Transcript Internal controls
S5: Internal controls
What is Internal Control
Internal control is a process Internal control is effected by people Internal control is geared to the achievement of objectives Internal control cannot be expected to provide absolute assurance of the achievement of objectives
As defined by Committee of Sponsoring Organisations (COSO), USA Process effected by entities management and other personnel designed to provide reasonable assurance categories regarding the achievement of objectives in the following three broad Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations
As defined by the Internal controls standards committee of INTOSAI Integral process to provide reasonable assurance that the following general objectives are being achieved Fulfilling accountability obligations Complying with applicable laws and regulations Executing orderly, ethical, economical, efficient and effective operations Safeguarding resources against loss Internal control is a dynamic integral process and management at all levels have to be involved to provide reasonable assurance of the achievement of its objectives
Components of internal controls
Control environment - Assignment of Authority and Responsibility Risk assessment Information and communication Monitoring Control procedures and activities
Control environment
Depends on Management’s overall attitude, awareness and actions regarding internal control The factors influencing control environment are Integrity and ethical values Commitment to competence Management philosophy and operating style Organisational structure Internal audit and Audit Committee Use of IT HR policies and practices
Internal control structure
Controls should be Appropriate Consistent Cost-effective Management should periodically review and update controls so that these remain effective
Types of internal controls
Management, Administrative or Accounting Preventive, Detective or Directive Preventive Which deter undesirable events from occurring Detective To detect and correct undesirable events that have occurred Directive To cause or encourage a desirable event to occur
Limitations of Internal Controls
Can provide only reasonable and not absolute assurance about the achievement of the entities objectives As it depends on human factor, is subject to flaws in design, errors of judgment or interpretation, misunderstanding, collusion, fatigue etc.
Design of an internal control system faces resource constraints
Review of Internal Controls
Ascertaining the system Discussion with auditing entity Drawing a detailed flow chart highlighting all activities and process flow Identifying the controls Testing compliance Conforming the controls with management Testing compliance for each identified control
Review of Internal Controls
Evaluating the system Analyzing the results Forming opinion regarding adequacy and functioning of controls All this should be documented and reported
Objectives of assessment of Internal Controls
To check whether Internal control systems have been prescribed and documented Systems are adequate Management implements these in the manner prescribed Management periodically reviews them through internal audit and takes corrective measures