Definition of Internal controls
The process designed ,effected and maintained by management to provide reasonable assurance about achievement of entity’s objectives relating to
Objectives of internal controls
- Reliability of financial reporting
- Effectiveness & efficiency of operations
- Compliance with laws & regulations
Internal control components
- Control environment
- Risk Assessment process
- Information system for reporting
- Control Activities
- Monitoring
Control environment: CHOPPER
Client commitment to competence (employ competent staff)
Human resource policy and practices (code of ethics) (I.e King code IV)
Organisational structure (responsibility and authority)
Participation by those charged with governance (AC)
Philosophy and operating style (care about issues + Act)
Ethical values and integrity (tone set from the top)
Responsibility for reporting authority (isolation of responsibility)
Risk assessment process:
Process by which management identifies and responds to relevant risks that threaten achievement of business objectives
- Conducted once a year formally - Reviewed, updated and applied continually
Risk Identification» Risk qualification» Risk evaluation
Information System For Reporting
Procedures and records established to initiate, execute, record, process, report entity transactions, events and conditions and to maintain accountability for related assets, liabilities and equity.”
- Transactions
- Implementation of Approval
- Source Documents
- Accounting Records (cash book- Ledger)
- Financial Statements
Control Activities:
Segregation of duties
Access Control
Independent Review
Documentation and Records
Authorisation and approval
Reconciliation
Monitoring:
- Assesses the effectiveness of the design and operation of internal control measures put in place
- Responsibility of the internal audit department
- Performed by management or those charged with governance
Control Activities: Segregation of duties
A transaction should not be handled by only 1 employee from beginning to end
- Initiation of a transaction;
- Authorisation of a transaction;
- Execution of a transaction;
- Recording of a transaction; and
-Control/Safeguarding of asset involved (only where applicable).
Control Activities: Access Control
- Logical & physical security
- Access control to assets (e.g., locks, safes, security guards, cameras); and
- Access control to documents/records (e.g., stationary register).
Control Activities: Independent Review
- 2nd independent person checks the work completed by 1st person, and
- sign or initial (evidence that check was performed and pinpoint responsibility.
Control Activities: Documentation and Records
-Document design:
- Easy identification of different types of forms (e.g., colour/size)
- Pre-printed
- Pre-numbered (enable sequence checking)
- Logical design & layout
- Space for signatures/initials
- Multi-copied source documents *(to be send to different divisions)
Stationary Control:
- Safeguarded
- Register
- Cancellation of documents after use
Control Activities: Authorisation and approval
In terms of company policy:
- specific authorisation levels given the
- type of transactions
- value of transactions (amount)
- after reviewing supporting documents
Evidence of authorisation required:
-sign (as evidence that authorisation was given and pinpoint responsibility)
Control Activities: Reconciliation
Reconciliation between actual vs recorded assets:
- Comparing e.g., physical stock counts with inventory account
Reconciliation between two sets of recorded information:
- Comparing e.g., bank account to bank statements; and
Comparing e.g., sub-ledger to general ledger.
3 steps for management to design IC-system
- Step 1 Identify risk (“What Could Go Wrong?”)
- Step 2 Formulate control objective
- Step 3 Apply components of internal control to design a proper system to address the risks and thereby achieve the control objective
Walk through tests: (Auditors duty)
- System description
- Internal Control Questionnaire
- Yes: sound internal controls
- No- weakness in IC- potential risk
- Consider compensating controls - System flow charts
- Standardized symbols
- Flow of documents
- Sequence of events
- Duties of staff & departments
Inherent limitations
- Cost vs Benefit
- Directed at routine, repetitive transactions
- Human error
- Collusion for circumvention of internal controls
- Abuse of responsibility
- Control becomes inadequate
