LECTURE 4 – INTERNAL CONTROL EVALUATION
Internal control is a process designed to provide reasonable assurance of:
o Generating reliable financial accounting information
o Safeguarding assets
o Operating efficiently and effectively
o Complying with applicable laws and regulations.
A Framework for Control
o Reliability of financial reporting
Purchase a good IT system
o Effectiveness and efficiency of operations
Monitoring, budget to actual per store
o Safeguarding assets
Board approval > $Xm
Check-out procedures, receipts and till-balancing
o Compliance with law
Audit committee review
Components of an Internal Control System
• Control environment: overall attitude, awareness and actions of significant internal groups to maintain a well-
controlled organisation (tone at the top)
• Risk assessment: process designed to identify and manage risks that may affect the organisation’s ability to
achieve its objectives
• Control activities: policies and procedures established by management to help ensure that internal control
objectives are achieved and risks mitigated
• Information and communication: the process of identifying, capturing and exchanging information in a timely
fashion to enable the organisation to achieve its objectives
• Monitoring: a process that assesses the quality of internal controls over time
There are a number of factors an auditor should look at when evaluating an organisation’s control environment:
o Management’s philosophy and o Human resource policies and practices
operating style o Integrity and ethical values
o Organisational structure, including o Commitment to competence
assignment of authority and o Compensation and evaluation programs
responsibility o Effectiveness of the internal audit
o Board of directors and audit committee function.
There are a number of factors an auditor should look at when evaluating an organisation’s risk assessment:
o Set KPIs, such as gross margin per store and review regularly.
o # of customer complaints
Some control procedures are found in almost all accounting systems:
o Segregation of incompatible duties o Physical controls to limit access to
o Authorisation procedures assets
o Documented transaction trail o Independent reconciliation
o Competent, trustworthy employees.
Accounting Information Systems
• Accounting systems capture, record, summarise and report information. Monitoring
Management often requests reports on the quality of its internal controls in order to ensure the company can
achieve its major objectives and is not exposed to unnecessary risks
Management receives reports from three sources:
o Ongoing monitoring reports from operations
o Internal audit reports
o External audit reports.
Internal Control and Financial Statement Account Balances
• Auditors assess control risk for each relevant assertion for each important class of transactions and account
balance as a basis for planning the audit.
• Auditors need to evaluate the effectiveness of internal control over financial reporting for accounting
applications that process material transactions.
Relationship of Controls to Auditing
• The quality of internal controls affects the organisation’s operating effectiveness and ultimately its ability to
remain a going concern.
• The quality of internal controls drives the audit approach and amount of testing.
Control Effectiveness and Control Risk Asse