Upload
tusiime-wa-kachope-samson
View
223
Download
0
Embed Size (px)
Citation preview
8/6/2019 Audit Note TOPIC 4
1/47
TOPIC 4 and 5 : AUDIT OF INTERNAL CONTROL SYSTEMS(ISA 400 Risk assessments and Internal Control)
4.1 Meaning, objectives and importance of Internal Control System to theAuditor.
a) Accounting system:
ISA 400 requires the auditor to gain an understanding of the entitys accountingsystem, including:Major classes of transactions in the entitys operationsHow such transactions are initiated (whether at branches or the head office)Significant accounting records, supporting documents, and accounts in the financial
statementsThe accounting and financial reporting process, from the initiation of significant
transactions and other events to their inclusion in the financial statements.
b) Internal Control System (ICS):
Internal control system refers to all the policies and procedures (financial orotherwise) adopted by the managers of an entity to help ensure, as far as is
practical, the orderly and efficient conduct of its business. I.e Management
philosophy and operating style, and all policies and procedures adopted by
management to assist in achieving the entitys objectives.
(An organization which is orderly and efficiently run will be able to
satisfy its suppliers, customers, use its productive facilities efficiently
and above all, meet the needs of employees far better than businesses
which are disorderly and inefficient. An efficient organization will have
good flow of timely information.
As far as the auditor is concerned such an organization will be mucheasier for him to deal with since company official will be in a position to
provide accurate information and also outsiders/stakeholders willprovide accurate evidence - a satisfied customer is much more likely toreply to debtors circularization.)
c) Objectives of Internal control
To Ensure adherence to management policies i.e to ensure that all
transactions are carried out in accordance with managements general or specific
authorization. Mngt will have many policies in place e.g. those for
personnel, procurement, asset management, depreciation, stock
valuation etc.-expressed in budgets, long-range forecasts, corporate
plans. Such adopted policies will be relevant to the auditor, as he will
have to evaluate whether or not mngt is adhering to the set policies and
1
8/6/2019 Audit Note TOPIC 4
2/47
their (policies) adequacy.
To Safeguard the companys assets from abuse and misuse access to
assets is limited in accordance with authorisatione.g. say keeping
valuable stocks under lock and, ensuring that all goods dispatched are properly invoiced and payments are only effected in respect of
goods/services actually received. The auditor is very much concerned
with asset safety, since in forming his opinion he has to satisfy
himself that actually the assets do exist.
To Prevent and detect of frauds and errors This is a key responsibility of
management, therefore a well designed and adhered to ICS will assist
management to meet this requirement.
To secure as far as possible the completeness and accuracy of accountingrecords. Transactions are promptly and accurately recorded so as to allow the
preparation of financial reports.This is of specific interest to the auditor because records form thebasis for the financial statements upon which auditor is reporting. Agood ICS will result in financial statements, which show a true andfair view.
Internal controls promote timely preparation of financial information
Scope and components of Internal Control System (ICS)
The scope of internal control extends beyond accounting controls to include
operational controls and administrative controls as well e.g. quality control, work
standards, budgetary control, periodic reporting, and policy appraisals.
The attention of the external auditor will be more with the financial controls,
where as the internal auditor will be concerned with both financial and
administrative controls. The external auditor will only be concerned with those
administrative controls that may have a bearing on the reliability of financial
records.
Components of ICS:
The internal control system extends beyond matters relating directly toaccounting system functions and comprises the control environment, Informationsystemand control procedures.
2
8/6/2019 Audit Note TOPIC 4
3/47
(a) Control environment: Includes managements the overall attitude,
awareness and actions regarding the internal control system and its importance
to the entity.
Under control environment the Auditor should consider:
Managements philosophy, Corporate culture and operating style
The entitys organizational structure and methods of assigning authority andresponsibility
The functioning of the board of directors and its committees is it an activeboard/ rubber-stamping board? Does the board have an active and up-to-the-
job Audit committee?
Existence and effectiveness of the Internal audit department.
Uses of information technology.
Competence and integrity of entitys Human resources. What are thepersonnel policies in place, procedures and segregation of duties?(Management control system)
The control environment has an effect on specific control procedures. A strong controlenvironmentfor example, one with tight budget controls and an effective internalaudit functioncan significantly complement specific control procedures. But astrong environment does not, by itself, ensure the effectiveness of the internalcontrol system.
(b) Information System -These are the methods and records established to (to
account) and record the transactions and other events that affect an entity and to
maintain accountability for assets, liabilities, revenues and expenses.
Under Information System the Auditor should identify and understand:
Major classes of transactions;
How such transactions are initiated;
Significant accounting records, supporting documents and accounts in
financial reports; and
The accounting and financial reporting process.
(C) Control procedures Includes both policies and procedures that
management has established to ensure its directives are carried out. Control
procedures are added to the accounting system to ensure that system produces
accurate and reliable data.
Control procedures include:
Reporting, reviewing, and approving reconciliation of bank accounts, controlaccounts
3
8/6/2019 Audit Note TOPIC 4
4/47
Checking the mathematical accuracy of recordsControlling computer information systems by, for example, establishing controls over
changes to computer programs and access to data files use of passwordsMaintaining and reviewing control accounts and trial balancesApproving and controlling documentsComparing internal data with external sources of information
Comparing cash, security, and inventory counts with accounting recordsLimiting direct physical access to assets and records e.g requiring cash to be underlock and key /requiring authorization b4 using any asset.
Comparing financial results and budgeted amounts.
The individual components of an ICS are known as controls or Internal controls.
Internal check, Internal Audit and Internal controls
Both Internal check and internal audit are important constituents of the overall
system of internal control.
Internal Check is the a system of instituting checks on the day-to-day transactions
which operate continuously as part of the routine system whereby the work of one
person is proved independently or is complementary to the work of another, the
object being the prevention and early detection of errors or fraud. Accordingly the
procedures are so designed that no one person is authorized to carry out all the
stages involved in a transaction/ no one should have a exclusive control over one
transaction or a group transactions. (Thus a fraud cannot take place unless
there is collusion between two or more persons.)
Internal check system also involves prompt and independent verification of an
individuals work by prescribing cross-checks and cross-reconciliations as part of
the operating procedure itself.
Internal checks are inbuilt in the system itself and take place concurrently with
the execution of the transactions.
Internal Audit is an independent appraisal function established within an
organization to examine and evaluate the compliance of the organization to set
policies and procedures. Internal auditor is appointed and reports to management.
Internal audit is a very important component of the internal control system.
Essential Features of Internal Control
It is the responsibility of management to decide the extent of the ICS appropriate to
the organization. The controls used will depend on nature, size and volume of
transactions, the degree of control (span of control) which members of management
are able to exercise personally, the geographical distribution of the enterprise etc.
4
8/6/2019 Audit Note TOPIC 4
5/47
The choice of the controls may reflect a comparison of cost of operating
individual controls against the benefits expected to be derived from them.
Whe
re
=
>
Total Costs of
implementing