Overview of Internal Control

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 35

HI !!!!!

LETS START
CHAPTER 13
OVERVIEW OF INTERNAL
CONTROL
NATURE AND PURPOSE OF
INTERNAL CONTROL
Internal control is the process designed and affected by those charged
with governance, management and other personnel to provide reasonable
assurance about the achievement of the entity’s objective with regard to
reliability of financial reporting, effectiveness and efficiency of operations
and compliance with applicable laws and regulations.
It follows the internal control is designed and implemented to address
identified business risks that threaten the achievement of any of these
objectives.
NATURE AND PURPOSE OF
INTERNAL CONTROL
Those objective fall into 3 categories.
1. Reliability of the entity’s financial reporting
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations.
INTERNAL CONTROL SYSTEM DEFINED:

Internal control system means all policies and procedures (internal


controls) adopted by the management of an entity to assist in achieving
management’s objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management
policies, the safeguarding of assets, the prevention and detection of fraud
and error, the accuracy and completeness of the accounting records, and the
timely preparation of reliable financial information.
ELEMENTS/COMPONENTS OF
INTERNAL CONTROL
A. CONTROL ENVIRONMET
B. THE ENTITY’S RISK ASSESSMENT PROCESS
C. THE INFORMATION SYSTEM, INCLUDING THE RELATED
BUSINESS PROCESS, RELEVANT TO FINANCIAL REPORTING,
AND COMMUNICATION.
D. CONTROL ACTIVITIES
E. MONITORING OF CONTROLS
CONTROL ENVIRONMET

- means the overall attitude, awareness and actions of directors and management regarding the
internal control system and its importance in the entity.
FACTORS REFLECTED IN THE CONTROL ENVIRONMENT
• The function of the board of directors and its committees
• Management’s philosophy and operating cycle
• The entity’ss organizational structure and methods of assigning authority and responsibility
• Management’s controls system including the internal audit function, personnel policies and
procedures and segregation of duties.
.
CONTROL ENVIRONMET

SEVERAL FACTORS COMPRISE THE CONTROL ENVIRONMENT


• Communication and enforcement of integrity and ethical values
- They affect the design, administration, and monitoring of other components of internal control.
• Commitment to competence
- Management consider the competence levels for particular jobs in determining the skills and
knowledge required of each employee and that it hires employees competent to perform task.
• Participation by those charge with governance
- An entity’s control consciousness is influence significantly by those charge with the governance.
.
CONTROL ENVIRONMET
• Management philosophy and operating style
- Refers to management’s attitude towards (a) business risk, (b) financial reporting, (c) meeting budget, profit
and other established goals which all have impact on the reliability of the financial statements.
• Organizational structure
- Provides the overall framework for planning, directing and controlling operations.
• Assignment of authority and responsibility
- Personnel within an organization need to have a clear understanding of their responsibilities and the rules and
regulations that govern their actions.
• Human resources policies and procedures
- Perhaps the most important element of an internal accounting control system is the people who perform and
execute the established policies and procedures
THE ENTITY’S RISK ASSESSMENT PROCESS

Risk assessment is the “identification, analysis, and management risks pertaining to the
preparation of financial statements.”
An entity’s risk assessment process is its process for identifying and responding to
business risks and the results thereof. For financial reporting purposes, the entity’s risk
assessment process includes how management identifies risks relevant to the preparation of
financial statements that are presented fairly, in all material respects in accordance with the
entity’s applicable financial reporting framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to manage them.
THE ENTITY’S RISK ASSESSMENT PROCESS

Risks can arise or change due to circumstances such as the following:


• CHANGES IN OPERATING ENVIRONMENT. Changes in the regulatory or
operating environment can result in changes in competitive pressures and
significantly different risks.
• NEW PERSONNEL. New personnel may have a different focus on or
understanding of internal control.
• NEW OR REVAMPED INFORMATION SYSTEMS. Significant and rapid changes
in information systems can change the risk relating to internal control.
THE ENTITY’S RISK ASSESSMENT PROCESS

• RAPID GROWTH. Significant and rapid expansion of operations can strain


controls and increase the risk of a breakdown in controls.
• NEW TECHNOLOGY. Incorporating new technologies into production processes
or information system may change the risk associated with internal control.
• NEW BUSINESS MODELS, PRODUCTS, OR ACTIVITIES. Entering into
business areas or transactions with which an entity has little experience may
introduced new risk associated with internal control.
THE ENTITY’S RISK ASSESSMENT PROCESS

