Auditing & Assurance Principles: Pamantasan NG Lungsod NG Marikina College of Management and Technology
Auditing & Assurance Principles: Pamantasan NG Lungsod NG Marikina College of Management and Technology
Auditing & Assurance Principles: Pamantasan NG Lungsod NG Marikina College of Management and Technology
PRINCIPLES
PAMANTASAN NG LUNGSOD NG MARIKINA
COLLEGE OF MANAGEMENT AND TECHNOLOGY
By:
NILO N. IGLESIAS, CPA, MBA, REA
Consideration of Internal
Control
Introduction
Once the auditor has set the desired level of audit
risk and assessed the appropriate level of inherent
risk, the next step is to assess the level of control
risk.
Assessing control risk is the process of evaluating
the design and operating effectiveness of an entity’s
internal control as to how it prevents or detects
material misstatements in the financial statements.
The conclusion reached as a result of assessing
control risk is referred to as assessed level of control
risk.
Summary Steps in Using the Audit Risk Model
Internal
control is performed by those charged with governance,
management and other personnel
Internal
control can be expected to provide reasonable assurance of achieving the entity’s
objectives
Internal control can only provide reasonable assurance that the entity’s objective will be achieved
not absolute assurance.
Management usual requirement that the cost of internal control should not exceed the expected
benefits to be derived.
Most internal controls tend to be directed at routine transactions rather than non-routine transactions.
The potential for human error due to carelessness, distractions, mistakes of judgment and the
misunderstanding of instructions.
The possibility of circumvention of internal controls through the collusion among employees.
The possibility that procedures may become inadequate due to changes in conditions, and compliance
with procedures may deteriorate.
Nature of Internal Control
The definition embodies four (4) essential concepts:
Internalcontrol is geared towards the achievement of the entity’s objectives in the following
categories:
Inthe audit of financial statements, the auditor is only concerned with those policies and procedures
within the accounting and internal control system that are relevant to the financial statement
assertions.
Therefore, the objective that is most important to the audit is the financial reporting objective.
Operational and compliance objectives may be relevant to the audit only if they relate to the data
auditor evaluates to determine the reliability of some financial statement assertions.
For example, control pertaining to non-financial data that the auditor uses in analytical procedures,
such as production statistics, or controls pertaining to detecting non-compliance with laws and
regulations that may have a direct and material effect on the financial statements, such as controls
over compliance with income tax and regulations used to determine the income tax provision, may be
relevant to the audit.
•Components of Internal Control
Although internal control policies and procedures vary significantly from one entity to another, there are essential
components of internal control that must established to provide a reasonable assurance that the entity’s objectives
will be achieved.
There are five (5) interrelated components of the entity’s internal control, namely:
Control Environment:
The control environment includes attitudes, awareness, and actions of management and those charged with
governance concerning the entity’s internal control and its importance in the entity.
The internal control environment also includes the governance and management functions and sets the tome of an
organization, influencing the control consciousness of its people.
It is the foundation for effective internal control, providing discipline and structure.
Integrity and ethical values – ethical standards that discourage dishonesty or illegal acts
Active participation of those charged with governance – overseeing financial reporting policies and practice
Commitment to competence – competence required for each task, knowledge and skills
Personnel polices and procedures- policies in hiring, training, evaluating and promoting
There are five (5) interrelated components of the entity’s internal control, namely:
Risk Assessment:
Effective internal control system must provide timely information and communication.
The information system relevant to financial reporting objectives consists of the procedures and records established to
initiate, record, process and report entity transactions and to maintain accountability for the related assets, liabilities and
equity.
Information system encompasses methods and records that:
Identify and record all valid transactions
Describe on a timely basis the transaction in detail to permit proper classification for financial reporting
Measure value of transaction in a manner that permits recording their proper monetary value
Determine the time period in which the transaction occurred
Present properly the transactions and related disclosures in the financial statements.
•Components of Internal Control
Althoughinternal control policies and procedures vary significantly from one entity to another, there are essential
components of internal control that must established to provide a reasonable assurance that the entity’s objectives will be
achieved.
There are five (5) interrelated components of the entity’s internal control, namely:
Control Activities:
Control activities are policies and procedures that help ensure the management directives are carried out.
Specific control procedures that are relevant to financial statement audit would include:
Performance Reviews
These control activities include reviews and analyses of actual performance versus budgets, forecasts and prior period
performance; relating different sets of data to one another.
Information Processing
A variety of control are performed to check accuracy, completeness and authorization of transactions.
When computer processing is used in significant accounting application, internal control procedures can be classified
into two types; General and applications controls.
PhysicalControls
These activities encompasses the physical security of assets, including adequate safeguards such as secured facilities over
access to assets and records; authorizations for access to computer programs and data files and periodic counting and
comparison with amounts shown on control accounts.
Segregation of Duties
Assigning different people, the responsibilities of authorizing transactions, recording and maintaining custody of assets
intended to reduce opportunities to both perpetrate and conceal errors or fraud.
•Components of Internal Control
Although internal control policies and procedures vary significantly from one entity to another, there are
essential components of internal control that must established to provide a reasonable assurance that the
entity’s objectives will be achieved.
There are five (5) interrelated components of the entity’s internal control, namely:
Monitoring:
Monitoring is a process of assessing the quality of internal control performance over time.
Itinvolves assessing the design and operation controls on a timely basis and taking necessary corrective
actions.
Ongoing monitoring activities are built into the normal recurring activities and include regular management
and supervisory activities such as monthly bank reconciliation.
Separate evaluations are monitoring activities that are performed on a non-routine basis, such as
functions performed by internal auditors.
Consideration of Internal Control
The auditor are not responsible for establishing and maintaining entity’s
accounting and internal control systems.
Nevertheless, the auditor should consider these control because the quality of
the entity’s internal control system can have a significant impact on the audit.