2. What is Internal Control?
Definition:
By SAS (Statement of Auditing Standard):
Integrated framework publish by COSO (
Committee of Sponsoring Organisation) .
3. Definition (cont):
Process affected by “entity” designed to provide
reasonable assurance in ensuring:- “FARREGEBO”
1. FAR- Fair and accurate financial accounting
and reporting
2. REG- Comply with laws & regulations
3. EBO – Helps the company get effective &
efficient with business operations
4. Objectives of Internal control
Objectives:
1. FAR- Fair and accurate financial accounting
and reporting
2. REG- Comply with laws & regulations
3. EBO – Helps the company got effective &
efficient with business operations
5. Side objectives:
• To safeguard the assets – ensure they are
optimally utilised and protected from misuse,
fraud or theft.
• To prevent and detect fraud – controls are
necessary to show up any operational or
financial disagreement that might be result of
the theft or fraud.
6. Characteristics/ components of
Internal Control
“CRIME” to management not to have proper
internal control
• Control environment
• Risk Assessment
• Information & communication
• Monitoring
• Existing control activities
7. Limitations of Internal Control
• A good internal control system cannot turn a
poor manager into a good one
• Controls are only designed to cope with
routine transactions and events.
• The system can only provide reasonable
assurance regarding the achievement of
objectives
8. Inherent Limitation of Internal Control
- Human error; mistakes in judgement
- Management may override the control set
up by them
- Cost constraints (cost > benefits)
- Lack of personal quality of staff i.e. integrity
& independent
- Inadequate/ inefficient of ICS due to
changes in company size or activities
9. Importance of Internal control
• Control – reduce the risk of assets loss, help
& ensure that plan information is complete &
accurate
• To minimize opportunity for unintentional
errors or intentional errors that may harm the
plan (Preventive control)
• To discover small errors before they become
big problem (Detective control)
10. Relationship of IC & Audit
evidence
Audit evidence – “information” used by the
auditor to determine which audit opinion to
issue.
• To ensure that management has provide
reasonable assurance with are met reliability
of financial reporting, the effectiveness &
efficiency of operation & compliance with
laws & regulations. So that enable the auditor
to give opinion on the audit evidence.
11. Review & Documentation of IC
Documentation of the computer software programs
is crucial to both the audit client and the auditor.
This software includes the system & controls of:
• Input of information
• Information processing
• Output of information
• Report processing
• Logic of the software program
• Operator instructions
12. IC’s compliance test in
transaction cycle
• Auditors could obtain evidence about the
effectiveness of a control at an interim date &
not test its operation at year end.
• Auditors must evaluate the operating
effectiveness of control involving all relevant
significant accounts & disclosure each year.
• Auditors can use the work of others (Internal
auditors, other company personnel) to
evaluate/test internal control.
13. Strengths & weakness of IC
Strengths Weakness
Computer can display all is available Large number of accounting records are
not recorded on a timely basis
Orders directly go to the customer order
database
Anyone can perform a credit check
Sales order is filed in chronological order Internal control can be by-passed by
management override.
14. Management Letter
Def : Management letter includes suggestions to improve the
effectiveness or efficiency of the client’s operations & the
internal control procedures.
• Acknowledge management’s responsibility for establishing
& maintaining effective internal control over financial
reporting
• State that management has assessed the effectiveness of
internal control over financial reporting & specify the
control criteria used
• State management’s conclusion about the effectiveness of
internal control over financial reporting based on the
control criteria as of a specific date