Internal Control: Detailed Revision Notes

These notes are designed to provide a comprehensive overview of internal control, suitable for exam
preparation. They cover all aspects of the provided document, explaining key concepts in detail.

1. The Meaning of Internal Control

Internal control is a process effected by an entity's board of directors, management, and other
personnel.

It's designed to provide reasonable assurance regarding the achievement of objectives in several
categories:

Effectiveness and efficiency of operations

Accuracy, reliability, and timely preparation of financial reports

Prevention and detection of fraud and error

Compliance with internal policies and applicable laws and regulations

Safeguarding of assets against unauthorized acquisition, use, or disposition

Internal control includes plans, policies, and procedures adopted by management to achieve
objectives.

"Internal control is a process effected by an entity's board of directors, management and other
personnel."

2. Objectives of Internal Control

There are three broad objectives:

Reliability of financial reporting: Management is legally and professionally responsible for ensuring
that financial statements are fairly presented in accordance with accounting frameworks like GAAP
and IFRS.

Efficiency and effectiveness of operations: Controls encourage efficient resource use to optimize
company goals. Accurate financial and non-financial information is crucial for decision-making.

Compliance with laws and regulations: Adherence to all relevant legal and regulatory requirements.
3. Management and Auditors' Responsibilities

Management's Responsibilities:

Establishing and maintaining the entity's internal controls.

Key concepts:

Reasonable assurance: Internal controls provide reasonable, not absolute, assurance that financial
statements are fairly stated. Cost-benefit analysis is considered.

Inherent limitations: Internal controls can never be completely effective, due to human factors and
collusion (acts of two or more employees conspiring to steal assets or misstate records).

Management assesses internal control by evaluating design and testing operating effectiveness. This
involves examining how transactions are initiated, authorized, recorded, processed, and reported.

Auditors' Responsibilities:

Obtaining a sufficient understanding of the entity and its environment, including internal control.

Assessing control risk (the probability that controls will fail to detect errors, irregularities, and fraud).

Primarily concerned with controls over:

The reliability of financial reporting (inadequate controls lead to misstated financial statements).

Classes of transactions (accuracy of account balances depends heavily on accurate inputs and
processing of transactions). Auditors focus on transaction-related audit objectives.

Also considers controls over ending account balances and presentation/disclosure objectives, and
safeguarding of assets and compliance with laws and regulations if they affect financial statement
fairness.

4. Components of Internal Control (COSO Framework)

The five components are:

Control Environment: Reflects the overall attitudes of top management, directors, and owners about
internal control. It's the foundation for the other components. Subcomponents include:

Integrity and ethical values

Board of directors or audit committee effectiveness

Management philosophy and operating style

Organizational structure

Human resource policies and procedures

Assignment of authority and responsibility

Risk Assessment: Management's identification and analysis of risks relevant to financial statement
preparation. Risks are assessed for significance and likelihood, and actions are developed to mitigate
them. Auditors also assess risk to determine the evidence needed in the audit.

Control Activities: Policies and procedures that ensure actions are taken to address risks. Five types:

Adequate separation of duties (custody of assets from accounting; authorization from custody;
operational responsibility from record-keeping; IT duties from user departments)

Proper authorization of transactions and activities (general vs. specific authorization; authorization
vs. approval)

Adequate documentation and records (pre-numbered documents)

Physical control over assets and records

Independent checks on performance

Information and Communication: Initiating, recording, processing, and reporting transactions and
maintaining accountability for assets. Auditors determine major transaction classes, how they're
initiated and recorded, existing accounting records, and the financial reporting process.

Monitoring: Ongoing or periodic assessment of internal control quality to ensure controls operate as
intended and are modified as needed.

5. The Use of Internal Control Systems by Auditors

Auditors use internal control systems to:

Assess the adequacy of the accounting system.

Consider factors affecting the risk of misstatements.

Design appropriate audit procedures.

6. Internal Audit and Internal Control

Internal audit is a management control mechanism responsible for evaluating the effectiveness of
the internal control system.

Pre-audit: Examination of transactions before payment. Focuses on reasonableness of expenditures,

Post-audit: Examination after the fact. Focuses on verifying accounting records, reviewing the
internal control system, evaluating efficiency and effectiveness of operations, and assessing whether
management objectives were achieved. Limited by its focus on detection rather than prevention.

7. Limitations of Internal Control

Internal control systems have inherent limitations:

Human factors: Errors, carelessness, fatigue, deliberate circumvention, or collusion can impair
effectiveness.

Scope of controls: Controls may not encompass all transactions, especially non-routine ones and
extraordinary events.

Business environment: Changing conditions may require control structure modifications.

There's always some level of control risk, but detection risk can be reduced with an effective internal
control structure.