Overview of Internal Control
Overview of Internal Control
Overview of Internal Control
LETS START
CHAPTER 13
OVERVIEW OF INTERNAL
CONTROL
NATURE AND PURPOSE OF
INTERNAL CONTROL
Internal control is the process designed and affected by those charged
with governance, management and other personnel to provide reasonable
assurance about the achievement of the entity’s objective with regard to
reliability of financial reporting, effectiveness and efficiency of operations
and compliance with applicable laws and regulations.
It follows the internal control is designed and implemented to address
identified business risks that threaten the achievement of any of these
objectives.
NATURE AND PURPOSE OF
INTERNAL CONTROL
Those objective fall into 3 categories.
1. Reliability of the entity’s financial reporting
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations.
INTERNAL CONTROL SYSTEM DEFINED:
- means the overall attitude, awareness and actions of directors and management regarding the
internal control system and its importance in the entity.
FACTORS REFLECTED IN THE CONTROL ENVIRONMENT
• The function of the board of directors and its committees
• Management’s philosophy and operating cycle
• The entity’ss organizational structure and methods of assigning authority and responsibility
• Management’s controls system including the internal audit function, personnel policies and
procedures and segregation of duties.
.
CONTROL ENVIRONMET
Risk assessment is the “identification, analysis, and management risks pertaining to the
preparation of financial statements.”
An entity’s risk assessment process is its process for identifying and responding to
business risks and the results thereof. For financial reporting purposes, the entity’s risk
assessment process includes how management identifies risks relevant to the preparation of
financial statements that are presented fairly, in all material respects in accordance with the
entity’s applicable financial reporting framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to manage them.
THE ENTITY’S RISK ASSESSMENT PROCESS
Many small entities are carried out entirely by the engagement partner (who may
be a sole practitioner). In such situations, it is the engagement partner who, having
personally conducted the planning of the audit, would be responsible for considering
the susceptibility of the entity’s financial statements to material misstatement due to
fraud and error.
. INFORMATION SYSTEM, INCLUDING THE BUSINESS
PROCESSES,RELEVANT TO FINANCIAL REPORTING
AND COMMUNICATION.
Control activities are the policies and procedures that help ensure that
management directives are carried out. For example, that necessary actions are
taken to address risks that threaten the achievement of the entity’s objectives.
Control activities, whether within IT or manual systems, have various
objectives and are applied at various organizational and functional levels.
Major Categories of Control Procedures
A. Performance Review
B. Information Processing Controls
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Adequate documents and records
4. Safeguards over access to assets; and
5. Independent checks on performance
C. Physical controls
Major Categories of Control Procedures:
Performance Review
In a performance review management uses accounting and operating data to
asses performance, and it then takes corrective action.
Such reviews include:
• Comparing actual performance (or operating results) with budgets, forecasts,
prior period performance, competitors’ data or tracking major initiatives such as
cost-containment or cost-reduction programs to measure the extent to which
targets are being met.
• Investigating performance indicators based on operating or financial data, such
as quantity or purchase price variances or the percentage of returns to total
orders.
Major Categories of Control Procedures:
Performance Review
• Reviewing functional or activity performance, such as relating the performance
of a manager responsible for a bank’s consumer loans with some standard, such
as economic statistics or targets.
Monitoring
• the final component of internal control, is the process that an entity uses to assess the
quality of internal control over time.
• Involves assessing the design and operation of controls on a timely basis and taking
corrective action as necessary.
• Monitoring activities may include using information from communications from external
parties that may indicate problems are highlight areas in need of improvement.
Application to Small Entities
Ongoing monitoring activities of small entities are more likely to be
informal and are typically performed as a part of the overall management of
the entity’s operations. Management’s close involvement in operations often
will identify significant variances from expectations and inaccuracies in
financial data leading to corrective action to the control.
Thank you for listening!