Unit 3

Internal control

Internal control is a system of processes, procedures, and policies that an organization puts
in place to safeguard its assets, ensure accurate financial reporting, promote operational
efficiency, and comply with laws and regulations.

In essence, internal control helps an organization:

 Protect its assets from theft, fraud, and misuse.

 Ensure reliable and accurate information, especially in financial reporting.
 Increase operational effectiveness by improving processes and reducing waste.
 Comply with laws and policies to avoid legal issues.

Internal control includes activities like authorizing transactions, maintaining accurate records,
performing reconciliations, and conducting audits. It’s essential for managing risks and
supporting the organization’s overall goals.

Definition

According to W.W. Bigg:"Internal control is best regarded as indicating the whole system
of controls, financial and otherwise, established by the management in the conduct of a
business, including internal check, internal audit and other forms of control."

Objectives

The main objectives of an internal control system are:

1. Protect Assets: Keep the organization’s assets safe from theft, fraud, and misuse.
2. Ensure Accurate Financial Reporting: Make sure financial information is reliable
and free from major errors.
3. Promote Operational Efficiency: Improve processes and use resources wisely,
avoiding waste and duplication.
4. Comply with Laws and Regulations: Follow all relevant laws, policies, and
guidelines to avoid legal problems.
5. Prevent and Detect Errors and Fraud: Catch mistakes or fraudulent activity early to
prevent financial or reputational damage.

elements CHARACTERISTICS OR PRINCIPLES OF INTERNAL control

An effective or a good system of internal control should have the following

characteristics which can be abbreviated I as CROSSASIA for memory.

Competent and trustworthy personnel

Records, financial and other Organisational plans

Organisational plans

Segregation of duties

Supervision

Authorisation-written

Sound practices

Internal audit

shambles.

Arithmetic and accounting controls.

1. Competent and trustworthy personnel. Personnel is the most important

element of any system of internal control. If employees are competent and
trustworthy, some of the other characteristics can be absent and reliable
financial statements can still result.

2. Records, financial and other organisational plans. Documents perform the

function of transmitting information throughout the client's organisation and
between different organisations. The documents must be adequate to provide
reasonable assurance that all assets are properly controlled and all
transactions correctly recorded.

3. Segregation of duties. For the prevention of both intentional and

unintentional errors, following types of segregation of duties should be taken
care of.

1.) Separation of operational responsibility from record-keeping responsibility.

2.) Separation of the custody of assets from accounting.

4. Supervision. Directors should review the company's financial operations and

position regular and frequent intervals. Comparison with results for previous
periods indicates discrepancies that call for further examination. Where
budgetary control is in use, attention will be drawn to variances and
explanations required. From time to time, special reviews of particular items
Such stocks, or the operation of the wages department, should be undertaken.
5. Authorisation-written. If control is to be satisfactory, every transaction must
be properly authorised. If any person in an organisation could acquire or
expend assets at will, complete chaos would result

6. Sound Practices. Sound practices of administration require that established

procedures, policies and delegation of responsibility should all be in black and
white. This helps in avoiding questions attempts to shift responsibility for
unsatisfactory performance etc.

7. Internal Audit. It is the examination of accounts of a business concern by its

employees specially appointed for the purpose. It is an independent appraisal
of activity within an organisation for the review of accounting, financial and
other business practices.

8. Arithmetic and Accounting Controls. Chart of accounts i.e. balance sheet

and income statement is an important control because it provides the
framework for determining the information presented to management and
other financial statement users. Chart of Accounts or Financial Statements
should be prepared in accordance with the generally accepted accounting
principles.

