Chapter Four

Internal Control System

 4.1. Meaning of Internal Control
• Internal control:- is a process or procedure designed to
provide reasonable assurance regarding the achievement of
objectives in the following categories:
– Reliability of financial reporting
– Effectiveness and efficiency of operations
– Compliance with applicable laws and regulations
• The above three categories in the definition can be explained
as follows:
 Cont’d.....
• Reliability of financial reporting.
– Mgt has both legal and professional responsibility to ensure that
the information presented in the F/st is fairly prepared in
accordance with the reporting requirements of GAAP/IFRS.
• Enhancing efficiency and effectiveness of operations
– Adequate control should safeguard assets and records of the
organization from theft, misuse, embezzlements, and
misappropriations.
• Compliance with applicable laws and regulations
– For example:- Environmental protection and civil rights laws and
others like income tax regulations which directly and indirectly
related to accounting.
 Cont’d….
A given enterprise unit or process has good internal controls if it;
1. Accomplishes its stated mission in an ethical manner
2. Produces accurate and reliable data
3. Complies with applicable laws and enterprise policies
4. Provides for economical and efficient uses of resources, and
5. Provides for appropriate safeguarding of assets.
 All members of an enterprise are responsible for the internal
controls.
 TYPES OF INTERNAL CONTROLS
• Internal control can be divided into two broad categories; Accounting and
Administrative controls.
• 1. Accounting control comprises the plan of organization and procedures
and records that are concerned with the safeguarding of assets and the
reliability of financial records.
• Accounting internal controls are designed to provide reasonable assurance
that:
– Transactions are executed in accordance with management’s general or specific
authorization.
– Access to assets is permitted only in accordance with management’s authorization.
– Transactions are recorded as necessary to permit preparation of financial statements
in conformity with IFRS/ GAAP.
– The recorded accountability for assets is compared with the existing assets at
reasonable intervals and appropriate action is taken with respect to any differences.
 Cont’d…..
• 2. Administrative controls:- Some internal controls have no
bearing on the f/st and consequently are not of direct interest
to independent public accountant and controls of this nature
are often referred to as administrative controls.
– The management is responsible for establishing
administrative controls, and to provide operational
efficiency and obedience to prescribed policies in all
departments of the enterprise.
 4.2 Objectives of Internal Control System

• It is determined by the management based on nature of the

enterprise, volume of operation and etc.
• Among internal control system objectives, the following are
the common ones:
– Adhering to policies and procedures laid down by
management.
– Safeguarding organization’s assets.
– Ensuring that the enterprise is conducting in an orderly
and efficient manner.
– preventing and detect fraud and error.
Why auditors focuses on internal control?
• For external auditors, the quality of the internal controls is
the primary factor in determining the pattern of their audit
examination.
• The following are reasons for studying internal control.
– To be satisfied that sufficient, competent evidence is
available.
– To identify potential areas of material misstatement
– To assess control risk for each objective, which affect
planned detection risk and planned audit procedures
– Allow the auditor to design effective test of f/st balances
and analytical procedures.
4.2. Internal Control and internal Auditors
• Internal audit (or auditor), is responsible for the investigation
of the effectiveness of the internal control system and
involves its weakness and strength.
• Internal auditing is a service function established within an
organization to examine and evaluate its activities.
• Internal audits may focus on;
– Financial audits
– Compliance audits
– Fraud detection (fraud audits)
– Operational audits.
 Cont’d….
• The internal auditing function includes verification, evaluation
and compliance of operations.
• Among others the following are specifiable.
– Review and appraise internal control procedure
– Ascertain effectiveness and efficiency of operations
– Verify compliance to policies and procedures
– Ascertain reliability of data and documents
– Evaluate quality of performance
– Recommend improvements in better management
controls.
 Components of Internal Control

