Chapter 5 - Intro to Internal Control

INTRO TO INTERNAL CONTROL

Internal Control can be defined in a broad or narrow sense/ procedures designed to minimize risk of loss, info, assets.

Broad View equates internal control with management control, i.e. the process by which managers assure that resources are obtained and used effectively and efficiently in the accomplishment of organizational goals.(Management sets the tone for the organization)

Culture/Environment-how are things done there???-

Narrow View restrict internal control to its relationship to the accounting system, even more narrowly, to its relationship with those aspects of the accounting system that effect the financial statements.

Auditors are required to evaluate internal control in the second standard of field work which states:

A sufficient understanding of internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.

SAS 319

Internal control comprises the plan of organization

& all the coordinate methods & measures adopted within a business.

1. Safeguard its assets

2. Check the accuracy&reliability of its accounting data

3. Promote operational efficiency,

4. Encourage adherence to prescribed managerial policy.

Internal control includes controls which may be classified as either accounting or administrative controls.

SAS 319

I. Accounting controls comprise the plan of organization and all methods and procedures that are concerned with and relate directly to, the safeguarding of assets and the reliability of financial records. They generally include such controls as the systems of authorization and approval, separation of duties concerned with record keeping and accounting reports from those concerned with operations or asset custody, physical controls over assets, and internal auditing.

II. Administrative controls comprise the plan of organization and all methods and procedures that are concerned mainly with operational efficiency and adherence to managerial policies and usually relate only indirectly to the financial records, i.e. performance reports, employee training programs, quality controls.(such as a gym, daycare, cafeteria)

The independent auditor is primarily concerned with the accounting controls .

Fundamental Control Objectives

i.e. statements of desired results orpurposes to be achieved

Quality of information

accurate, complete, relevant, timely

Security over Resources

Compliance with internal and external rules & regulations

Efficient Operations

Specific Control Objectives-Two primary categories

General Control Objectives - those relating to the information services function, the internal audit function, systems development and maintenance, systems operation, data bases, distributed data processing, EDI, LANs, expert systems, microcomputers

Have more than one application that is affected/broader

E.G password to log onto the computer

Application Control Objectives - those relating to the capture, input, processing, and output of data

Transaction based-one transaction at a time

E.G password to log onto Great Plains(specific)

*The auditor will look at the general controls first and then at the application control

The need to reduce risk- Risk is the potential loss of assets or damage to the org. SAS 48

improvements in consistency introduced by computer processing

may process large numbers of transactions incorrectly

computer must be programmed to detect errors

does not have the benefit of human oversight

Inherent vs. Control Risk

inherent risk - the risk that the error or irregularity will occur

control risk - the risk that the error or irregularity will occurand not be detected by the control in place - the risk that the control will fail to meet its objective

Types of Risks

inadequate training, development, and supervision of personnel

errors and irregularities in transaction authorization

errors and irregularities in dataentry, transmittal, and storage

system failure

system inability to meet organizationanduser needs

excessive hardware and software acquisition

excessive operating and maintenance costs

inefficient use of system resources

theft of assets

computer abuse

fradulent financial reporting

concealment of illegal acts

Who bears ultimate responsibility for the financial statements?

An effective accounting system: (SAS 319)

1. Identifies and records all valid transactions.

2. Describes transactions on a timely basis and in sufficient detail to permit proper classification of transactions for financial reporting.

3. Measures the value of transactions in a manner that permits recording their proper monetary value.

4. Determines the time period in which transactions occurred to permit recording of transactions in the proper accounting period.

5. Presents properly the results of transactions and related disclosures in financial reports.