INTERNAL CONTROL (C7-C9)

Process designed, implemented and maintained by those charged with governance, management
and other personnel to provide reasonable assurance about the achievement of entity’s objective
regarding to the reliability of financial reporting, effectiveness and efficiency ad compliance with
applicable laws and regulation.
5 ELEMENTS OF INTERNAL CONTROL
1. Control environment (FAWA) –the functions and attitudes, awareness and actions of those
charged with governance and management concerning the entity’s internal control and its
importance to entity.
Factors : ( C. I. P. O. H)
 Communication and enforcement of integrity and ethical values – essential elements that
influence the effectiveness of design, administration and monitoring of controls
 Commitment to competence – management’s consideration of competence level of
particular jobs and how those levels translate to required skills and knowledge
 Management philosophy and operating style – management’s approach to manage
business risk and their attitudes and actions towards financial reporting
 Organisational structure – Framework on how activities by entity to achieve their objective
planned, executed, controlled and reviewed
 Human resource policies and practices – Recruitment, orientation, training and remedial
actions
2. Entity risk assessment process – Entity’s process to identify business risk relevant to financial
reporting objective and decide actions to address the risk
Factors :
 Identify BR relevant to FR
 Estimate significance of risk
 Assess likelihood of occurrence
 Decide action to address the risk
3. Information system relevant to FR (I R P R) – Consist of procedures and records to initiate,
record, process and report entity’s transaction and maintain accountability for A.L.E
Factors :
 Classes of transactions that significant to FS
 Procedures between IT and manual system (transaction > ledger > FS)
 How information system capture event (other than transaction) significant to FS
 FR process used to prepare FS (significant estimates and disclosures)
 Controls surrounding journal entries and non-standard journal entries to record unusual
transactions or adjustments
4. Control activities – policies and procedures to achieve entity’s specific objectives
Examples :
 Approval and control of documents – approved by appropriate person
 Controls over IT – password, username, back up
 Reconciliation – key account balance reconcile on regular basis
 Restrict access to physical assets – only authorised personnel have access
 Segregation of duties – Responsibilities should be divided to reduce risk of E&F by employee
5. Monitoring of controls – process to asses effectiveness of internal control performance over time
and take necessary remedial actions
 Controls may be monitored either by management or by the internal audit function if one
exists
 To rely on the work of IA, auditor need to understand how controls monitored and how
effective the monitoring is

APPLICATION CONTROL GENERAL IT CONTROL

Definition -Manual or automated procedures -Policies and procedure relate to many

typically operate at business process application and support effective
level functioning of application control
-Can be detective or preventative in -Ensure continued proper operation of
nature information system
-Ensure integrity of accounting records -Usually include control over data centre
and network operation
Controls -Completeness, accuracy and -Development of computer application
over authorisation of input -Prevention of unauthorised changes
-Completeness and accuracy of -Testing and documentation of changes
processing -Prevention of use of wrong programs
-Maintenance of master file and -Ensure continuity of operation
standing data
Examples Input (completeness) : document Development : Segregation duties
counts / reconciliation (design&test) / train staff / testing
procedures
Input (accuracy) : existence Prevention unauthorised changes :
confirmation / reasonableness test Password / back-up copies / access
(sales tax to total value) restricted
Input (authorisation) : manual Testing & documentation changes :
verification / by authorised personnel documentation standards / approval of
changes / training
Processing : similar controls to input Prevention use wrong program : Proper job
once input completed / screen schedule / operation controls
warning
Master files : record count / regular Ensure continuity of operation : Protect
review / one for one confirmation equipment (against fire) / emergency
procedures / disaster recovery procedures

Inherent limitations :
- Potential human error – human judgement can be faulty/ misunderstood the system by
user
- Control being by-passed/over-ridden – can be manipulated by collusion of two or more
people to override the control
- Cost of control overweight benefit – Small entity gave few employee then limit control
activities
- Controls design to cope with routine transactions – Control be less effective on non-routine
transactions
Assessment of Information System and Internal Control
Auditors should :
- assume CR is high, unless assessed low during TOC
- assess adequacy of accounting system
- identify types of potential misstatement
- consider factors affect risk of misstatement
- design appropriate audit procedure
Test of controls : (asses RMM & SP alone is not sufficient appropriate)
 Inspection of documents (verify transaction has been authorised)
 Inquiries about internal control
 Reperformance of control procedures
 Observation of controls
 Testing internal controls on IT

