Scribd
Upload
400 views2 pages

Understanding Internal Control Systems

Control activities include policies and procedures to ensure management directives are followed, such as performance reviews, information processing, physical controls, and segregation of duties. Monitoring involves assessing internal control performance over time through ongoing or separate evaluations. For small businesses with few employees, internal controls tend to be weaker due to difficulty segregating duties, but the owner's active participation can compensate. Auditors consider internal controls because they impact the audit, such as understanding, documenting, assessing, and testing controls to determine control risk.

Uploaded by

Sean Austin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
400 views2 pages

Understanding Internal Control Systems

Control activities include policies and procedures to ensure management directives are followed, such as performance reviews, information processing, physical controls, and segregation of duties. Monitoring involves assessing internal control performance over time through ongoing or separate evaluations. For small businesses with few employees, internal controls tend to be weaker due to difficulty segregating duties, but the owner's active participation can compensate. Auditors consider internal controls because they impact the audit, such as understanding, documenting, assessing, and testing controls to determine control risk.

Uploaded by

Sean Austin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
  • Control Activities: Describes policies and procedures essential for implementing management directives including performance reviews and information processing.
  • Understanding Internal Control: Provides guidelines for auditors to comprehend the entity's internal controls, including components like control design and implementation.
  • Documenting the Auditor's Assessment of Internal Control: Covers processes for documenting auditor's findings related to internal control evaluation and control risk assessment.

Control Activities

Control activities are the policies and procedures that help ensure that management directives are
carried out. Specific control procedures that are relevant to financial audit include:

> Performance Reviews;

> Information Processing;

> Physical Controls; and

> Segregation of duties

Monitoring

Is a process of assessing the quality of internal control performance over time. It involves assessing the
design and operation of controls on a timely basis and taking necessary corrective action. Monitoring of
controls is accomplished through ongoing monitoring activities, separate evaluation, or a combination of
the two. Ongoing monitoring activities are built into the normal recurring activities of an entity and
include regular management and supervisory activities. Separate evaluations are monitoring activities
that are performed on a non-routine basis.

Internal control for a small business

In small business, with very few office employees, it is difficult to have proper segregation of duties or
maintain a separate internal audit department. Internal control system in a small business tends to be
weak compared to internal control of large entities. These weaknesses, however can be compensated if
the owner actively participates in the operation of the business.

Consideration of Internal Control

Auditors are not responsibility for establishing and maintaining an entity’s accounting and internal
control systems that is the responsibility of the entity’s management. Nevertheless, the auditors should
give adequate consideration to these controls because the condition of the entity’s internal control
systems can have a significant impact on the audit.

Consideration of the entity’s internal control systems involves the following steps:

1. Obtaining understanding of the internal control;

2. Documenting the understanding of accounting and internal control systems;

3. Assessing the level of control risk;

4. Performing test controls; and

5. Documenting the assessed level of control risks


Understanding Internal control

The auditor should obtain sufficient understanding of the components of the entity’s internal control
relevant to the audit. Obtaining an understanding of internal control involves

> evaluating the design of a control; and

> determining whether it has been implemented.

Evaluating design of a control involves considering whether the control, individually or in combination
with other controls, is capable of effectively preventing, or detecting and correcting material
misstatements. After obtaining sufficient knowledge about the design system, the auditor should
determine whether these controls have been implemented. This is accomplished by performing “walk-
through’’ test.

The auditor’s understanding of internal control should be adequate enough to:

> Identify types of potential misstatements that can occur

> Consider factors that affect the risk of material misstatements and

> Design the nature, timing, and extend audit procedures to be performed.

Documenting the auditor’s understanding of internal control

Subsequent to obtaining sufficient knowledge about the design and implementation of internal control,
the auditor is required to document his understanding of accounting internal control systems. Some
commonly used forms of documentation include:

> Narrative description of the entity’s internal control;

> Flowchart that diagrams the flow of transactions and documents; and

> Internal control questionnaire providing management’s responses to questions about internal control.

Assessment of Control Risk

The auditor should make preliminary assessment of control risk, at the assertion level, for each material
account balance or class transactions. The auditor’s preliminary assessment of control risk may be at a
high level (100%) or less than high level. When the auditor’s knowledge of the entity’s internal control
indicates that internal control related to a particular assertion are not effective, the auditor may simply
assess control risk at a high level. On the other hand, if the auditor believes that controls appear to be
reliable, the auditor should determine whether it is efficient to obtain the evidence to justify an
assessment of control risk at a lower level.

If the auditor concludes that it is more efficient to rely on the entity’s internal control systems, the
auditor would plan to assess control at less than high level. For this purpose, the auditor should

> Identify specific internal control policies or procedures that are likely to prevent or detect and correct
material misstatement relevant to financial statement assertion; and

> Perform tests of control to determine the effectiveness of such policies or procedures.

You might also like