Quiz 6: Internal Control in a Financial Statement Audit
Internal Control It is a process initiated by the board of directors of an entity for the better performance of the management, and achievement of the concern's goals. Benefits of Internal control to the Management: • It assures the management that all the valuable transactions which have occurred are properly recorded.• It confirms that all the recorded transactions are properly authorized.• It minimizes the risk of fraud and misappropriation of assets which safeguards the entity's assets. • It generates reliable information which helps the management to make right decisions on product pricing, cost of production, and profit information. Benefits of Internal control to the Auditor: • It assures the reliability of the data recorded to be used by the auditor. • It helps the auditor to identify the types of misstatements, and to ascertain factors that affect the risk of material misstatement. • It also helps the auditor to design test of controls and substantive procedures.
Benefits and risks to internal control Internal control is a process by which the management directs, administers and evaluates the resources and internal activities within the company. The potential benefits and risks to an entity's internal control from the information technology are listed below: Benefits to internal control • Provides steady application programs of advanced business laws and performance of difficult calculations for huge volume of transactions • Provides exact, timely and relevant information • Provides additional analytical information • Increases the ability to observe how the personnel manage the activities, policies and procedures within the entity • Reduces the risk of avoiding the performance of internal control activities • Implements security controls in applications, databases, and operating systems in order to have a decisive distribution of authority and responsibilities Risks of internal control • Dependent on the system that commits errors such as processing faulty data or not processing the data properly • It is easily accessible to unauthorized persons; this may cause destruction to the data stored and improper recording of transactions. • Unauthorized access may change the data kept in the main files. • Unauthorized access may cause changes in the systems or application programs. • The systems and application programs cannot be easily changed • The decisions made regarding the changes in the control systems are inappropriate. • The data stored in the systems has the greater possibility of getting damaged or destroyed.
Components of internal control Internal control is a process by which the management directs, administers, and evaluates the resources and internal activities within the company. The five components of internal control are described below: • The control environment The control environment refers to the manner in which the organization should manage its internal control system. It consists of the management's behavior, consciousness, efficiency, policies, procedures, and the concerns of the board of directors about the internal control. It enforces enables the organization to have an effective internal control by providing a definite pattern of behavior and internal control structure. • The entity's risk assessment process The risk assessment process is the process of identifying and evaluating the risk involved in the business activities, and in interpreting the results. Under the risk assessment process, the management assesses the risks associated with the preparation of the financial statements, appraises the impact of the risks, evaluates its probability of occurrence, and sets remedial measures to handle those risks. • The entity's information system and related business processes relevant to financial reporting and communication The entity's information system and relevant business processes include accounting procedures, recording of transactions, and maintenance of accountability of the resources. Communication is the process of conveying the duties and responsibilities to each personnel for managing the internal control system. • Control activities Control activities refer to the policies and procedures that are undertaken by the management to minimize risks associated with the achievement of the entity's objectives. • Monitoring of controls It is a process of observing and evaluating the performance quality of the management in managing the internal control activities, and taking necessary remedial measures thereof.