8. internal control new

BY

Atta-ur-Rahman Arif

OBJECTIVEA sufficient understanding of

internal control is to be obtained toplan the audit and to determine thenature, timing and extent of teststo be performed

MEANINGAll the policies and procedures adopted by

the management of an entity to assist inachieving management’s objective ofensuring, as far as practicable,

The orderly and efficient conduct of business

Safeguarding of assets

Prevention and detection of fraud and error

Accuracy and completeness of accountingrecords

Timely preparation of reliable financialinformation

COMPONENTS Internal control includes two categories

of controls that management designsand implemented to provide reasonableassurance that the management's controlobjectives will be met. These are:

1. Control Environment

2. Control Procedures

CONTROL ENVIRONMENT It consist of the actions, policies and procedures

that reflects the overall attitudes of topmanagement , directors and owners of an entityabout control and its importance to the entity.

Strong control environment can significantlycomplement specific control procedures.

CONTROL ENVIRONMENT Auditor should consider the subcomponents

while understanding and assessing the controlenvironment, such as: Entity’s ethical and behavioral standards and how

they are communicated and reinforced in practice.

Management’s competence level for assigningindividual’s job.

Functions of Board of Directors and itsCommittees

Entity’s organizational structure and methods ofassigning authority and responsibility.

Human resource policies and practices.

CONTROL ENVIRONMENT It also includes some other controls such as:

1, Risk Assessment :

Identification and analysis of risks relevant to thepreparation of financial statements in accordancewith GAAP.

2, Information & Communication

Accounting system should identify, assemble,classify, analyze, record and report the entity’stransactions.

3, Monitoring

Ongoing and periodic assessment of the quality ofinternal control performance.

CONTROL PROCEDURES

Those policies and procedures in addition to thecontrol environment which management hasestablished to achieve the entity’s specific objectives.It includes:

Reporting, reviewing and approving reconciliations

Checking the arithmetical accuracy of the records

Controlling applications and environment of CIS

Maintaining and reviewing control accounts

Approving and controlling documents

CONTROL PROCEDURES Comparing internal data with external sources of

information

Comparing the results of cash, security and inventory counts with accounting records

Limiting direct physical access to assets and records

Comparing and analyzing the financial results with budgeted amounts

CATEGORIES

Internal control can be divided into two categoriessuch as:

1, Financial Control

Mainly concern with legitimacy of Income &Expenditures and Security of Assets (AccountingControl)

2, Management or Operational Control

Plan of organization, procedures and records thatare concerned with the decision processes leadingto management’s authorization of transactions

Financial Control

1. Budgetary Control

2. Legitimacy of Income and Expenditure

3. Accounting Controls

1. Transaction recorded as necessary in accordance with Accounting principles

2. Access to assets is permitted only in accordance with authority

3. Recorded accountability for assets is compared with existing assets

Management Control

1. Organization should review its objectives

2. All staff and officers should be informed about the objectives and policies

3. Organizations structure clearly defined

4. Management must be informed regularly

5. Proper system of supervision

6. Review of operations effeciency

NEED FOR INTERNAL CONTROL

When volume of transactions is high and varied innature then it should be beyond the control ofmanagement to act with its limited capacity sothere is need to delegate the authority andresponsibility

In such case strict supervision is required, reliancemust be placed upon staff members.

An adequate internal control is established forsuch purpose.

INHERENT LIMITATIONS Internal control system cannot provide

management with conclusive evidence thatobjectives are reached because of inherentlimitations, such as:

Management's philosophy that the cost of internalcontrol does not exceed the expected benefits to bederived

It directed at routine transactions rather than non-routine transactions

Potential of human error due to carelessness,distraction, mistakes etc.

INHERENT LIMITATIONS Misunderstanding of instructions

Possibility that a person responsible for exercising aninternal control could misuse that responsibility

Possibility that procedures may become inadequatedue to changes in conditions and compliance withprocedures may deteriorate

Possibility of circumvention of internal controlsthrough the collusion of a member of management oran employee with parties outside or inside the entity

Principles of internal Control1. Financial and Accounting operations must by

separated

2. Responsibility must be clearly stated

3. Too much confidence not be pinned on an individual

4. Rotation principle must be applied

5. Mechanization of the work used where feasible

6. Work must be supervised by other employee

7. Written record of work must be placed that played important role.

8. Clear and well defined roles should be laid down

9. Employees must be in bond so employer is protected

10. Double entry system of accounting must be used.

Segregated Functions

Following functions must be segregated to implement operational Control:

Initiating and Authorizing Transactions

Connected with the execution of any Transactions must authorized by senior official

Having responsibility for asset, liability, expense or revenue resulting from transactions

PROCESS OF UNDERSTANDING THE INTERNAL CONTROL

Obtain an understanding of internal controlsufficient to plan an audit of the entity’sfinancial statements

Assess whether the financial statement areauditable

Assess the level of control risk supported by theunderstanding obtained

Assess whether it is likely a lower control riskcould be supported

PROCESS OF UNDERSTANDING THE INTERNAL CONTROL

Decide on the appropriate assessed control risk touse

Level supported by understanding obtained

Plan and perform tests of control

Determine whether the assessed control risk issupported by the tests of control

Decide on the appropriate increased planned riskand plan the resultant substantive tests to satisfy theincreased planned detection risk

Review and Reliance onInternal Control

Before starting of Audit, review the system for

To examine weaknesses of system, if any

To consider the proposition of introducing test check to be performed during the course of audit

Determine exactly the extent of work to be performed so as to enable the auditor to express his opinion on the given set of acconts.

BENEFITS OF UNDERSTANDING

It will enable the auditor to :

Identify the types of potential materialmisstatements that could occur in the financialstatements

Consider factors that affect the risk of materialmisstatements

Design appropriate audit procedures

Evaluation Phases 1. It is responsibility of management to develop

and maintain the control system, auditor will study that system.

2. Auditor will study and evaluate the controls to determine of the extent of substantive audit procedures. (Control environment and flow and transactions)

3. Detailed overview of internal accounting system. Obtain information from different sources i.e. review of accounting manuals, interviews, review of JDs, analysis of Organizational chart.

MANAGEMENT LETTER

After evaluation of the internal controls,Management Letter is issued. The objectives of thisletter are:

To identify any weaknesses in the internal control

To suggest adequate accounting control

To suggest improvements in the existing internalcontrol