Scribd
Upload
23 views4 pages

Assessment and Evaluation 3.6

The document defines internal control and its components. It explains that internal control aims to provide reasonable assurance of achieving reliability of financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations. The five components of internal control are defined as the control environment, risk assessment, control activities, information and communication, and monitoring activities. Segregation of incompatible duties is described as important to the effectiveness of internal controls. The steps in considering internal controls in an audit are outlined.

Uploaded by

panda 1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views4 pages

Assessment and Evaluation 3.6

The document defines internal control and its components. It explains that internal control aims to provide reasonable assurance of achieving reliability of financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations. The five components of internal control are defined as the control environment, risk assessment, control activities, information and communication, and monitoring activities. Segregation of incompatible duties is described as important to the effectiveness of internal controls. The steps in considering internal controls in an audit are outlined.

Uploaded by

panda 1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

JAYCEELYN OLAVARIO

BSA-3C
AcctgPre01
MT 10:30 am-12:00 pm
ASSESSMENT AND EVALUATION

1. Define internal control

According to COSO’s Internal Control—Integrated Framework, a system


of internal control is designed and carried out by an entity’s board of directors,
management, and other personnel to provide reasonable assurance about the
achievement of the entity’s objectives in the following categories: (1) reliability,
timeliness, and transparency of internal and external financial and nonfinancial
reporting; (2) effectiveness and efficiency of operations, including safeguarding of
assets; and (3) compliance with applicable laws and regulations. According to
COSO, the purpose of its Framework is to help management better achieve the
organization’s objectives and provide boards of directors an added ability to
oversee internal control. An effective system of internal control allows
management to focus on operations and financial performance goals while
maintaining compliance with relevant laws and minimizing surprises.

https://www.youtube.com/watch?v=c85pomognpA
https://www.youtube.com/watch?v=CtUdmnUNSvc
https://www.youtube.com/watch?v=tJOQ1uQ1LmY

Internal controls are processes, policies and procedures implemented by the top
management and board of directors in order to achieve the entity’s objectives: (1)
reliability of financial reporting (2) enhance the effectiveness and efficiency of
operations and (3) compliance with laws and regulations.

2. Enumerate the components of internal control and explain each ***

 Control environment. The control environment is the set of standards,


processes, and structures that make the actual the foundation for internal
controls throughout the entire organization. So this includes the tone at the top it
means the attitude of top managements. Example, the attitude of the CEO
towards internal control. If the CEO view internal control something they’re forced
to do and don’t really care about it that’s going to affect the environment. Lower
level employees will not take the internal controls seriously if they saw the
attitude of the CEO towards internal control so the environment is very important
for setting the attitude throughout the organization toward internal control.

 The entity’s risk assessment process. Each organization is going to have


some type of risk assessment process for identifying and managing any type of
risk that threaten the achievement of company’s objectives. Example: Does the
company assess the risk of financial statement fraud? The company should be
assessing the risk of financial statement fraud and that’s gonna have a bearing
on the company's internal controls.
 Control activities. When we look at the controls themselves these are just
policies, procedures that are put in place to address the risk that we've identified
in assessment process to try and address those risks. Example segregation of
duties, authorization and reconciliation.

 Information and communication. How does management communicate to our


internal and our external users what it is we expect from them and how do we
make sure that we receive acknowledgement from those people that they
understand what it is that we’re asking them to do. Getting information from
financial statement or from accounting system that cannot be trusted and there’s
all kinds of issues for example we don’t have information about the dates when
journal entries are recorded that would be pretty ridiculous and poor accounting
system. But let’s say that’s the case if you don’t have that information then it’s
going to be difficult to assess things like cut off. When was a sale was actually
recorded and so forth. Was it recorded in the proper period or was it recorded in
the wrong period. Also not just accounting system but thinking about the internal
control responsibilities and are those responsibilities being adequately conveyed
to the employees by either top management and that could be through an email.
Perhaps top management sends an email and explains the employees like okay
this is the person in charge of this and so forth or the organization could have
formal policy manuals that lay out the procedures for internal control. Internal
controls aren’t going to be that helpful if you have them in place but nobody
knows what they are or how to operate them.

