BY Atta-ur-Rahman Arif
BY
Atta-ur-Rahman Arif
OBJECTIVEA sufficient understanding of
internal control is to be obtained toplan the audit and to determine thenature, timing and extent of teststo be performed
MEANINGAll the policies and procedures adopted by
the management of an entity to assist inachieving management’s objective ofensuring, as far as practicable,
The orderly and efficient conduct of business
Safeguarding of assets
Prevention and detection of fraud and error
Accuracy and completeness of accountingrecords
Timely preparation of reliable financialinformation
COMPONENTS Internal control includes two categories
of controls that management designsand implemented to provide reasonableassurance that the management's controlobjectives will be met. These are:
1. Control Environment
2. Control Procedures
CONTROL ENVIRONMENT It consist of the actions, policies and procedures
that reflects the overall attitudes of topmanagement , directors and owners of an entityabout control and its importance to the entity.
Strong control environment can significantlycomplement specific control procedures.
CONTROL ENVIRONMENT Auditor should consider the subcomponents
while understanding and assessing the controlenvironment, such as: Entity’s ethical and behavioral standards and how
they are communicated and reinforced in practice.
Management’s competence level for assigningindividual’s job.
Functions of Board of Directors and itsCommittees
Entity’s organizational structure and methods ofassigning authority and responsibility.
Human resource policies and practices.
CONTROL ENVIRONMENT It also includes some other controls such as:
1, Risk Assessment :
Identification and analysis of risks relevant to thepreparation of financial statements in accordancewith GAAP.
2, Information & Communication
Accounting system should identify, assemble,classify, analyze, record and report the entity’stransactions.
3, Monitoring
Ongoing and periodic assessment of the quality ofinternal control performance.
CONTROL PROCEDURES
Those policies and procedures in addition to thecontrol environment which management hasestablished to achieve the entity’s specific objectives.It includes:
Reporting, reviewing and approving reconciliations
Checking the arithmetical accuracy of the records
Controlling applications and environment of CIS
Maintaining and reviewing control accounts
Approving and controlling documents
CONTROL PROCEDURES Comparing internal data with external sources of
information
Comparing the results of cash, security and inventory counts with accounting records
Limiting direct physical access to assets and records
Comparing and analyzing the financial results with budgeted amounts
CATEGORIES
Internal control can be divided into two categoriessuch as:
1, Financial Control
Mainly concern with legitimacy of Income &Expenditures and Security of Assets (AccountingControl)
2, Management or Operational Control
Plan of organization, procedures and records thatare concerned with the decision processes leadingto management’s authorization of transactions
Financial Control
1. Budgetary Control
2. Legitimacy of Income and Expenditure
3. Accounting Controls
1. Transaction recorded as necessary in accordance with Accounting principles
2. Access to assets is permitted only in accordance with authority
3. Recorded accountability for assets is compared with existing assets
Management Control
1. Organization should review its objectives
2. All staff and officers should be informed about the objectives and policies
3. Organizations structure clearly defined
4. Management must be informed regularly
5. Proper system of supervision
6. Review of operations effeciency
NEED FOR INTERNAL CONTROL
When volume of transactions is high and varied innature then it should be beyond the control ofmanagement to act with its limited capacity sothere is need to delegate the authority andresponsibility
In such case strict supervision is required, reliancemust be placed upon staff members.
An adequate internal control is established forsuch purpose.
INHERENT LIMITATIONS Internal control system cannot provide
management with conclusive evidence thatobjectives are reached because of inherentlimitations, such as:
Management's philosophy that the cost of internalcontrol does not exceed the expected benefits to bederived
It directed at routine transactions rather than non-routine transactions
Potential of human error due to carelessness,distraction, mistakes etc.
INHERENT LIMITATIONS Misunderstanding of instructions
Possibility that a person responsible for exercising aninternal control could misuse that responsibility
Possibility that procedures may become inadequatedue to changes in conditions and compliance withprocedures may deteriorate
Possibility of circumvention of internal controlsthrough the collusion of a member of management oran employee with parties outside or inside the entity
Principles of internal Control1. Financial and Accounting operations must by
separated
2. Responsibility must be clearly stated
3. Too much confidence not be pinned on an individual
4. Rotation principle must be applied
5. Mechanization of the work used where feasible
6. Work must be supervised by other employee
7. Written record of work must be placed that played important role.
8. Clear and well defined roles should be laid down
9. Employees must be in bond so employer is protected
10. Double entry system of accounting must be used.
Segregated Functions
Following functions must be segregated to implement operational Control:
Initiating and Authorizing Transactions
Connected with the execution of any Transactions must authorized by senior official
Having responsibility for asset, liability, expense or revenue resulting from transactions
PROCESS OF UNDERSTANDING THE INTERNAL CONTROL
Obtain an understanding of internal controlsufficient to plan an audit of the entity’sfinancial statements
Assess whether the financial statement areauditable
Assess the level of control risk supported by theunderstanding obtained
Assess whether it is likely a lower control riskcould be supported
PROCESS OF UNDERSTANDING THE INTERNAL CONTROL
Decide on the appropriate assessed control risk touse
Level supported by understanding obtained
Plan and perform tests of control
Determine whether the assessed control risk issupported by the tests of control
Decide on the appropriate increased planned riskand plan the resultant substantive tests to satisfy theincreased planned detection risk
Review and Reliance onInternal Control
Before starting of Audit, review the system for
To examine weaknesses of system, if any
To consider the proposition of introducing test check to be performed during the course of audit
Determine exactly the extent of work to be performed so as to enable the auditor to express his opinion on the given set of acconts.
BENEFITS OF UNDERSTANDING
It will enable the auditor to :
Identify the types of potential materialmisstatements that could occur in the financialstatements
Consider factors that affect the risk of materialmisstatements
Design appropriate audit procedures
Evaluation Phases 1. It is responsibility of management to develop
and maintain the control system, auditor will study that system.
2. Auditor will study and evaluate the controls to determine of the extent of substantive audit procedures. (Control environment and flow and transactions)
3. Detailed overview of internal accounting system. Obtain information from different sources i.e. review of accounting manuals, interviews, review of JDs, analysis of Organizational chart.
MANAGEMENT LETTER
After evaluation of the internal controls,Management Letter is issued. The objectives of thisletter are:
To identify any weaknesses in the internal control
To suggest adequate accounting control
To suggest improvements in the existing internalcontrol