Chapter 4 : Internal Control System

 Internal control is not only essential to maintaining the

accounting & financial records of an organization, it is
essential to managing the entity.
 For that reason everyone, from the external auditors to
management to the board of directors to the
stockholders of large public companies to government,
is interested in internal controls.
 Internal control is a process, used by an entity’s board
of directors, management and other personnel, designed
to provide reasonable assurance regarding the
achievement of objectives in the following categories:
1. Effectiveness & efficiency of operations,
Internal Control Cont…
2. Reliability of financial reporting,
3. Compliance with applicable laws & regulations, and
4. Safeguarding of assets against unauthorized
acquisition, use or disposition.
 Internal control can be expected to provide only
reasonable assurance, not absolute assurance, to an
entity’s management and board that the company’s
objectives are achieved.
Objectives of Internal Control
 Some studies suggest that management typically has the
following objectives in setting up a good system of
internal control.
Objective of Internal Control Cont…
1. Orderly & efficient conduct of its business:
 An organization which is efficient and conducts its
affairs in an orderly manner is much more likely to be
able to supply the auditors with sufficient appropriate
audit evidence on which to base their audit opinion.
2. Adherence to Internal Policies
 Management is responsible for setting up an effective
system of internal control and management policy
provides the broad framework within which internal
controls have to operate.
 Management policy will cover all aspects of the
company's activities and will range from broad
corporate objectives to specific areas.
Objective of Internal Control Cont…
3. Safeguarding of Assets
 This objective may relate to the physical protection of
assets (for example by locking monies in a safe at night)
or to less direct safeguarding (for example ensuring that
there is adequate insurance cover for all assets).
 The auditors will be concerned to ensure that the
company has properly safeguarded its assets so that they
can form an opinion on existence of specific assets and,
more generally, on whether the company's records can
be taken as a reliable basis for the preparation of
financial statements.
4. Prevention and Detection of Fraud & Error
Objective of Internal Control Cont…
 The directors are responsible for taking reasonable
steps to prevent & detect fraud. They are also
responsible for preparing financial statements, which
give a true & fair view of the entity's affairs.
 A strong system of internal control will give the
auditors some assurance that frauds & errors are not
occurring, unless management are colluding to
overcome that system.
5. Accuracy & completeness of the accounting records
 This objective is most clearly related to statutory
requirements relating to both management and auditors.
6. Timely preparation of reliable financial information
Types of Internal Control
Types of Internal Control
1. Administrative controls
 Administrative controls are primarily concerned with the
promotion of operational efficiency and the adherence
to prescribed managerial policies.
 Administrative controls are related to operational audits
and compliance audits.
2. Accounting controls
 Accounting controls are principally concerned with
safeguarding assets & providing assurance that the
financial statements & the underlying accounting records
are reliable.
Types of Internal ControlCont…
 Internal accounting controls relate to external &
internal financial audits. The independent auditor is
primarily concerned with the accounting controls,
which generally bear directly and importantly on the
reliability of financial records.
Components of Internal Control
 Internal control consists of five interrelated components.
These are derived from the way management runs a
business, and are integrated with the management
process. The components are given as follows:
1. Control environment; 2. Risk assessment; 3.
Information & communication; 4. Control
activities/procedures; and 5. Monitoring.
Components of Internal Control
1. Control Environment
 The control environment means the overall attitude,
awareness, and actions of directors & management
regarding the internal control system and its importance
in the entity.
 It is the foundation for all other components of internal
control, providing discipline and structure.
 If management beliefs control is important, others in
the company will observe the control policies &
procedures. If employees in the organization feel control
is not important to top management, it will not be
important to them.
Components of Internal Control Cont…
 The auditor should obtain an understanding of the
control environment sufficient to assess the directors &
management’s attitudes, awareness & actions regarding
internal controls and their importance in the entity.
Element Contribute to Successful Control Environment:
 There are number of specific elements that usually
contribute to successful control environment & which
may be used as indicators of the quality of the control
environment of particular organization. Z elements are:
1. Integrity & Ethical values
 Effectiveness & efficiency of I/C structure depends
directly upon the integrity & ethical values of the
personnel who are responsible for creating,
administrating, & monitoring that structure.
Components of Internal Control Cont…
 Management should establish behavioral & ethical
standards that discourage employees from engaging in
activities that would be considered dishonest, unethical
or illegal.
2. Commitment to Competence
 The employees must be competent enough to perform
the assigned tasks. They must possess the skills &
knowledge essential for the performing the jobs & also
in applying the internal control policies & procedures.
3. Board of Directors or Audit Committee Effectiveness
 The effectiveness of the Board of Directors or Audit
Committee will significantly influence the control
environment.
Components of Internal Control Cont…
 The independence of the Board of Directors or the Audit
Committee enables it to be effective at overseeing the
quality of the organization’s financial reports, and act
as a deterrent/limiting/ to management override of
internal controls and to management fraud.
4. Management’s Philosophy
 Management philosophies will differ towards financial
reporting and towards taking business risks. Some may
be very aggressive in financial reporting and may be
willing to take great risks, while others may be
conservative & risk adverse.
 The differing attitudes & styles may have an impact on
the overall reliability of the financial statements.
Components of Internal Control Cont…
 The internal control in an informal organization will be
implemented by face to face contact with employees
and in formal organization, it will establish written
policies, performance reports, & exception/omission/
reports to control its various activities.
5. Organizational Structure
 Another factor affecting the control environment is the
organizational structure. A well-designed organizational
structure provides a basis for planning, directing, &
controlling operations.
 When the management decision-making is centralized
and dominated by one individual, that the individual’s
moral character is extremely important to the auditors.
Components of Internal Control Cont…
 When decentralized style is used, procedures to monitor
the decision making of the many managers involved
become equally important.
6. Human Resource Policies & Procedures
 The effectiveness of the internal control is affected by
nature & characteristics of people work in organization.
 The management’s policies & practice of hiring,
training, evaluating, promoting & compensating
employees have a significant effect on the effectiveness
of the control environment.
7. Assignment of Authority & Responsibility
 The employees in the organization should have a clear
understanding of their responsibilities and rules &
regulations that govern their actions.
Components of Internal Control Cont…
 To enhance the control environment, the management
should develop employee job descriptions and should
define clearly the authority & responsibility within the
organization.
2. Risk assessment
 When the auditor has obtained an understanding of the
entity, (s)he shall assess the risks of material
misstatement in the financial statements, also identifying
significant risks.
 Risk assessment requires the auditor to take the
following steps:
• Identify risks throughout the process of obtaining an
understanding of the entity and its environment
Components of Internal Control Cont…
• Assess the identified risks and evaluate whether they
relate more widely to the financial statements as a whole
• Relate the risks to what can go wrong at the assertion
level
• Consider the prospect/view/ of risks causing a material
misstatement
 Significant risks are complex or unusual transactions
that may indicate fraud, or other special risks.
 The following factors indicate that a risk might be
significant.
• Risk of fraud
• Its relationship with recent economic, accounting or other
developments
Components of Internal Control Cont…
• The degree of subjectivity in the financial information
• It is an unusual transaction
• It is a significant transaction with a related party
• The complexity of the transaction
 Routine, non-complex transactions are less likely to
give rise to significant risk than unusual transactions or
matters of management judgment. This is because
unusual transactions are likely to have more:
• Management intervention
• Complex accounting principles or calculations
• Manual intervention
• Opportunity for control procedures not to be followed
Components of Internal Control Cont…
3. Accounting Information & Communication System
 Accounting information and communication systems
capture, process, and report information to be used by
parties both within and outside the organization.
 Open communication channels are essential to proper
functioning of an information system.
 Personnel that process information should understand
how their activities relate to the work of others, and the
importance of reporting exceptions and other unusual
items to an appropriate level of management.
4. Control Activities
 The policies & procedures that help the management to
carry out the directives are known as the control
activities.
Components of Internal Control Cont…
 These policies & procedures will help the management
to ensure that the actions are taken to address the risks
that affect the organization.
 The following are the control activities that are relevant
to an audit of the organizations financial statements:
- Performance reviews
- Information processing
- Physical controls
- Segregation of duties
 Performance review provides management with an
overall indication whether personnel at various levels are
effectively following the objectives of the organization.
Components of Internal Control Cont…
 By investigating z reasons for unexpected performance,
management may make timely changes in strategies &
plans, or take other appropriate corrective actions.
 Information processing: this control activities is
performed to check the accuracy, completeness, and
authorization of transactions.
 Physical controls: These control activities include the
physical security over both records & other assets.
 Segregation of duties: a fundamental concept of internal
control is that no one department or person should handle
all aspects of a transaction from beginning to end.
 No one individual should perform more than one of the
functions of authorizing transactions, recording
transactions, and maintaining custody over assets.
Components of Internal Control Cont…
5. Monitoring
 Monitoring is a process that assesses the quality of the
internal control structure over time.
 The monitoring of the internal control structure is
important to determine whether it is operating as
intended and whether any modifications are necessary.