• CORPORATE STRUCTURINGS. Restructuring may be accompanied by staff


reductions and changes in supervision and segregation of duties that may change risk
associate with internal control.
• EXPANDED FOREIGN OPERATIONS. The expansion of acquisition of foreign
operations carries new and often unique risk that may affect internal control, for
example, additional or change in risk from foreign currency transactions.
• NEW ACCOUNTING PRONOUNCEMENT. Adaption of new accounting principles or
changing accounting principles may affect risk in preparing financial statements.
Considerations Specific to Smaller Entities

Many small entities are carried out entirely by the engagement partner (who may
be a sole practitioner). In such situations, it is the engagement partner who, having
personally conducted the planning of the audit, would be responsible for considering
the susceptibility of the entity’s financial statements to material misstatement due to
fraud and error.
. INFORMATION SYSTEM, INCLUDING THE BUSINESS
PROCESSES,RELEVANT TO FINANCIAL REPORTING
AND COMMUNICATION.

An information system consist of infrastructure (physical and hardware components),


software, people, procedures and data. Infrastructure and software will be absent, or have
less significance, in systems that are exclusively or primarily manual. Many information
systems make extensive use of IT.
The information system relevant to financial reporting objectives, which includes the
accounting system, consists of the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as well as events and conditions)
and to maintain accountability for the related assets, liability, and equity
INFORMATION SYSTEM, INCLUDING THE BUSINESS
PROCESSES,RELEVANT TO FINANCIAL REPORTING
AND COMMUNICATION.
• Resolve incorrect processing of transaction, automated suspense files and procedures
followed to clear suspense items out on a timely basis.
• Process and account for system overrides or bypasses the controls
• Transfer information from transaction processing system to the general ledger.
• Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting
framework is accumulated, recorded, processed, summarized and appropriately reported
in the financial statement.
JOUNAL ENTRIES

An entity’s information system typically includes the use of standard journal


entries that are required on a recurring basis to record transactions. Examples might
be a journal entries to record sales, purchases, and cash disbursements in the
general ledger, or to record accounting estimates that are periodically made by
management, such as changes in the estimates of uncollectible accounts receivable.
. *note:  Standard journal entries used on a recurring basis to record transactions
such as monthly sales, purchases, and cash disbursements, or to record recurring
periodic accounting estimates generally are subject to the entity's internal controls.
Non-standard journal entries (opposite meaning of standard journal
entries)
Non- recurring
Unusual transactions
Or adjustments
RELATED BUSINESS PROCESSES

An entity’s business processes are the activities designed to:


• Develop, purchase, produce, sell and distribute an entity’s products and
services
• Ensure compliance with the laws and regulations
• Record information, including accounting and financial reporting
information
Accordingly, an information system encompasses methods and records that:

• Identify and record all valid transactions.


• Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
• Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial reporting statements
• Determine the time period in which transaction occurred to permit recording of
transactions in the proper accounting period
• Present properly the transactions and related disclosures in the FS.
COMMUNICATION
• Involve providing an understanding of individual roles and
responsibilities pertaining to internal control over financial
reporting.
• Takes such forms as policy manuals, accounting and
financial reporting manuals, and memoranda.
• Also can be made electronically, orally, and through the
actions of management.
Application to small entities

• Less formal, but just as significant


• Small entities with active management involvement may not need
extensive descriptions of accounting procedures, sophisticated accounting
records or written policies.
• Communications may be less formal and easier to achieve in a small
entity than in a larger entity due to the small entity’s size and fewer levels
as well as management’s greater visibility and availability.
CONTROL ACTIVITIES

Control activities are the policies and procedures that help ensure that
management directives are carried out. For example, that necessary actions are
taken to address risks that threaten the achievement of the entity’s objectives.
Control activities, whether within IT or manual systems, have various
objectives and are applied at various organizational and functional levels.
Major Categories of Control Procedures

