internal control
DESCRIPTION
Internal ControlBasic Considerations in Internal ControlInternal Control AssessmentRisk AssessmentElement of Internal ControlLimitations of Internal ControlTRANSCRIPT
INTERNAL CONTROL
INTERNAL CONTROLElements and Basic Considerations
NATURE OF INTERNAL CONTROLInternal control is the (1) process designed and (2) effected by those charged with governance, management, and other personnel to (3) provide reasonable assurance about the (4) achievement of the entitys objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
COMPONENTS OF INTERNAL CONTROLControl EnvironmentRisk AssessmentInformation and Communication SystemControl ActivitiesMonitoring
THE CONTROL ENVIRONMENTFactors reflected in the control environment include:Integrity and ethical valuesActive participation of those charged with governanceCommitment to competencePersonnel policies and proceduresOrganizational Structure
RISK ASSESSMENTThe auditor should obtain an understanding of the entitys process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof.
THE INFORMATION AND COMMUNICATION SYSTEMThe information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records established to initiate, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.
CONTROL ACTIVITIESThe auditor should obtain a sufficient understanding of control activities to assess the risks of material misstatement at the assertion level and to design further audit procedures responsive to assessed risks. Examples of specific control activities include those relating to the following:Performance reviews.Information processing.Physical controls.Segregation of duties.
MONITORINGThe auditor should obtain an understanding of the major types of activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates corrective actions to its controls.
INTERNAL CONTROL FOR A SMALL BUSINESSSmaller entities ordinarily do not have formal processes to measure and review the entitys financial performance.
CONSIDERATION OF INTERNAL CONTROLConsideration of the entitys internal control system involves:Obtaining an understanding of the internal controlDocument the understanding of accounting and internal control systemsAssess the level of control riskPerform test of controlsDocument the assessed level of control risks
OBTAINING AN UNDERSTANDING OF THE INTERNAL CONTROLObtaining an understanding of internal control involves evaluating the design of a control and determining whether it has been implemented.
DOCUMENT THE UNDERSTANDING OF ACCOUNTING AND INTERNAL CONTROL SYSTEMSThe form and extent of this documentation is influenced by the nature, size and complexity of the entity and its internal control, availability of information from the entity and the specific audit methodology and technology used in the course of the audit.
ASSESS THE LEVEL OF CONTROL RISKThe auditors assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures.The auditors selection of audit procedures is based on the assessment of risk. The higher the auditors assessment of risk, the more reliable and relevant is the audit evidence sought by the auditor from substantive procedures.
PERFORM TEST OF CONTROLSThe auditor is required to perform tests of controls when the auditors risk assessment includes an expectation of the operating effectiveness of controls or when substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level.Generally consists:InquiryObservationInspectionReperformance
Timing of Test of ControlsThe timing of tests of controls depends on the auditors objective and determines the period of reliance on those controls.
Extent of Test of ControlsThe auditor designs tests of controls to obtain sufficient appropriate audit evidence that the controls operated effectively throughout the period of reliance.
DOCUMENT THE ASSESSED LEVEL OF CONTROL RISKSThe auditor should document the overall responses to address the assessed risks of material misstatement at the financial statement level and the nature, timing, and extent of the further audit procedures, the linkage of those procedures with the assessed risks at the assertion level, and the results of the audit procedures.
COMMUNICATION OF INTERNAL CONTROL WEAKNESSESThe auditor should make those charged with governance or management aware, as soon as practicable, and at an appropriate level of responsibility, of material weaknesses in the design or implementation of internal control which have come to the auditors attention.