Limitation of Internal Control

 Management can only obtain a certain level of assurance
(reasonable assurance) that internal control objectives
have been achieved because of certain inherent
limitations of accounting and control systems. These
limitations include the following:
Limitation of Internal Control Cont…
1. Control systems still rely on human input and compliance.
Therefore there is always a possibility of human error
rendering the control ineffective.
2. Employees can get together to bypass controls. E.g, one
employee may 'sign in' or 'clock in' another employee to
bypass controls designed to monitor hours worked.
3. Management can use their authority to override controls.
4. Controls are usually designed to handle routine
transactions. When a non-routine or unusual transaction
occurs, the system may not be adequately designed to
ensure it is properly recorded.
5. The costs of implementing controls should not outweigh
the benefits.
Auditor Consideration of Internal Control
Auditor’s consideration of internal control
 In planning an audit it is essential that the auditors have
a sufficient understanding of the client's internal control
structure.
 This encompasses both an understanding of the design of
the policies, procedures, & records, and knowledge of
whether they have been placed in operation by the client.
 The auditor's consideration of the internal control
structure also provides a basis for their assessment of
control risk – the risk that material misstatements will
not be prevented or detected by the client's internal
control structure.
Consideration of Internal Control Cont…
 If the auditors determine that the client's internal control
is effective, they will assess control risk to be low.
 They can then accept a higher level of detection risk, and
substantive testing can be decreased.
Thank You!