The document discusses internal controls and their importance for auditing. It defines internal controls as policies and procedures adopted by management to achieve objectives like ensuring orderly and efficient operations, safeguarding assets, and preparing reliable financial reports. The two main components of internal controls are the control environment and control procedures. The control environment reflects management's attitude towards controls, while control procedures are specific policies that help achieve objectives. Understanding internal controls is essential for auditors to plan the nature, timing, and extent of audit procedures.

1. BY
Atta-ur-Rahman Arif

2. OBJECTIVE
A sufficient understanding of
internal control is to be obtained to
plan the audit and to determine the
nature, timing and extent of tests
to be performed

3. MEANING
 All the policies and procedures adopted by
the management of an entity to assist in
achieving management’s objective of
ensuring, as far as practicable,
 The orderly and efficient conduct of business
 Safeguarding of assets
 Prevention and detection of fraud and error
 Accuracy and completeness of accounting
records
 Timely preparation of reliable financial
information

4. COMPONENTS Internal control includes two categories
of controls that management designs
and implemented to provide reasonable
assurance that the management's control
objectives will be met. These are:
1. Control Environment
2. Control Procedures

5. CONTROL ENVIRONMENT
 It consist of the actions, policies and procedures
that reflects the overall attitudes of top
management , directors and owners of an entity
about control and its importance to the entity.
 Strong control environment can significantly
complement specific control procedures.

6. CONTROL ENVIRONMENT
 Auditor should consider the subcomponents
while understanding and assessing the control
environment, such as:
 Entity’s ethical and behavioral standards and how
they are communicated and reinforced in practice.
 Management’s competence level for assigning
individual’s job.
 Functions of Board of Directors and its
Committees
 Entity’s organizational structure and methods of
assigning authority and responsibility.
 Human resource policies and practices.

7. CONTROL ENVIRONMENT
 It also includes some other controls such as:
1, Risk Assessment :
Identification and analysis of risks relevant to the
preparation of financial statements in accordance
with GAAP.
2, Information & Communication
Accounting system should identify, assemble,
classify, analyze, record and report the entity’s
transactions.
3, Monitoring
Ongoing and periodic assessment of the quality of
internal control performance.

8. CONTROL PROCEDURES
 Those policies and procedures in addition to the
control environment which management has
established to achieve the entity’s specific objectives.
It includes:
 Reporting, reviewing and approving reconciliations
 Checking the arithmetical accuracy of the records
 Controlling applications and environment of CIS
 Maintaining and reviewing control accounts
 Approving and controlling documents

9. CONTROL PROCEDURES
 Comparing internal data with external sources of
information
 Comparing the results of cash, security and
inventory counts with accounting records
 Limiting direct physical access to assets and
records
 Comparing and analyzing the financial results
with budgeted amounts

10. CATEGORIES
 Internal control can be divided into two categories
such as:
1, Financial Control
Mainly concern with legitimacy of Income &
Expenditures and Security of Assets (Accounting
Control)
2, Management or Operational Control
Plan of organization, procedures and records that
are concerned with the decision processes leading
to management’s authorization of transactions

11. Financial Control
1. Budgetary Control
2. Legitimacy of Income and Expenditure
3. Accounting Controls
1. Transaction recorded as necessary in accordance
with Accounting principles
2. Access to assets is permitted only in accordance
with authority
3. Recorded accountability for assets is compared
with existing assets

12. Management Control
1. Organization should review its objectives
2. All staff and officers should be informed about
the objectives and policies
3. Organizations structure clearly defined
4. Management must be informed regularly
5. Proper system of supervision
6. Review of operations effeciency

13. NEED FOR INTERNAL CONTROL
 When volume of transactions is high and varied in
nature then it should be beyond the control of
management to act with its limited capacity so
there is need to delegate the authority and
responsibility
 In such case strict supervision is required, reliance
must be placed upon staff members.
 An adequate internal control is established for
such purpose.

14. INHERENT LIMITATIONS
 Internal control system cannot provide
management with conclusive evidence that
objectives are reached because of inherent
limitations, such as:
 Management's philosophy that the cost of internal
control does not exceed the expected benefits to be
derived
 It directed at routine transactions rather than non-
routine transactions
 Potential of human error due to carelessness,
distraction, mistakes etc.

15. INHERENT LIMITATIONS
 Misunderstanding of instructions
 Possibility that a person responsible for exercising an
internal control could misuse that responsibility
 Possibility that procedures may become inadequate
due to changes in conditions and compliance with
procedures may deteriorate
 Possibility of circumvention of internal controls
through the collusion of a member of management or
an employee with parties outside or inside the entity

16. Principles of internal Control
1. Financial and Accounting operations must by
separated
2. Responsibility must be clearly stated
3. Too much confidence not be pinned on an individual
4. Rotation principle must be applied
5. Mechanization of the work used where feasible
6. Work must be supervised by other employee
7. Written record of work must be placed that played
important role.
8. Clear and well defined roles should be laid down
9. Employees must be in bond so employer is protected
10. Double entry system of accounting must be used.

17. Segregated Functions
 Following functions must be segregated to
implement operational Control:
 Initiating and Authorizing Transactions
 Connected with the execution of any Transactions
must authorized by senior official
 Having responsibility for asset, liability, expense or
revenue resulting from transactions

18. PROCESS OF UNDERSTANDING THE
INTERNAL CONTROL
 Obtain an understanding of internal control
sufficient to plan an audit of the entity’s
financial statements
 Assess whether the financial statement are
auditable
 Assess the level of control risk supported by the
understanding obtained
 Assess whether it is likely a lower control risk
could be supported

19. PROCESS OF UNDERSTANDING THE
INTERNAL CONTROL
 Decide on the appropriate assessed control risk to
use
 Level supported by understanding obtained
 Plan and perform tests of control
 Determine whether the assessed control risk is
supported by the tests of control
 Decide on the appropriate increased planned risk
and plan the resultant substantive tests to satisfy the
increased planned detection risk

20. Review and Reliance on
Internal Control
 Before starting of Audit, review the system for
 To examine weaknesses of system, if any
 To consider the proposition of introducing test check
to be performed during the course of audit
 Determine exactly the extent of work to be
performed so as to enable the auditor to express his
opinion on the given set of acconts.

21. BENEFITS OF UNDERSTANDING
 It will enable the auditor to :
 Identify the types of potential material
misstatements that could occur in the financial
statements
 Consider factors that affect the risk of material
misstatements
 Design appropriate audit procedures

22. Evaluation Phases
1. It is responsibility of management to develop
and maintain the control system, auditor will
study that system.
2. Auditor will study and evaluate the controls to
determine of the extent of substantive audit
procedures. (Control environment and flow
and transactions)
3. Detailed overview of internal accounting
system. Obtain information from different
sources i.e. review of accounting manuals,
interviews, review of JDs, analysis of
Organizational chart.

23. MANAGEMENT LETTER
 After evaluation of the internal controls,
Management Letter is issued. The objectives of this
letter are:
 To identify any weaknesses in the internal control
 To suggest adequate accounting control
 To suggest improvements in the existing internal
control