Internal Control

Flashcards on Internal Control based on lecture notes.

Internal Control (IC)

The process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives.

Management Responsibilities (Internal Control)

To design, implement, and maintain internal control to assist in achieving the entity's objectives.

Those charged with governance responsibilities (Internal Control)

To ensure the integrity of accounting and financial reporting systems through oversight of management.

Staff personnel responsibilities (Internal Control)

To perform their respective functions in order to accomplish the objectives of the entity.

Inherent limitations of internal control

Management overriding the internal control; Circumvention of internal controls through collusion among employees; cost-benefit relationship; internal controls directed at routine transactions; human error; procedures becoming inadequate; segregation of duties in smaller entity.

Categories of Entity's Objectives

Financial reporting objective; Operational effectiveness objective; Compliance objective

Financial Reporting Controls

Controls to achieve reliability of financial reporting objective.

Operational Effectiveness Controls

Controls to achieve operational effectiveness objective.

Compliance Controls

Controls to achieve compliance objective.

Preventive Controls

To deter problems before they arise. Examples: Segregation of employee duties; Control physical access to assets, facilities and information.

Detective Controls

To discover problems as they arise. Examples: Preparing bank reconciliation; Preparing monthly trial balance.

Corrective Controls

To remedy problems discovered with detective controls. Example: Maintaining backup copies of transactions and master files.

Benefits of Strong Internal Control

Reduced cost of an external audit; Availability of reliable data for decision-making purposes; Protection of important documents and records; Assurance of compliance with applicable laws and regulations.

Components of Internal Control (CRIME)

Control Environment; Risk Assessment; Information, financial reporting and communication systems; Monitoring the controls; Existing control activities.

Control Environment

The overall tone of the organization.

Risk Assessment

Management’s identification and assessment of risks.

Information, financial reporting and communication systems

A means of recording transactions and communicating responsibilities.

Monitoring the Controls

Assessment of internal control performance over time.

Existing Control Activities

Control policies and procedures.

Assignment of Authority and Responsibility

How authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established.

Organizational Structure

The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled and reviewed.

Control Activities

Policies and procedures that help ensure management’s directives are carried out and that necessary steps to address risks are taken.

Prenumbering of Documents

Helps to assure that all transactions are recorded (completeness) and no transactions are recorded more than once (existence).

Authorization of Transactions

Authorization should occur before commitment of resources.

Independent Checks to Maintain Asset Accountability

Involve the verification of work previously performed by others.

Documentation

Provides evidence of the underlying transactions and is a basis for establishing responsibility for the execution and recording of transactions.

Information Processing Controls

Ensure that transactions are valid, properly authorized, and completely and accurately recorded.

Physical Controls

Are physical controls for safeguarding assets involve security devices and limited access to programs and to restricted areas, including computer facilities.

Segregation of Duties

Involves ensuring that individuals do not perform incompatible duties. Duties should be segregated such that the work of one individual provides a crosscheck on the work of another individual.

Monitoring

A process that assesses the quality of internal control performance on an ongoing basis.

Purpose of Auditor's Study and Evaluation of Internal Control

To provide a basis for planning the audit to determine the nature, timing, and extent of audit procedures; To provide a basis for constructive suggestions to management about improvements in internal control structure.

Obtain Sufficient Understanding of Internal Control

Involves obtaining understanding of the design and operation of internal control relevant to the audit.

Evaluate the Design of Relevant Control

Determining whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements.

Determine Whether The Control Has Been Implemented

Whether the control is placed in operation; a control has been implemented if the control exists and is being used by the entity.

Walk-through Test

Tracing a transaction through the accounting system, from initial recording to presentation in the financial statements.

Perform Preliminary Assessment of Control Risk

The assessment of control risk is based on understanding of internal control.

Tests of Controls

Tests performed to test the operating effectiveness (as to design and operation) of internal controls that are likely to detect or prevent material misstatements in support of a reduced assessed level of control risk.

Internal Control Questionnaire

Consists of a list of questions on internal control be answered by "Yes" or "No" response. A negative response is designed to draw attention to a possible weakness in internal control. Written explanations are required for "No" answers.

Flowcharts

Pictorial/symbolic diagram depicting the operation of a program/system or the sequential flow of authority, processes, transactions and documents.

Internal Control Checklists

A detailed listing of ideal control measures (the auditor tickmarks the controls adopted by the client).

Narrative Memoranda

A written version of a flowchart. It is a description of the auditor's understanding of the system of internal control.

Reportable Conditions

Significant deficiencies/weaknesses in the design or operation of the internal control which have come to the auditor’s attention that should be reported to the appropriate level of management.

Significant Deficiency

A deficiency may be of such magnitude as to be considered a material weakness in internal control. A material internal control weakness is a condition in which material errors or fraud would ordinarily not be detected within a timely period by employees in the normal course of performing their assigned functions.