What is the definition on an Internal Control System?
The process designed, effected, and maintained by management to provide reasonable assurance regarding the achievement of the entity’s objectives relating to:
- Reliability of financial reporting
- Effectiveness and efficiency of operations
- Compliance with applicable laws and regulations”
What is the main objectives of internal controls?
Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance
What are inherent limitations of Internal Control Systems?
C.H.A.C.A.C.
Cost
Human Error
Abuse
Collusion
Adequacy
Complexity (Changes)
What is the auditor’s duty regarding internal control?
Auditors are required to obtain an understanding of the entity and its internal control system sufficient to assess risks of material misstatement and design appropriate audit procedures.
How do auditors gain the understanding regarding internal control?
Prior Experience and Knowledge
Discussions and enquiries with staff
Review of policies and manuals
Inspection of documents and records
Observation
Walk-through tests
What are the components of an Internal Control System? (COSO)
- Control Environment
- Risk Assessment Process
- Information System for Financial Reporting and Communication
- Control Activities
- Monitoring of Controls
What are the key elements of the control environment?
Commitment to competence
Human resource policies and practices
Organizational structure
Participation by those charged with governance
Philosophy and operating style
Ethical values and integrity
Responsibility for reporting authority
What are the stages of the Risk assessment Process?
- Risk Identification – “What could go wrong?”
- Risk Quantification – Assessing the likelihood and impact of risks.
- Risk Evaluation – Prioritizing and deciding how to manage the risks.
What are the steps in an Information System for Financial Reporting and Communication?
- Initiate
- Execute
- Record
- Process
- Report
What are the control activities? SCARRR
Segregation of Duties
Access Control
Authorisation and Approval
Independent Review
Records and Documentation
Reconciliation
What are the control objectives? VAC
Validity: All transactions are authorized, actually occurred, are within the correct period, and supported by appropriate documentation.
Accuracy: All transactions are authorized, actually occurred, are within the correct period, and supported by appropriate documentation.
Completeness: All transactions that should be recorded are recorded promptly and none are omitted.
What are the Steps for Management to Design an Internal Control System?
- Identify risks – Ask “What could go wrong?”
- Formulate control objectives – Define what the control aims to achieve (e.g., validity, accuracy, completeness).
- Apply internal control components – Use the COSO model components to design controls that address identified risks.
