Scribd
Upload
211 views

Auditing - 4 Internal Controls PDF

The document discusses internal controls, which management designs to achieve objectives of reliable financial reporting, efficient operations, and compliance with laws and regulations. It describes key aspects of internal control frameworks including the COSO framework components of control environment, risk assessment, control activities, information/communication, and monitoring. Limitations of internal controls are also noted such as the possibility of human error or management override.

Uploaded by

Saad Shehryar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
211 views

Auditing - 4 Internal Controls PDF

The document discusses internal controls, which management designs to achieve objectives of reliable financial reporting, efficient operations, and compliance with laws and regulations. It describes key aspects of internal control frameworks including the COSO framework components of control environment, risk assessment, control activities, information/communication, and monitoring. Limitations of internal controls are also noted such as the possibility of human error or management override.

Uploaded by

Saad Shehryar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

AUDITING

4
Internal Controls
INTERNAL CONTROL OBJECTIVES
1. Reliability of financial reporting: Management has
responsibility that FS are fairly stated
2. Efficiency and effectiveness of operations: Optimize
company’s use of resources
3. Compliance with laws and regulations: ICFR report to
be issued in certain jurisdictions
Management designs systems of internal control to
accomplish all three objectives
DESIGN OF INTERNAL CONTROL
1. IC provide reasonable, but not absolute assurance
2. IC are developed after cost-benefit analysis
3. Internal controls can never be completely effective
because of human involvement (design – use)
4. Management may override the procedures and
instruct employees to circumvent IC
5. Collusion between employees (fraud)
INTERNAL CONTROL FRAMEWORK
• U.S. companies use Committee of Sponsoring
Organizations of the Treadway Commission (COSO)
Internal Control—Integrated Framework
• Canada’s Guidance on Assessing Control (known as
“CoCo”)
• United Kingdom’s Internal Control: Guidance for
Directors on the Combined Code (known as the
Turnbull Report)
Control Environment
Information &
Risk Assessment Control Activities Monitoring
Communication

COSO Framework gives the following components:


1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
Control Environment
• The auditor must understand the accounting system and
control environment to determine audit approach.
• Control environment includes the governance and
management functions and the attitudes, awareness
and actions of those charged with governance and
management concerning the entity's internal control and
its importance in the entity.
• A strong control environment does not ensure
effectiveness of internal controls
Control Environment
Information &
Risk Assessment Control Activities Monitoring
Communication

COSO Framework gives the following components:


1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
Entity’s risk assessment process
The auditor shall obtain an understanding of whether the
entity has a process for:
1. Identifying business risks relevant to financial reporting
objectives;
2. Estimating the significance of the risks; (Impact)
3. Assessing the likelihood of their occurrence
(Probability); and
4. Deciding about actions to address those risks (Take
Risk, Transfer Risk, Reduce Risk, or avoid).
Risk can arise or change due to following:
a) changes in the entity’s operating environment
b) new personnel
c) new or revamped information systems
d) rapid growth
e) new technology
f) new business models, products or activities
g) corporate restructurings
h) expanded foreign operations
i) new accounting pronouncements.
Control Environment
Information &
Risk Assessment Control Activities Monitoring
Communication

COSO Framework gives the following components:


1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
Examples of Control Activities
• Segregation of Duties (functions, steps, and operations)
• Approval of documents (managers – give limits)
• Controls over computerized applications
• Checking arithmetical accuracy (adding up)
• Maintaining control accounts
• Reconciliations (bank, stock, debtors)
• Physical observation of cash, inventory counts
• Comparing internal data with external documents (GDN)
• Limiting physical access to assets and records
Control Environment
Information &
Risk Assessment Control Activities Monitoring
Communication

COSO Framework gives the following components:


1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
Information System relevant to reporting
• The classes of transactions that are significant to F/S
• The procedures by which transactions are initiated,
recorded, processed, corrected, transferred to the
general ledger and reported in the F/S
• The related accounting records, supporting information,
and specific accounts in the F/S
• How the information system captures events and
conditions, other than transactions, that are significant
to the financial statements
• The financial reporting process used to prepare the
entity's financial statements, including disclosures
Control Environment
Information &
Risk Assessment Control Activities Monitoring
Communication

COSO Framework gives the following components:


1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
Monitoring
It is a process to assess the effectiveness of internal
control performance over time. It includes:
a) Assessing the design and operation of controls on a
timely basis
b) Taking necessary corrective actions modified for
changes in conditions.

The auditor obtains an understanding of the nature of


responsibilities of the Internal Audit function, its
organizational status, and the activities performed.
Limitations of Internal controls
Internal controls only provide reasonable assurance, that
objectives are met, due to inherent limitations like:
• The costs of control may not outweigh their benefits
• Potential of human error
• Collusion between employees (resulting in fraud)
• Possibility of management override of controls
• Controls beings designed only to cope with routine
transactions.
Due to Collusion, possibility of fraud will always exist.

You might also like