1 / 5

Components of Internal Control

Internal Controls are an integral part of any organization's financial and business policies and procedures. SA 315 explains the five components of any internal control as they relate to a financial statement audit. For more information about this subject stay with us.

waytopinnacle
Download Presentation

Components of Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Components of Internal Control Components of Internal Control I. Control Environment II. Risk Assessment IV. Information and Communication V. Monitoring of Controls III. Control Activities I.Control Environment II.Risk Assessment III.Control Activities IV.Information and Communication V.Monitoring of Controls I.Control Environment It includes; Integrity and Ethical Values Commitment to Competence Board of Directors and Audit Committee Management’s Philosophy and Operating Style Organizational Structure Assignment of Authority and Responsibility Human Resource Policies and Procedures   The Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.   The board of directors and senior management establish the tone at the top regarding the importance of internal control, including expected standards of conduct.   The control environment comprises the integrity and ethical values of the organization;

  2. the parameters enabling the board of directors to carry out its governance responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. For example: While auditing the auditor finds that client’s environment isn’t very good. During interviews with management and staff, Auditor sees a lack of effective controls or notice that previous audits show many errors. II. Risk Assessment It includes; Company-wide Objectives Process-level Objectives Risk Identification and Analysis Managing Change ● Every entity faces a variety of risks from external and internal resources. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. ● Thus, risk assessment forms the basis for determining how risks will be managed. A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. Example: Has management considered the risk of unrecorded revenue or expense transactions? III. Control Activities It includes; Policies and Procedures Security (Application and Network) Application Change Management Business Continuity/Backups Outsourcing

  3. Control Activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of entity, at various stages with business processes, and over technology environment. ● ● ● It includes the elements that operate to ensure that transactions are authorized, duties are segregated, assets are safeguarded, records are maintained, and independent check over performance and valuation of record. ● Control activities are developed to manage and mitigate the risks. Example: Whether the initiator and authorizer of transaction are different personnel? IV.Information & Communication It Includes; Quality of Information Effectiveness of Communication Information: Informationis necessary for the entity to carry out internal control responsibilities in support of the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. Communication: Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is how information is disseminated throughout the enterprise, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities should be taken seriously. External communication is two-folds it enables inbound communication of relevant external information and provides information to external parties.

  4. Example: To safeguard assets, does the client tag all computers with identifying stickers and periodically take a count to make sure all computers are present? v. Monitoring of Controls it includes; On-going Monitoring Separate Evaluations Reporting Deficiencies Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component are present and functioning. Ongoing evaluations provide timely information. Findings are evaluated against management’s criteria and deficiencies are communicated to management and the board of directors as appropriate. Example: If management discovers that tagged computers are missing, it has to set better controls in place. The organization may need to establish a policy that no computer gear leaves the facility without managerial approval. Limitations of internal controls; Internal control, no matter how effective, can provide an entity with only reasonable assurance and not absolute assurance about achieving the entity’s operational, financial reporting and compliance objectives. Internal control systems are subject to certain inherent limitations, such as: Sr. No. Limitations of Internal control Memory Hint(Key word) i. Cost doesn’t exceed benefit Management’s consideration that the cost of an internal control does not exceed the expected benefits to be derived. ii. Unusual transaction and human error The fact that most internal controls do not tend to be directed at transactions of unusual nature. The potential for human error, such as, due to carelessness, distraction,

  5. mistakes of judgment and misunderstanding of instructions. iii. Collusion The possibility of circumvention of internal controls through collusion with employees or with parties outside the entity. iv. Abuse of Responsibility The possibility that a person responsible for exercising an internal control could abuse that responsibility, for example, a member of management overriding an internal control. v. Manipulation by management Manipulations by management with respect to transactions or estimates and judgments required in the preparation of financial statements. Originally published at waytopinnacle.com/blog

More Related