TON DUC THANG UNIVERSITY

FACULTY OF ACCOUNTING

Chapter 3: Internal control

Course code: 201106

201106- Internal control 1

 Learning objectives
 Understand the definition of internal control
 Identify the components of internal control
 Analyze the role of internal control
 Identify audit procedures to understand internal control
system

201106- Internal control 2

 Contents

3.1 Definition of Internal Control

3.2 Components and Principles of Internal Control

3.3 Limitations of internal control

3.4 Management’s Responsibilities for Internal Control

3.5 Test of Internal control

201106- Internal control 3

 3.1 Definition of Internal Control
• Definition:
According to COSO
Internal control is broadly defined as a process, affected by an
entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
 Effectiveness and efficiency of operations
 Reliability of financial reporting
 Compliance with applicable laws and regulations

201106- Internal control 4

 3.1 Definition of Internal Control
• Definition:
PROCESS
Board of Effectiveness
directors and efficiency
of operations

Internal Reliability of
Managers
control financial
reporting OBJECTIVES
HUMAN
Staff Compliance
with
applicable
Reasonable
laws and
assurance
regulations

201106- Internal control 5

 3.1 Definition of Internal Control

Management has three broad objectives in

designing an effective internal control system

Reliability of
financial
reporting
Compliance Efficiency/
with laws and effectiveness
regulations of operations

201106- Internal control 6

 3.1 Definition of Internal Control
https://www.youtube.com/watch?v=750q-ADn8Bg

201106- Internal control 7

 3.1 Definition of Internal Control
Exercise:
Based on the definition of internal control, identify whether
these activities belong to internal control or not and explain
reasons for your answers.
a. Segregation of the following activities in an
organization: custody of assets, accounting,
authorization, and operational responsibility.
b. Company-wide policies for the approval of all
transactions within stated limits.
c. Management's identification and analysis of risks
relevant to the preparation of financial statements in
accordance with an applicable accounting framework.
201106- Internal control 8
 3.2 Components and Principles of
Internal Control

Control environment Monitoring

1
Risk assessment 5

2 4

3 Information &
communication

Control activities

201106- Internal control 9

 3.2 Components and Principles of
Internal Control
• Control environment
 Set the tone for an organization – “Tone at the Top”.
Establish the organizational culture.
 Provide discipline and structure.
 The foundation of the organization’s control system.

201106- Internal control 10

 3.2 Components and Principles of
Internal Control
• Control environment
 Integrity and ethical values
 Competence of institutional personnel
 Leadership philosophy and management style
 Organizational structure
 How management assigns authority & responsibility
 Human resources policies

201106- Internal control 11

 3.2 Components and Principles of
Internal Control
• Risk Assessment
Identification and analysis of relevant risks (e.g.
operational, financial, and compliance).

201106- Internal control 12

 3.2 Components and Principles of
Internal Control
• Risk Assessment
 After risks have been identified they must be evaluated
using a formal/informal process which includes:
 Estimating the significance of a risk.
 Assessing the likelihood (or frequency) of the risk
occurring.
 Assess the actions that could be taken to manage
risk and their associated costs.
 Is an on-going process.

201106- Internal control 13

 3.2 Components and Principles of
Internal Control
• Control Activities
 Policies and procedures established to ensure management
directives are carried out.
 Control activities:
 Adequate separation of duties
 Proper authorization of transactions and activities
 Adequate documents and records
 Physical control over assets and records
 Independent checks on performance

201106- Internal control 14

 3.2 Components and Principles of
Internal Control
• Control Activities
Adequate Separation of Duties
Custody of assets from Accounting

Authorization The custody of

from
of transactions related assets

Operational Record-keeping
from
responsibility responsibility

IT duties from User departments

201106- Internal control 15

 3.2 Components and Principles of
Internal Control
• Control Activities
Proper Authorization of Transactions and Activities

Transaction Approval Policies

General Specific
Authorization Authorization

201106- Internal control 16

 3.2 Components and Principles of
Internal Control
• Adequate Documents and Records
 Pre-numbered consecutively
 Prepared at the time of transaction
 Designed for multiple use
 Constructed to encourage correct preparation

201106- Internal control 17

 3.2 Components and Principles of
Internal Control
• Physical Control Over Assets and Records

The most important type of protective

measure for safeguarding assets and
records is the use of physical precautions.

201106- Internal control 18

 3.2 Components and Principles of
Internal Control
• Independent Checks on Performance

The need for independent checks arises because

internal control tends to change over time,
unless there is frequent review.

201106- Internal control 19

 3.2 Components and Principles of
Internal Control
• Information and Communication

The purpose of an accounting information

and communication system

Initiate

Maintain
Report
Record Accountability
transactions
for Related Assets

Process

201106- Internal control 20

 3.2 Components and Principles of
Internal Control
• Information and Communication
 The effectiveness of communication systems also
depends on many factors:
 Employees’ duties and control responsibilities must be
effectively communicated.
 Channels of communication must exist for employees to
report suspected improprieties.
 Management should be receptive to employee
suggestions for improvement.

201106- Internal control 21

 3.2 Components and Principles of
Internal Control
• Information and Communication
 The effectiveness of communication systems also
depends on many factors:
 Communication must be effective across departmental
lines.
 Communication must be timely and sufficient for
individuals to effectively discharge their responsibilities.
 Outside parties should be made aware of the
institution’s standards.
 Their must be timely and appropriate follow-up to
information feedback.
201106- Internal control 22
 3.2 Components and Principles of
Internal Control
• Monitoring

Monitoring activities deal with management’s ongoing

and periodic assessment of the quality of internal
control performance…

to determine whether controls are operating as intended

and modified when needed.