Record IS and IC
METHODS +VE -VE
Narratives notes -Simple to record 1. -Can become too much, if complex
-Simple to understand 2. -Awkward to change

Flowcharts -Prepared quickly -Changes is difficult (need redraw)

-Easy to follow an review -Time consuming

Questionnaires -Super quick to prepare -Staff may overstate control present

-Ensure all control exist -Miss out unusual control
ICQ ICEQ
Purpose Whether controls exist Whether control to prevent and
-all controls considered detect specified error exist
-identify key control
-highlight area of weakness

Yes/No answer “no” answer indicate deficiency “yes” answer require explanation
Examples 1. Are the persons who record the 1. Is it possible for a creditor to be
invoices in the books of account raised in the books for goods that
prevented from also: have not been received?
(i) Working in the stores?
2. Is it possible for goods to be
(ii) Authorising purchase orders? returned to the suppliers without the
liability being cancelled?
2. Are the stores staff prevented
from also: 3. Is it possible for a creditor to be
(i) Working on the purchase orders? raised in the ledgers for goods that
were received but not ordered?
(ii) Working on the accounting
records?
COMMUNICATION WITH MANAGEMENT
- Report ICS material deficiencies to management (letter on internal control/management
letter)
Purpose :
o Enable auditor highlight deficiencies
o Provide management with constructive advice
o Highlight matter that affect future audits
o Comply with specific requirements
Important points :
 Discussion conduct during audit visit or other time
 Identify most appropriate person to obtain evidence
 Important discussions should be documented (explanation & representation)
Matters to be communicated :
 Auditor’s responsibilities
 Planned scope and timing of audit
 Significant findings
 Auditor independence (listed entities)
Deficiencies of IC – controls designed, implemented, operated unable to prevent, detect or correct
misstatement or controls that necessary are missing
Significant deficiencies of IC – A deficiency/combination is importance to merit attention of
management in auditor’s professional judgement
Determined by :
 Likelihood result MM in future
 Susceptibility to loss or fraud
 Amount exposed to deficiencies
 Importance of controls
 Volume of activity that has occurred or could occur
SALES SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-customer should be -all customer undergo
credit worthy credit checks -verify sample of new
Order and grant -credit limit not be -check credit limit account on receivable
credit exceeded before accept order ledger have been
-company able to fulfil -check inventory before authorised by senior staff
order issue order
-examine computer
-all goods and services -verify and authorised application controls for
sold correctly invoiced invoice credit limit
Despatch and -all despatch of goods -authorised despatch of
invoice recorded goods -reperform a sample
-correct goods sent to -match GDN with customer order match
correct customer customer order with GDN
-all sales should be -review and observe
recorded -review debtors’ ledger procedure for match
-correct amount should for credit balances invoice to despatch note
Recording of
be recorded for each -reconcile debtor ledger
sales
sale -sent statement to all
-evaluate procedures for
-sales recorded against customer regularly
preparing customer
correct customer statements
-all customer pay -cash received agreed to
correct amount invoice -reperform control
Payment
-all invoices should be -chase up old accounts reconciliation to
received &
paid outstanding amount receivables ledger
recorded
-all receipts should be -perform regular bank
recorded reconciliation
PURCHASES SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-requisition for valid -line manager authorises

