7/30/2019 Internal Control Basics
1/19
Internal Control Basic
Concepts
7/30/2019 Internal Control Basics
2/19
2
Why do stores use cash
registers?
To safeguard assets
To insure accuracy and
reliability of accountingdata
To provide efficiency inoperations
To encourage adherenceto prescribed policies &procedures
7/30/2019 Internal Control Basics
3/19
3
Why Consider Internal
Controls?
The second standard of fieldwork:
A sufficient understanding of the internal
control structure is to be obtained to plan theaudit and to determine the nature, timing ,and extent of tests to be performed.
To ensure that the companys objectivesare being met.
7/30/2019 Internal Control Basics
4/19
4
Internal Control Basics
The Auditing Standards Board (ASB) hasdefined the internal control structure as
the policies and procedures establishedto provide reasonable assurance thatspecific entity objectives will be achieved.
SAS No. 55 and No. 78 relate to theinternal control structure.
7/30/2019 Internal Control Basics
5/19
5
Internal Control Basics
Recently, the Information Systems Auditand Control Foundation (ISACF)
developed the Control Objectives forInformation and related Technology(COBIT)
Business aspects
IT resources
IT processes
7/30/2019 Internal Control Basics
6/19
6
Internal Control Basics
The Committee of Sponsoring Organizations (COSO)defines internal control as the process implementedby the board of directors, management, and those
under their direction to provide reasonableassurance that control objectives are achieved withregard to the following:
1. Effectiveness and efficiency of operations
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations
7/30/2019 Internal Control Basics
7/19
7
COSO Integrated
Framework
7/30/2019 Internal Control Basics
8/19
8
Internal Control Components
Control Environment - The collective effect ofvarious factors on establishing, enhancing, or mitigating theeffectiveness of specific policies and procedures.
Integrity and Ethical Values
Managements Philosophy and Operating Style
Organizational Structure
The Board of Directors and the Audit Committee
Methods of Assigning Authority and Responsibility
Human Resources Policies and Practices
External Influences
7/30/2019 Internal Control Basics
9/19
9
Internal Control Components
Risk Assessment - This is the entitys identificationand analysis of relevant risks to achievement of itsobjectives, forming a basis for determining how the risksshould be managed.
Identify Threats
Estimate Risk
Estimate ExposureIdentify Controls
Estimate Costs and Benefits
7/30/2019 Internal Control Basics
10/19
10
Internal Control Components
Control Activities - Policies and procedures inaddition to the control environment and risk
assessment that provide reasonable assurance thatentity objectives will be achieved.
S egregation of duties
C omparisons and compliance monitoring
A dequate documents and records
L imited access to and use of assets and records
P roper authorization of transactions and activities
7/30/2019 Internal Control Basics
11/19
11
Internal Control Basics
Classifications
Preventive, Detective, Corrective
General and ApplicationInput, Processing, and Output
7/30/2019 Internal Control Basics
12/19
12
Internal Control Components
Information and Communication - This areadeals with the identification, capture, and exchange ofinformation in a form and time frame that enable people tocarry out their responsibilities.
Identify and record all valid transactions (existence &completeness)
Properly classify transactions (presentation)
Record transactions at their proper monetary value(valuation)
Record transactions in the proper accounting period(allocation)
Properly present transactions and related disclosures inthe financial statements. (presentation & disclosure)
7/30/2019 Internal Control Basics
13/19
13
Internal Control Components
Monitoring - The process that assesses thequality of the internal control performance over
time.Effective supervision
Responsibility accounting
Internal auditing
7/30/2019 Internal Control Basics
14/19
14
Document Your
Understanding
Narrative
Flowchart
Questionnaire
7/30/2019 Internal Control Basics
15/19
15
Internal Control Risk
Rt = IR x CR x DR
SAS No. 47 requires the auditor to assescontrol risk. Maximum control risk is
100%
7/30/2019 Internal Control Basics
16/19
16
Assessing Control Risk
Start with the assertions
Existence or Occurrence
CompletenessRights and Obligations
Valuation or Allocation
Presentation and Disclosure
7/30/2019 Internal Control Basics
17/19
17
Assessing Control Risk
Match the documented control procedureswith the assertions
Three considerations:Are there adequate controls in place?
Are the controls in place designed adequately?
Are the controls in place operating effectively?
7/30/2019 Internal Control Basics
18/19
18
Tests of Controls
Inquiry
Inspection
Observation
Re-performance
7/30/2019 Internal Control Basics
19/19
19
Additional Issues
SAS No. 55 requires documentation of theassessed level of control risk
SAS No. 60 requires the auditor tocommunicate any reportable conditions tothe audit committee