AT6 INTERNAL CONTROL AUDTHEO

Internal Control

a process designed, implemented, and maintained by those charged with governance, management, and personnel to provide reasonable assurance about the achievement of an entity’s objectives.

Management

Whose responsibility is it to design, implement, and maintain internal control to assist in achieving the entity’s objectives?

Those charged with Governance

Whose responsibility is it to ensure the integrity of the accounting and financial reporting systems through oversight of management

Personnel

Whose responsibility is it to perform their respective functions in order to accomplish the objectives of the entity?

Primary purpose of Internal Control

to provide reasonable assurance about the achievement of the entity’s objectives

Routine; Non-Routine

Most internal control tend to direct more to _______ transactions rather than ________ transactions.

Cost-benefit relationship

it is a primary criterion in designing internal control, that is the cost of the control should not exceed its expected benefits.

Financial Reporting, Operational Effectiveness, and Compliance Objectives

Three entity objectives

Financial Reporting, Operational Effectiveness, and Compliance Controls

Classification of IC according to objectives

Financial Reporting Controls

Internal control that is always relevant to auditor’s risk assessment

Operational and Compliance Controls

Internal control usually not relevant to auditor’s risk assessment but may be relevant if they relate to data the auditor evaluates to determine the reliability of some financial statement assertions.

CRIME

components of internal control that represent the means of an entity to achieve its objectives

Control Environment

it is the overall tone of the organization; it sets the foundation of effective internal control, and it is a set of characteristics that defined good control working relationships in an entity.

Risk Assessment

entity’s management’s identification and assessment of risks. identify the business risks → estimate the significance of the risks → assessment of the likelihood of their occurrence → decides upon actions.

Information, Financial Reporting and Communication Systems

means of recording transactions and communicating responsibilities. it supports the identification, capture, and exchange of information in a timely and useful manner.

Monitoring the Controls

assessment of internal control performance over time

Existing Control Activities

control policies and procedures to ensure that management directives are carried out and that necessary steps to address risks are taken.

Competence

knowledge and skill necessary to accomplish tasks that define the individual’s job

Control Activities

are the policies and procedures that help ensure management’s directives are carried out and that necessary steps to address risks are taken

Application Control

controls which apply to the processing of individual applications

General Controls

which are controls that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems.

Physical Controls

are physical controls for safeguarding assets involve security devices and limited access to programs and to restricted areas, including computer facilities

Segregation of Duties

involves ensuring that individuals do not perform incompatible duties. Duties should be segregated such that the work of one individual provides a crosscheck on the work of another individual.

Walkthrough Test

tracing a transaction through the accounting system, from initial recording to presentation in the financial statements.

Test of Control

are performed when the auditor plans to rely on internal control; the auditor will only test those controls that he plans to rely upon (controls that are likely to prevent or detect and correct material misstatement relevant to the financial statements).

Reportable Conditions

are significant deficiencies/weaknesses in the design or operation of the internal control which have come to the auditor’s attention that should be reported to the appropriate level of management

Governance

refers to the role of persons entrusted with the supervision, control and direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its objectives, financial reporting, and reporting to interested parties.

Material Internal Control Weakness

is a condition in which material errors or fraud would ordinarily not be detected within a timely period by employees in the normal course of performing their assigned functions.