A. Performance Review
B. Information Processing Controls
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Adequate documents and records
4. Safeguards over access to assets; and
5. Independent checks on performance
C. Physical controls
Major Categories of Control Procedures:
Performance Review
In a performance review management uses accounting and operating data to
asses performance, and it then takes corrective action.
Such reviews include:
• Comparing actual performance (or operating results) with budgets, forecasts,
prior period performance, competitors’ data or tracking major initiatives such as
cost-containment or cost-reduction programs to measure the extent to which
targets are being met.
• Investigating performance indicators based on operating or financial data, such
as quantity or purchase price variances or the percentage of returns to total
orders.
Major Categories of Control Procedures:
Performance Review
• Reviewing functional or activity performance, such as relating the performance
of a manager responsible for a bank’s consumer loans with some standard, such
as economic statistics or targets.

Personnel at various levels in an organization may make performance reviews.


Performance reviews may be used by managers for the sole purpose of making
operating decisions.
Major Categories of Control Procedures:
Information Processing Controls
Information processing controls are policies and procedures designed to require
authorization of transactions and to ensure the accuracy and completeness of
transaction processing. Control activities may be classified according to the scope
of the system they affect.
General controls are control activities that prevent or detect errors and
irregularities for all accounting systems and affect all transaction cycles and apply
information processing as a center, hardware and systems software acquisition and
maintenance and backup and recovery procedures.
Major Categories of Control Procedures:
Information Processing Controls
Application controls are controls that pertain to the processing of a specific type
of transaction, such as payroll, or sales and collections. These controls help ensure
that transactions occurred, are authorized, and are completely and accurately
recorded and processed.
General IT-controls are policies and procedures that relate to many applications
and support effective functioning of application controls by helping to ensure the
continued proper operation of information systems. It commonly include controls
over data center and network operations; system software acquisition, change and
maintenance; access security; and application system acquisition, development, and
maintenance. These controls apply to mainframe, miniframe, and end-user
environments.
Major Categories of Control Procedures:
Information Processing Controls
Internal controls relating to the accounting system are concerned with achieving
objectives such as:
• Transactions are executed in accordance with management’s general or specific
authorization.
• All transactions and other events are promptly recorded in the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation of
financial statements in accordance with an identified financial reporting framework.
• Access to assets and records is permitted only in accordance with management’s
authorization.
• Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken regarding any difference.
Major Categories of Control Procedures:
Information Processing Controls
Control activities related to the processing of transactions may be grouped as
follows: (1) proper authorization, (2) design and use of adequate documents and
records, and (3) independent checks on performance.
1. Proper authorization of transactions and activities
- authorization for the execution of transactions flows from the stockholders to
management and its subordinates.
2. Segregation of duties
- an important element in designing an internal accounting control system that
safeguards assets and reasonably ensures the reliability of the accounting records.
Major Categories of Control Procedures:
Information Processing Controls
3. Adequate documents and records
- the use of adequate documents and records allow the company to obtain
reasonable assurance that all valid transactions have been recorded.
4. Access to assets
- the resources of a client can be protected by the establishment of physical
barriers and appropriate policies.
5. Independent checks on performance
- the objective of a well-designed internal accounting control system is the
adoption of procedures that periodically compare the actual asset with its recorded balance.
Major Categories of Control Procedures:
Physical Controls
Controls that encompass:
• The physical security of assets, including adequate safeguards such as
secured facilities over access to assets and records.
• The authorization for access to computer programs and data files.
• The periodic counting and comparison with amounts shown on control records
(for example, comparing the results of cash, security and inventory counts with
the accounting records).
The extent to which physical controls intended to prevent theft of assets are
relevant to the reliability of financial statement preparation, and therefore the audit,
depends on circumstances such as when assets are highly susceptible to
misappropriation.
MONITORING OF CONTROLS

Monitoring
• the final component of internal control, is the process that an entity uses to assess the
quality of internal control over time.
• Involves assessing the design and operation of controls on a timely basis and taking
corrective action as necessary.
• Monitoring activities may include using information from communications from external
parties that may indicate problems are highlight areas in need of improvement.
Application to Small Entities
Ongoing monitoring activities of small entities are more likely to be
informal and are typically performed as a part of the overall management of
the entity’s operations. Management’s close involvement in operations often
will identify significant variances from expectations and inaccuracies in
financial data leading to corrective action to the control.
Thank you for listening!

You might also like