It consist of the actions, policies and procedures
that reflects the overall attitudes of top
management , directors and owners of an entity
about control and its importance to the entity.
Strong control environment can significantly
complement specific control procedures.
6. CONTROL ENVIRONMENT
Auditor should consider the subcomponents
while understanding and assessing the control
environment, such as:
Entity’s ethical and behavioral standards and how
they are communicated and reinforced in practice.
Management’s competence level for assigning
individual’s job.
Functions of Board of Directors and its
Committees
Entity’s organizational structure and methods of
assigning authority and responsibility.
Human resource policies and practices.
7. CONTROL ENVIRONMENT
It also includes some other controls such as:
1, Risk Assessment :
Identification and analysis of risks relevant to the
preparation of financial statements in accordance
with GAAP.
2, Information & Communication
Accounting system should identify, assemble,
classify, analyze, record and report the entity’s
transactions.
3, Monitoring
Ongoing and periodic assessment of the quality of
internal control performance.
8. CONTROL PROCEDURES
Those policies and procedures in addition to the
control environment which management has
established to achieve the entity’s specific objectives.
It includes:
Reporting, reviewing and approving reconciliations
Checking the arithmetical accuracy of the records
Controlling applications and environment of CIS
Maintaining and reviewing control accounts
Approving and controlling documents
9. CONTROL PROCEDURES
Comparing internal data with external sources of
information
Comparing the results of cash, security and
inventory counts with accounting records
Limiting direct physical access to assets and
records
Comparing and analyzing the financial results
with budgeted amounts
10. CATEGORIES
Internal control can be divided into two categories
such as:
1, Financial Control
Mainly concern with legitimacy of Income &
Expenditures and Security of Assets (Accounting
Control)
2, Management or Operational Control
Plan of organization, procedures and records that
are concerned with the decision processes leading
to management’s authorization of transactions
11. Financial Control
1. Budgetary Control
2. Legitimacy of Income and Expenditure
3. Accounting Controls
1. Transaction recorded as necessary in accordance
with Accounting principles
2. Access to assets is permitted only in accordance
with authority
3. Recorded accountability for assets is compared
with existing assets
12. Management Control
1. Organization should review its objectives
2. All staff and officers should be informed about
the objectives and policies
3. Organizations structure clearly defined
4. Management must be informed regularly
5. Proper system of supervision
6. Review of operations effeciency
13. NEED FOR INTERNAL CONTROL
When volume of transactions is high and varied in
nature then it should be beyond the control of
management to act with its limited capacity so
there is need to delegate the authority and
responsibility
In such case strict supervision is required, reliance
must be placed upon staff members.
An adequate internal control is established for
such purpose.
14. INHERENT LIMITATIONS
Internal control system cannot provide
management with conclusive evidence that
objectives are reached because of inherent
limitations, such as:
Management's philosophy that the cost of internal
control does not exceed the expected benefits to be
derived
It directed at routine transactions rather than non-
routine transactions
Potential of human error due to carelessness,
distraction, mistakes etc.
15. INHERENT LIMITATIONS
Misunderstanding of instructions
Possibility that a person responsible for exercising an
internal control could misuse that responsibility
Possibility that procedures may become inadequate
due to changes in conditions and compliance with
procedures may deteriorate
Possibility of circumvention of internal controls
through the collusion of a member of management or
an employee with parties outside or inside the entity
16. Principles of internal Control
1. Financial and Accounting operations must by
separated
2. Responsibility must be clearly stated
3. Too much confidence not be pinned on an individual
4. Rotation principle must be applied
5. Mechanization of the work used where feasible
6. Work must be supervised by other employee
7. Written record of work must be placed that played
important role.
8. Clear and well defined roles should be laid down
9. Employees must be in bond so employer is protected
10. Double entry system of accounting must be used.
17. Segregated Functions
Following functions must be segregated to
implement operational Control:
Initiating and Authorizing Transactions
Connected with the execution of any Transactions
must authorized by senior official
Having responsibility for asset, liability, expense or
revenue resulting from transactions
18. PROCESS OF UNDERSTANDING THE
INTERNAL CONTROL
Obtain an understanding of internal control
sufficient to plan an audit of the entity’s
financial statements
Assess whether the financial statement are
auditable
Assess the level of control risk supported by the
understanding obtained
Assess whether it is likely a lower control risk
could be supported
19. PROCESS OF UNDERSTANDING THE
INTERNAL CONTROL
Decide on the appropriate assessed control risk to
use
Level supported by understanding obtained
Plan and perform tests of control
Determine whether the assessed control risk is
supported by the tests of control
Decide on the appropriate increased planned risk
and plan the resultant substantive tests to satisfy the
increased planned detection risk
20. Review and Reliance on
Internal Control
Before starting of Audit, review the system for
To examine weaknesses of system, if any
To consider the proposition of introducing test check
to be performed during the course of audit
Determine exactly the extent of work to be
performed so as to enable the auditor to express his
opinion on the given set of acconts.
21. BENEFITS OF UNDERSTANDING
It will enable the auditor to :
Identify the types of potential material
misstatements that could occur in the financial
statements
Consider factors that affect the risk of material
misstatements
Design appropriate audit procedures
22. Evaluation Phases
1. It is responsibility of management to develop
and maintain the control system, auditor will
study that system.
2. Auditor will study and evaluate the controls to
determine of the extent of substantive audit
procedures. (Control environment and flow
and transactions)
3. Detailed overview of internal accounting
system. Obtain information from different
sources i.e. review of accounting manuals,
interviews, review of JDs, analysis of
Organizational chart.
23. MANAGEMENT LETTER
After evaluation of the internal controls,
Management Letter is issued. The objectives of this
letter are:
To identify any weaknesses in the internal control
To suggest adequate accounting control
To suggest improvements in the existing internal
control