 Monitoring of controls. How does management oversee the functioning of the
entire organization and how do we identify when things aren’t working correctly
and correct those deficiencies as quickly as we possibly can. Monitoring has to
do with evaluating the internal. Are people actually applying the internal controls
as designed? Are the internal controls working? Are the internal controls catching
any mistakes or misstatements? If the controls are found to be ineffective in that
they're not working then the organization can take action and fix the issue

3. Under control activities, explain how important is the segregation of


incompatible duties in the overall effectiveness of internal control

Segregation of incompatible duties is a part of the control activities of an


organisation. Control activities are policies and procedures that help make sure
management’s directives are carried out. The concept of segregation of
incompatible duties is that no one employee or group of employees should be in
a position both to perpetrate and hide errors or fraud in the normal course of their
duties. If these duties are not segregated, an employee could steal assets (such
as cash or stock) and adjust the records to conceal the theft. If the duties are
segregated, the employee stealing the assets would have to get the cooperation
of another employee to adjust the records to hide the theft. Therefore, it is very
important for the effective operation of a control system that incompatible duties
are split between different employees.

4. What are the steps considered in considering internal control ***


It all starts with auditor gaining and understanding of company’s internal control.
How they work or whether they’re effective. At that point auditor is going to
assess whether they can rely on internal control and if the auditor believe that
they can’t rely on internal controls they’re gonna perform some test to see how
reliable those controls are.

For more details, in understanding the organization’s internal control has several
parts. First the auditor need to know how the controls are designed if the controls
is designed well then that simply means that were the control to actually be used
and applied by the right person then the control would be effective. However just
because the control is designed well doesn’t mean that it’s being implemented it
might be that no one is applying the internal control or it might be that the internal
control is being applied by the wrong person who doesn’t understand how to
apply it. So once the auditor has an understanding of the internal control which
they’re gonna document each and every step then they can answer the following
question:
 Can I rely on this entity’s internal controls?
o If the answer is NO that you’ve done the assessment you say I
cannot rely on these internal then you’re gonna put the control risk
at the maximum risk, the highest level of control risk. So you’re
gonna do a lot more substanstive testing because you can’t rely
on the controls so the control risk is gonna be really high. To keep
your audit risk low you’re going to have to basically do more
substantive testing.
o If the answer is yes, I can rely on the internal controls, Now you’re
going to do some tests. You’re gonna test the controls and see
okay are they in fact working at the extent to which I believe. And
if your find that okay I’ve tested these controls and I found that
they are ineffective after testing them then you’re going to set the
control risk at a very high level which means gonna have to do
more substantive testing. If the controls are effective then it that
case we can have low control risk and because the test has been
found to be effective you can reduce the amount of substantive
testing and procedures that you’re going to conduct throughout
the audit.

5. Is test of control always required? Why or Why not?

Tests of controls are performed in order to provide evidence to support the lower
level of control risk when using a relaince strategy. Tests of controls directed
toward the effective- ness of the design of a control are concerned with
evaluating whether that control is suitably designed to prevent, or detect and
correct, material misstatements. Tests of controls directed toward operating
effectiveness are concerned with assessing how the control was applied, the
consistency with which it was applied during the audit period, and by whom it
was applied. Procedures that are used for tests of controls are listed below with
examples of how the audi- tor might apply each. These four categories represent
the four types of tests of controls that auditors choose from in designing a
program for testing controls—you would be wise to com- mit them to memory.

https://www.youtube.com/watch?v=9gGShfYE9MA
https://www.youtube.com/watch?v=gMyeQqoCOAE
https://accountinguide.com/test-of-controls/

tests of controls must be performed in the audit of financial statements


for each relevant assertion for which substantive procedures alone
cannot provide sufficient appropriate audit evidence and when
necessary to support the auditor's reliance on the accuracy and
completeness of financial information used in performing other audit
procedures.14/
https://pcaobus.org/oversight/standards/archived-
standards/details/Auditing_Standard_13

6. What is the best type of audit documentation of the client’s internal control?

https://www.youtube.com/watch?v=MrTKjvxHdTo
https://www.academia.edu/12115618/AUDITING_DOCUMENTING_UNDERSTA
NDING_OF_INTERNAL_CONTROL

You might also like