• c
 1. Control Environment
• 1. The Control Environment – this consists of actions, policies
and procedures that reflect the overall attitudes of top
management, directors, and owners of the entity about
control and its importance to the entity.
• To assess and understand the control environment, the
auditors need to consider the following;
– Integrity and ethical values - Are product of the entity's ethical (code
of Conduct) and behavioral values and how they are communicated
and reinforced in practice.
– Commitment to competence - Competence is the employees
knowledge and skill necessary to accomplish tasks that define the
individual's job.
 Cont’d….
• Board of directors or audit committee participation - Control
environment of an organization is significantly influenced by the
effectiveness of its BoDs or the audit committee.
• Management philosophy and operating style.
– Management differ in both their philosophy.
• Some management aggressively emphasis on exceeding
earning projections and they are willing to undertake
activities of high risk with respect of high return.
• Others are extremely conservative and risk averse.
 2. Risk Assessment
• Under this auditor should focuses on;
 Identify factors that may increase risk
 Estimate the significance of the risk
 Assess the likelihood of the risk occurring
 Determine actions necessary to manage the risk
 3. Control Activities
The policies and procedures that help the
management to carry out the directives are known as
the control activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
 4. Information and Communication

• c
 5. Monitoring
 Monitoring activities deal with management’s
ongoing and periodic assessment of the quality of
internal control performance;
 to determine whether controls are operating as intended
and modified when needed.
4.2.1. the process of Internal Control and control risk
assessment.
 4.2.1.1. Documentation of the Understanding of The
Internal Control

• The three commonly used methods of documenting the

understanding of internal control are;
– Narratives
– Flow chart and
– Internal control questioners.
 1. Narrative
• Narrative is a written description of client’s internal control
system.
• A proper narrative of an accounting system and related
control includes four characteristics;
– It should state where customer order come from and how
sales invoice are generated.
– All processes that takes place to generate sales.
– The position of every document and record in the system.
– An indication relevant to the assessment of control risk.
2. Flow Chart and Questionnaires
• 2. Flow Chart: is a symbolic, diagrammatical representation of
the client’s document and their sequential flow in the
organization.
– An adequate flowchart also includes the four
characteristics identified for narrative.
• 3. Internal Control Questionnaire: an internal control
questioner asks a series of questions about the control in each
audit area.
– This is as a means of indicating to the audit aspect of internal
control that may be inadequate.
 Phase II: Assess Control Risk
• CR-is the risk that a misstatement due to error or fraud that
could occur in an assertion, that could be material will not be
prevented or detected on a timely basis by the company's
internal control.
• Assess control risk by linking key controls, significant
deficiencies, and material weaknesses to transaction-related
audit objectives.
• Assess whether the financial statements are auditable.
• Determine assessed control risk that are supported by the
understanding obtained assuming the controls are being
followed.
• Use a control risk matrix to assess control risk.
 Control Risk Matrix
• Many auditors use the control risk matrix to assist in the control
risk assessment process. The steps are;
– Identify audit objectives and identify existing controls
– Associate controls with related audit objectives
– Identify and evaluate control deficiencies, significant
deficiencies, and material weaknesses
• Control deficiency:- represents a deficiency in the design or
operation of controls that does not permit company personnel to
prevent or detect misstatements on a timely basis.
– Design deficiency:- exists if a necessary control is missing or not
properly designed.
– Operation deficiency:- exists if a well designed control does not
operate as designed. or
• This is when the person performing the control is insufficiently qualified or
authorized.
 Cont’d…
• A significant deficiency:- exists if one or more control deficiencies
exist and is less severe than a material weakness.
– It is important enough to merit attention by those responsible for oversight of
the company’s financial reporting.
• A material weakness:- exists if a significant deficiency, by itself, or in
combination with other significant deficiencies, results in a
reasonable possibility that internal control will not prevent or
detect material financial statement misstatements.
– If the deficiency is deemed to be a material weakness, the
auditor must express an adverse opinion on the effectiveness of
internal control over financial reporting.
 Phase III: Tests of Controls
• The procedures to test effectiveness of controls in support of
a reduced assessed control risk are called tests of controls.
• Procedures for Tests of Controls;
– Inquire of client personnel
– Examine documents, records, reports
– Re-perform client procedures
– Observe control-related activities
Internal Auditor Reporting on Internal Control

• The scope of the auditor’s report on internal

control is limited to obtaining reasonable
assurance that material weaknesses in
internal control are identified.
Types of Opinions
Thank you !!!

End of
chapter four