2 methods commonly used by auditors to obtain document their understanding of the design of internal control are: i) Narrative Narrative

is a written description of a client's internal controls. A proper narrative of an accounting system and related controls includes 4 characteristics which are the origin of every document and record in the system, all processing that takes place, the disposition of every document and record in the system, and an indication of the controls relevant to the assessment of control risk. ii) Flowchart Flowchart is a diagram of the clients documents and their sequential flow in the organisation. An adequate flowchart includes the same four characteristics identified for narratives.

3 broad objectives in designing an effective internal controls system are: i) Reliability of financial reporting The objective of effective internal control over financial reporting is to fulfil these financial reporting responsibilities. Efficiency and effectiveness of operations An important objective of these controls is accurate financial and non-financial information about the entitys operations for decision making. Compliance with laws and regulations All public companies to issue a report about the operating effectiveness of internal control over financial reporting.

ii)

iii)

5 types of specific control activities (policies and procedures) in the internal control are: i) Adequate separation of duties There are 4 general guidelines for adequate separation of duties to prevent both fraud and errors are of special significance to auditors which are separation of the custody of assets from accounting, separation of the authorisation of transactions from the custody of related assets, separation of operational responsibility from record-keeping responsibilities, and separation of IT duties from user departments. ii) Proper authorisation of transactions and activities Authorisation can be either general or specific. General authorisation, management establishes policies for the organisation to follow, and subordinates are instructed. In specific authorisation, it is applies to individual transactions. iii) Adequate documents and records Documents and records are the physical objects upon which transactions are entered and summarised.

iv) Physical control over assets and records To maintain adequate internal control, it is essential to protect assets and records. If assets are left unprotected, they can be stolen. If records are not adequately protected, they can be stolen, damaged or lost. v) Independent checks on performance The last category of control activities is the careful and continuous review of the other four, often called independent checks or internal verification. The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.