STUDY AND EVALUATION OF INTERNAL CONTROL SYSTEM

(STAGES IN THE EVALUATION OF INTERNAL CONTROL SYSTEM)

If the internal control system is effective, the auditor may confine his examination and audit
procedures only to a representative sample from different groups of transactions and avoid a
detailed verification of each and every transaction which will be costly in terms of both time and
money. But before placing reliance on the internal control system, the auditor must properly study
and evaluate the system and identify its strong and weak points with a view to designing his audit
procedures accordingly. Such a study can undertake in the following three stages:

a) Ascertaining the System or Review and Preliminary Evaluation

b) Compliance Testing

c)Evaluation.

a). Ascertaining the System or Review and Preliminary Evaluation

The auditor must acquaint himself with the system of internal control in order to gain a full
and clear understanding of the flow of transactions and the specific control procedures, in the first
stage. For this purpose, he must study deeply and examine rigorously the system of internal control
with a view to evaluating thoroughly its strength and weaknesses. If he is satisfied with some
internal controls, he can confidently rely on such internal controls in Conducting the audit. He should
ascertain whether these internal controls have been in force throughout the period under audit or
only for a part of the period
 The auditor can also acquire more knowledge and understanding of the internal controls
through discussions with the top officials working at different levels of the organisation and also by
referring to the documents such as organisation charts, procedure manuals, job description and flow
charts.

The organisation chart gives a graphic view of the structure of the organisation by relating
superior- subordinate positions along with their respective authority and responsibility. The
procedure manuals describe the procedural requirements relating to various kinds of transactions. A
flow chart is a symbolic representation of flow of transactions goods or cash. The auditor should
carefully go through all these documents

b) Compliance Testing

The auditor is not entitling to place any reliance on internal controls based solely on his preliminary
evaluation. He should carry out compliance tests to obtain reasonable assurance that the controls on
which he wishes to rely were functioning both properly and throughout the period .

While designing the compliance test, the auditor faces three questions :

i) How to obtain evidence that the controls were functioning properly?

ii) How to obtain evidence that the controls operated throughout the period under audit ?

iii) How much evidence is needed ?

Since general controls do not usually give rise to any documentary evidence of their
operations, they must be compliance-tested mainly through Observation and enquiry. Scrutiny of
documents and records will also be helpful.

The auditor should undertake compliance procedure with a view to finding out whether or not the
controls on which he intends to rely have been effectively and properly complied with in practice
throughout the period under audit. This can be done by selecting representative samples from
different groups of transactions and examining them in depth, particularly with reference to the
procedural and control aspects.

Where the auditor cannot obtain documentary evidence with regard to the application of
internal control in practice, he may place greater reliance on verbal enquiries and actual observation

c) Evaluation of the system

An evaluation of an internal control system checks how well an organization protects its assets,
ensures accurate records, and complies with rules.

A good internal control system protects the organization, keeps records accurate, and helps prevent
fraud. Regular evaluations show where improvements are needed to keep the organization safe and
efficient.

Internal control questionnaire

An Internal Control Questionnaire (ICQ) helps assess the effectiveness of an

organization’s internal controls. It is typically used by internal auditors, external auditors, or
management to evaluate various control aspects across departments
Internal control checklist

An internal control checklist provides a streamlined way to assess whether an

organization has effective internal controls in place. This checklist can help in identifying
control weaknesses, ensuring compliance, and safeguarding assets.

Materiality

Materiality refers to the significance of an amount, transaction, or discrepancy in the financial

statements that could influence the decision of users , such as investors or creditors.

. Auditors set materiality levels to determine the nature, timing, and extent of audit
procedures, which helps them focus on areas with the greatest potential impact

Audit Risk

Audit risk is the risk that an auditor may issue an unqualified opinion on financial
statements that are materially misstated. Auditors seek to keep audit risk at an acceptably low
level to ensure their opinion is accurate and reliable. Audit risk consists of three components:

1. Inherent Risk: The likelihood of a material misstatement occurring due to the nature
of the business or complexity of transactions, independent of controls. For example,
industries with complex financial instruments may have a high inherent risk.

2. Control Risk: The risk that a company's internal controls will not detect or prevent a
material misstatement. If internal controls are weak or ineffective, control risk
increases.

3. Detection Risk: The risk that the auditor’s procedures fail to detect a material
misstatement. Detection risk is controlled by the auditor through the nature, timing,
and extent of audit procedures.