Scribd
Upload
200 views

Ahsan

An auditor can make use of internal controls in designing substantive test procedures by evaluating whether the entity's internal control policies and processes are designed and operating effectively. Internal control is a process put in place by management to provide reasonable assurance regarding effective and efficient operations, reliable financial reporting, and compliance with laws and regulations. It includes control environment, risk assessment, control activities, information and communication, and monitoring components. By understanding and testing the internal controls, an auditor can design more effective and targeted substantive procedures.

Uploaded by

Ahsan Zaheer
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
200 views

Ahsan

An auditor can make use of internal controls in designing substantive test procedures by evaluating whether the entity's internal control policies and processes are designed and operating effectively. Internal control is a process put in place by management to provide reasonable assurance regarding effective and efficient operations, reliable financial reporting, and compliance with laws and regulations. It includes control environment, risk assessment, control activities, information and communication, and monitoring components. By understanding and testing the internal controls, an auditor can design more effective and targeted substantive procedures.

Uploaded by

Ahsan Zaheer
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

In what way an auditor can make use of internal controls in the conduct of designing substantive test procedures.

Internal control:
It is conceptually similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities. Much of the theory underlying internal auditing is derived from management consulting and public accounting professions. Internal auditing activity is primarily directed at improving internal control. Internal control is broadly defined as a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following internal control categories: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with laws and regulations. Management is responsible for internal control. Managers establish policies and processes to help the organization achieve specific objectives in each of these categories. Internal auditors perform audits to evaluate whether the policies and processes are designed and operating effectively and provide recommendations for improvement.

Several key concepts:


Internal control is a process. It is a means to an end, not an end in itself. Internal control is affected by people. Its not merely policy, manuals, and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

The five components are the following:


Control environment: The control environment sets the tone of an organization, influencing the control notice of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. Risk assessment: Every entity faces a variety of risks from external and internal sources that must be assessed. A must to risk assessment is establishment of objectives and thus risk assessment is the identification and analysis of relevant risks to the achievement of assigned objectives. Risk assessment is a prerequisite for determining how the risks should be managed. Control activities: Internal Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address the risks that may hinder the achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Information and communication: Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information that make it possible to run and control the business. In a broader sense, effective communication must ensure information flows down, across and up the organization. Monitoring: Internal control systems need to be monitored a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations. Internal control deficiencies detected through these monitoring activities should be reported upstream and corrective actions should be taken to ensure continuous improvement of the system.

You might also like