TOPIC 6
INTERNAL CONTROL
c
�Reasons Why Fraud Occurred
1. Poor internal control
2. Management override of internal
controls
3. Collusion between employees
and third parties
4. Collusion between employees or
management
÷
�Internal Control and
Accounting System
Accounting system
Internal control
=
� Accounting System
^ SAS 300
£ In planning the audit, auditors
should obtain and document an
understanding of the accounting
system and control environment
sufficient to determine their audit
approach
ð
�Accounting System cont¶d
^ Obtain understanding to enable
them to identify and understand:
������ ������ �
� �� �
����
���������
� �� �
����� ���
���
�
��
����� �� �
� �����
�������������
������
�����������
��� �����
�
������
���� ��� �� ��� ��
�����
�����������
Ñ
� Accounting System cont¶d
^ Input ± capture a mass accounting data
^ Process ± converting the mass of raw
data into useful info.
^ Output ± prepare the accounting info in
a form useful to those who wish to use it
?
� Accounting System cont¶d
^ Effective accounting system
provide reasonable assurance on:
Identification and record of all
valid transactions;
Proper classification for fin.
reporting;
Proper measurement on the value
of transaction
Proper presentation in f/s
�Internal Control
£ A process, affected by an entity¶s board of
directors, management and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives :
^ m ����������� �
�� ��������� ��
�� �����
^ ���� �������� � �� ��� ����
������
^ ����������� �
�
���������� � � �
� �
������
^ ���
�� ���������
��� ����� ��� �
�
����� �����
·
� Internal Control System
^ Comprises control environment (CE)
and control procedures (CP)
^ Includes policies and procedures
adopted by directors and management
^ Objectives:
����������
����
��� ������������
� ��� ������ ���
���������
���� ���
��
��
����� �������� ���� ��� ���
������
������� � �������������
������
���� �
����� � ������ ��
]
� Control environment
^ Overall � �������� �
� ��
� ��
of directors and
management regarding internal
controls and their importance in
the entity.
c
�Factors Affecting the Control
Environment
Integrity and ethical values
Commitment to competence
Participation of the BOD and audit
committee
Management¶s philosophy and
operating style
Assignment of authority and
responsibility
Human resource policies and
practices cc
� Control Procedures
^ Policies and procedures in addition to
the control environment
^ Being establish to achieve entity¶s
specific objectives
^ Particular procedures to prevent,
detect and correct error.
��� ��� ����������
���
�������� � ���
��������������
������ �����
���
������
����� �!�
���
c÷
� Control Procedures cont¶d
^ Specific control procedures:
Approval and control documents;
Controls over computerized
applications;
Check arithmetical accuracy of
records;
Maintain and review control accounts
and trial balances;
Reconciliation
c=
�Risk Assessment and Monitoring
Internal Control
£ Changes in internal and ext. events
£ Consider circumstances that may affect
entity¶s ability to record, process, report
£ Example :
^ Changes in the operating environment
^ New personnel
^ New or revamped info. system
^ Rapid growth
^ Foreign operations
cð
� Limitations of Int. Control
£ Reasonable assurance due to
inherent limitations
£ Example :
^ Management override of int.
control
^ Personnel errors and mistakes
^ Collusion
^ Cost benefit analysis
cÑ
� Internal control ± Planning and
Performing and Audit
£ ISA 400- auditor should assess the
entity¶s control risk at high unless :
(a) the auditor is able to identify
internal controls which are likely to
prevent or detect material
misstatements in f/s and;
(b) the auditor plan to perform test of
controls to support the assessment
of control risk as less than high
c?
� Auditor¶s Consideration of
Internal Control and Its
Relation to Substantive Tests
Substantive Strategy or
Reliance Strategy ?
c
� Substantive Strategy
£ Set control risk at the highest for
some or all assertion because :
The control do not pertain to an
assertion
The controls are assessed as
ineffective
Evaluating the effectiveness of
control is inefficient
c·
� Reliance Strategy
£ Assess control risk at less than
high and should:
(a) identify specific internal
controls relevant to specific
assertion that are likely to prevent
or detect material misstatements
(b) Test controls to evaluate their
effectiveness
c]
� Test of Control
£ Audit procedures that evaluate
the effectiveness of internal
control
£ Reliance strategy ± to support
the lower level of control risk
÷
� Test of Control cont¶d
£ Carry out to provide reasonable
assurance whether:
The control is suitably designed to
prevent material misstatements;
Control was applied, consistent with
which it was applied during audit
period, and by whom it was applied.
÷c
� Test of Control cont¶d
£ Example:
Inquiry of appropriate client
personnel
Inspection of documents, reports
Observation of the application of
the policies
Reperformance of the application
of the policy or procedure by the
auditor
÷÷
�_nderstanding Internal Control
^ Copies of the entity¶s procedures
^ Narrative description
^ Internal control questionnaires
(ICQ)
^ Flowcharts
÷=