201106- Internal control 23

 3.2 Components and Principles of
Internal Control
• Monitoring
On-going monitoring activities include:
 Review of operating and financial reports to identify
significant inaccuracies or exceptions.
 Investigation of information received from external
parties.
 Organizational structure and supervisory activities.
 Comparison of data recorded in the information system
to physical assets. Periodic confirmations by personnel
that they understand and are complying with the
institution’s code of conduct.
201106- Internal control 24
 3.2 Components and Principles of
Internal Control
• Monitoring

Separate evaluations can be conducted by management or by

internal and external auditors.

201106- Internal control 25

 3.3 Limitations of internal control

• Internal controls, no matter how well designed and

executed, can only provide reasonable assurance
regarding the achievement of objects.
• Limitations include:
 Judgment
 Breakdowns
 Management override.
 Collusion

201106- Internal control 26

 3.3 Limitations of internal control

Limitations include:
 Judgment – Decisions must be made constrained by
available time, information at hand and under the pressures
of getting a job done.
 Breakdowns – Employees may misunderstand instructions.
Errors may occur from new technology or due to complex
systems.

201106- Internal control 27

 3.3 Limitations of internal control

Limitations include:
 Management override – High level personnel may be
able to overrule controls for personal gain or advantage.
 Collusion – Two or more individuals may work together
to bypass controls. No internal control system is
immune from collusion!

201106- Internal control 28

 3.3 Limitations of internal control

Limitations include:
 Excessive control is costly and counterproductive.
 Too little control presents undue risk.
 There should be a conscious effort made to strike an
appropriate balance.

201106- Internal control 29

 3.4 Management’s responsibilities for
internal control
As a manager, you are responsible for:

 Establishing the “tone at the top” and promoting an ethical

business environment by providing structure, feedback,
and discipline.
 Assessing risks specific to your operations and developing
a control system to address risks that could prevent
achieving established goals (see handouts).

201106- Internal control 30

 3.4 Management’s responsibilities for
internal control
As a manager, you are responsible for:

 Establishing and maintaining control activities such as

reconciliations, approvals, and review of operating
activities.
 Ensuring appropriate access to and use of University
information and systems.
 Monitoring control system and activities to identify and
correct breakdowns timely.

201106- Internal control 31

 3.5 Test of Internal controls
Process of understanding IC and Assessing Control Risk
Obtain understanding of IC: Design
and Operation

Preliminarily Assess Control Risk

Tests of Control

Reassess Control Risk

Decide planned Detection Risk and

Substantive Tests
201106- Internal control 32
 3.5 Test of Internal controls

Obtaining information of internal control systems

 Update and evaluate auditor’s previous experience with
the entity.
 Make inquiries of client personnel
 Inspect documents and records
 Observe entity activities and operations
 Walk-through test

201106- Internal control 33

 3.5 Test of Internal controls

Tools for test of internal control systems

 Narrative
 Questionnaire
 Flowchart

201106- Internal control 34

 True - false questions

1. Effective internal control allows for more informed

decisions by internal and external users of the financial
information
2. Internal control is intended to provide absolute assurance
that an organization will achieve its objective of reliable
reporting.
3. The control environment component of internal control is
considered a pervasive or entity-wide control because it
affects multiple processes and multiple types of
transactions.

201106- Internal control 35

 True - false questions

4. The control environment is seen as the foundation for all

other components of internal control.
5. There is one set of control activities that all organizations
should implement.
6. Control activities include both preventive and detective
controls.
7. An organization’s accounting system is part of its
information and communication component of internal
control

201106- Internal control 36

 True - false questions

8. An organization needs information from both internal and

external sources to carry out its internal control
responsibilities
9. Communicating identified control deficiencies is a principle
of monitoring.
10. If management identifies even one material weakness in
internal control, then management will conclude that the
organization’s internal control over financial reporting is
not effective.

201106- Internal control 37

 Multiple choice questions

1. The quality of an organization’s internal controls affects

which of the following?
a. Reliability of financial data.
b. Ability of management to make good decisions.
c. Ability of the organization to remain in business.
d. Approach used by the auditor in auditing the financial
statements.
e. All of the above.

201106- Internal control 38

 Multiple choice questions

2. Which of the following creates an opportunity for

committing fraudulent financial reporting in an
organization?
a. Management demands financial success.
b. Poor internal control.
c. Commitments tied to debt covenants.
d. Management is aggressive in its application of accounting
rules.

201106- Internal control 39

 Multiple choice questions

3. Which of the following statements regarding internal

control is false?
a. Internal control is a process consisting of ongoing tasks
and activities.
b. Internal control is primarily about policy manuals, forms,
and procedures.
c. Internal control is geared toward the achievement of
multiple objectives.
d. A limitation of internal control is faulty human judgment.
e. All of the above statements are true.

201106- Internal control 40

 Multiple choice questions

4. Which one of the following components of internal control

over financial reporting sets the tone for the organization?
a. Control risk assessment.
b. Control environment.
c. Information and communication.
d. Monitoring.

201106- Internal control 41

 Key terms
1. Control activities
2. Control deficiency
3. Control environment
4. Detective controls
5. Information and communication
6. Internal control
7. Monitoring
8. Risk assessment
9. Walkthrough
10. Significant deficiency in internal control

201106- Internal control 42

THE END OF CHAPTER 3!

201106- Internal control 43