Documente Academic
Documente Profesional
Documente Cultură
Internal control can be expected to provide reasonable assurance of achieving the entitys objectives
-
when such failures are related to instances of fraud, corruption and business failure.
Any system of internal control is constantly exposed because of certain inherent factors, i.e. factors
inherent within the concept of internal control as generally defined and applied. This applies to all
values, etcetera.
The threat posed by inherent internal control limitations can never be eliminated, but it can be
minimized it can be kept in check.
Example: The controls over fixed assets include: maintaining an assets register, verifying the existence and
condition of assets periodically, and developing policies for authorization of asset disposal.
It is because of inherent limitations (listed below) that may affect the internal controls effectiveness:
a. Managements usual requirement that the cost of an internal control should not exceed the
expected benefit s to be derived.
-
and fraud.
Example: Television monitors could be put in place or armed guards could be hired to
safeguard inventory. At some point, the cost of protecting inventory from theft exceeds the
benefit of the internal control activity.
b. Most internal controls tend to be directed at routine transactions rather than non-routine
transactions.
-
The ability to predict the likelihood of non-routine transactions arising means that it is less
Example: The purchase of a very expensive non-current asset with an unusual and complex
specification.
c. The potential for human error due to carelessness, distraction, mistakes of judgment and the
misunderstanding of instructions.
-
The effectiveness of the internal control system depends on the competence, reliability and
due care of the people responsible for its operation. Mistakes/errors, faulty decision-making,
misunderstanding of instructions threaten effectiveness of any internal control system.
d. The possibility of circumvention of internal controls through the collusion among employees.
-
Lack of integrity and dishonesty of employees and officials can lead to collusion amongst two
or more people to circumvent the internal control system. They can alter financial data or other
High level personnel may be able to override prescribed policies and procedures for personal
gain or advantage. This should not be confused with management intervention, which
represents management actions to depart from prescribed policies and procedures for
legitimate purposes.
Management may purposefully override existing controls, thus rendering laid down system
controls to be ineffective.
Example: A sales director may choose to opt to extend credit to a long-standing customer in
order to create customer goodwill, in contravention of laid down credit control procedures.
f.
The possibility that procedures may become inadequate due to changes in conditions, and
compliance with procedures may deteriorate.
-
Conditions within organizations are not static, e.g. Internal control systems that dont change
in reaction to new control techniques, or to changes in the organizational environment are left
exposed.
Control Environment sets the tone of the organization. It provides discipline and structure to
all participants and stakeholders.
It is the overall attitude, awareness, and actions of directors and management regarding the
Many companies have high values and seek to promote honesty and integrity among their
employees on a day-to-day basis. Clearly, if it is evident those values do exist and are
communicated effectively to employees and enforced, this will have the effect of increasing
confidence in the design, administration and monitoring of controls leading to a reduced risk of
Those charged with Governance Describes the role of persons entrusted with the supervision,
control and direction of an entity. Various committees of Board of directors such as audit
pursued.
TCWG is also known as Policy Implementing body. Management is also known as Policy making
3. Commitment to competence
-
Competence is the knowledge and skills necessary to accomplish tasks that define the individuals
job. It is self-evident that if individual employees are tasked with carrying out duties that are beyond
accountant.
Commitment to competence means that management considers the competence levels for
particular jobs in determining the skills and knowledge required for each employee and that it hires
employees competent to perform tasks.
As explained in ISA 315, human resource policies and practices demonstrate important matters in
relation to the control consciousness of an entity. This implies that if human resources policies and
practices are considered to be sound both in design and in implementation over a range of matters,
then the risk of material misstatement will be reduced.
Recruitment policies and procedures. These should ensure that only competent individuals with
integrity are employed by the company. Interview procedures should ensure that only candidates
Employees should be provided with ongoing training, support and mentoring as appropriate, such
that they can continue to carry out their assigned responsibilities effectively and efficiently.
Employment termination procedures should incorporate provision for an exit interview so that the
reason for the termination can be confirmed or clarified, all emoluments due to the employee can
be settled and arrangements can be made for the return of all company assets prior to the
termination date.
Normally, the larger companys scale of operations, then the larger the size of the workforce and,
inevitably, the larger the amount of assignment of authority and responsibility that is required.
Consequently, companies need to deal not only with ensuring that appropriate levels of authority
and responsibility are appropriately qualified and experienced individuals. They also need to
ensure that adequate reporting relationships and authorization hierarchies are in place.
Additionally, individuals need to be properly resourced and made fully aware of their responsibilities
and of how their actions interrelate with the actions of others and contribute to the objectives of the
company.
If a company is not successful in meeting each of these needs, then there is an increased
probability of ineffective decisions, errors and oversights by employees leading to an increased risk
2. Risk Assessment
The entitys business objectives cannot be achieved without some risks. For an audit client, the Iceberg theyre
facing is called Business Risk factors, events, and conditions that can prevent the organization from achieving its
business objectives, including effective financial reporting.
I. Determine Goals and Objectives
The central theme of internal control is (1) to identify risks to the achievement of an organization's objectives and (2)
to do what is necessary to manage those risks.
Thus, management must first clearly articulate its goals and objectives.
1.
Operations objectives. These objectives pertain to the achievement of the basic mission(s) of a department
and the effectiveness and efficiency of its operations, including performance standards and safeguarding resources
against loss.
2.
Financial reporting objectives. These objectives pertain to the preparation of reliable financial reports,
Compliance objectives. These objectives pertain to adherence to applicable laws and regulations.
Risk assessment is one of management's responsibilities and enables management to act proactively in
reducing unwanted surprises. Failure to consciously manage these risks can result in a lack of confidence
that operation, financial and compliance goals will be achieved.
2.
Capture of Information. Once identified, accounting data must be accessed and captured by whatever
device is used to store and assemble it while awaiting the classification and recording by the storage device.
3.
Reporting of Information. The external auditor is concerned that the internal control system accurately
converts accounting data from ledger format to financial statements prepared in accordance with GAAP, including
necessary year-end adjustments and adequate footnote disclosures.
Communication Financial reporting controls require that specific duties be communicated clearly to employees
responsible for implementing the control procedures.
It takes forms such as policy manuals, accounting and financial reporting manuals and
memoranda.