2. Concepts of Internal Control
Definition - set of policies and
procedures adopted by a firm in order to
provide reasonable assurance that their
objectives will be met. Consequently, it is
considered to be a means of providing
assurance that errors and irregularities
will be prevented, detected and
corrected on a timely manner by
employees of the company.
3. Subdivisions of Internal Control
Accounting controls
• Those policies and procedures which aim to
safeguard company’s assets and to ensure
reliability of accounting records.
Administrative controls
• Policies and procedures to encourage
adherence to mgt. policies and to promote
operational efficiency.
4. Inherent Limitations of IC
Cost – benefit
Management override
Collusion or connivance
Mistakes in judgment / human factors
Projection risk
5. Elements of Internal Control
Control environment
Control procedures
Accounting and communication system
Risk assessment
Monitoring
6. Control Environment
which means the overall attitude,
awareness and actions of directors and
management regarding the internal
control system and its importance in the
entity.
Factors reflected in control environment
are: M O F A M P E
7. MOFAMPE stands for
M – management philosophy and operating style
O – Organizational structure
F – Functioning of BOD / Audit committee
A – Assignment of responsibilities
M – Management controls
P – Personnel policies
E – External Influences
8. Control Procedures
which means those policies and
procedures in addition to the control
environment which management has
established to achieve the entity’s
specific objectives.
Fundamental principles of controls -
ASDAR
9. ASDAR stands for
A – Authorization ( Specific and General)
S – Segregation (CARE)
D – Documentation
A – Access
R – Reviews
10. Accounting and Communication
System
Interrelated set of components which
aims to convert data into meaningful
information and providing such
information to authorized users.
11. Risk Assessment
Ability of management to take actions in
response to business risks and providing
solutions to identified problems.
Capability of management to find out
root-cause of problems and formulating
appropriate solutions thereon.
12. Monitoring
To provide reasonable assurance that
the other elements of internal control are
being applied as prescribed. Normally
performed by internal audit department.
13. Responsibility of Parties
Management and those in-charge of
Governance – primary party responsible
in designing and implementing internal
controls.
Employees – entrusted with the PDC of
internal controls.
Auditor – understanding IC for planning
purposes.
14. Reasons for understanding
internal control
identify the types of potential material
misstatements that could occur in the
financial statements;
consider factors that affect the risk of
material misstatements; and
design appropriate audit procedures.
15. Things to be considered by
Auditor
understanding the design of internal
control whether they are placed in
operation
Assessment of risks ( inherent and
control )
Documentation
16. Assessment level and
Documentation
Maximum level – no tests of controls, document
understanding of the design and document the
conclusion of assessment.
Below Maximum level – identify controls likely
to be effective; perform tests of controls;
document understanding of the design;
document conclusion of assessment; and
document basis for conclusion