business reason all requisition
-item should be -inventory levels checked
Acquisition and
requisitioned when before order
place order
required -monitor supplier prices
-cost of requisition is to other alternative -observe process of
reasonable potential supplier purchase order and
evaluate whether
-all order made, the -goods received are segregation of duties is
goods are actually delivered to one secure operating
received area
-quality and quantity of -examine the quality and -examine computer
Goods received
goods acceptable and as quantity of goods application controls for
ordered -compare GRN with re-order levels
-goods should be purchase order
correct as ordered -reperform a sample
-invoices received for GRN match with
-items check to invoice to purchase order
valid purchases
ensure validity
-invoices have correct
-invoice checked, signed -review and observe
Receipt of invoice item, quantities and
and authorised procedure for match
prices
-recalculate the total invoice to GRN
-invoices are
amount of the invoice
arithmetically correct
-verify authorised
-correct amount
-all invoices checked and supplier list existed and
recorded for all
stamped have been
purchases
Record of reconcile purchase ledger communicated
-all purchases should be
purchases to control account
recorded
-suppliers statements -reperform control
-recorded in correct
reconciled regularly accounts reconciliation
supplier account
to payables ledger
-all invoices stamped as
-all invoices should be
paid when done
paid
-vouched payment
Payment to -all invoices paid at
amount to invoice
supplier correct amount
amount
-all invoices for valid
-all payment should be
business expense
authorised
PAYROLL SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-number of sheet/cards
-all sheets or cards
submitted matched
should be received
number if employee
Time -all sheets or cards
-access to additional
sheets/clock card should be valid -verify evidence of
sheets/cards restricted
submitted -all hours submitted authorisation of standing
-all sheets/card
have been actually data
authorised by line
worked
manager
-information input -totals should be checked -test operation of
accurately -password and username computerised controls
Information input -no bogus employees should restrict access to
onto computer -all information should data -review sample of
be input with none -sheets should be signed starters and leavers and
missed once input verify correct
documentation is in
-manager should
place
-payments to leavers authorised and promptly
should be ceased once inform payroll dept of
Standing data -observe employees’ use
left leavers
input of clocking in procedures
-data on system should -regular checks on
be accurate standing data by senior
-review payroll
management
budgeting procedures
-payroll calculations -print out and signed by adopted by client
should be correct clerk to confirm accuracy
Process and
-correct wages should -senior management -review reconciliation of
record payroll
be recorded on system review to ensure payroll master file to
reasonable wages and salaries
-all staff should receive account in general
-reconcile wages and
payment ledger
salaries bank account
Payment made to -no bogus employees
-verification of identity
staff should be paid
-authorisation of wage
-correct amount paid to
cheque
staff
INVENTORY SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-all goods should be -location kept secure with
protected from theft access restricted
-new deliveries should be -separate areas for new
Goods arrive into
kept separate from deliveries and return
inventory
returns -goods checked for
-goods received should quality on arrival
be of suitable quality -confirm that all
-inventory should be movement are
-ensure storage area is authorised
stored safely and securely
weather proof, fire
to ensure in good
Inventory stored protection and at correct -test check inventory
condition
until needed temperature count and investigate
-oldest inventory should
-ensure inventory is discrepancy
be used first to prevent
based on FIFO
obsolescence
-reperform a sample
-production manager GRN and GDN match
-correct amount of
should authorise all with inventory records
inventory sent to
Material (Store > requisition from store
production
Production) -requisition should be -review sequentially
-correct type of material
checked to goods sent numbered GRN and
should be sent
out GDN for completeness

-correct goods should be -attend inventory

sent count
-quality should be
-SAME AS SALES CYCLE
FG to customer maintained -reperform inventory
-records should be records reconciliation
update promptly and to general ledger
accurately
-counted areas are
marked to prevent
Inventory is -the count should be double counting
counted accurate -manager check accuracy
by spot counts
-counting done in pairs
NON CURRENT ASSETS SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-segregation of duties
-NCA properly - review annual capital
Accounting and -maintenance of
accounted and budget produced by board
recording appropriate accounting
recorded and confirm they are
record
authorised
-maintenance over NCA - review adequacy physical
Security and -security arrangement register security measures
maintenance over NCA is sufficient -physical inspection of - a sample
NCA acquisition/disposal match
with authorisation in
-annual CE budget should board minute
-NCA acquisition are - review and observe
be approved by board
authorised sample newly acquired
-authorisation of sales,
Acquisition and -NCA disposal are asset ensure they are
scrapping or transfer of
disposal authorised
NCA labelled and stored
-proceeds of disposal - verify depreciation rates
-proceeds are recorded
are accounted are authorised and in line
and related to disposal
with company policy
-calculation and - re-perform NCA register
confirmation of reconciliation to general
-depreciation rates are
Depreciation depreciation rates ledger and discrepancies
reasonable
-authorisation of followed up
depreciation rates

NON CURRENT LIABILITIES SYSTEM

FEATURE CONTROL OBJECTIVES CONTROL ACTIVITIES TEST OF CONTROL

-loans and other long -authorisation of new - review annual capital
Authorisation term borrowings properly loans, mortgage by budget produced by
authorised board board and confirm they
are authorised
-maintenance of - a sample loan,
appropriate accounting borrowings match with
-all NCL has been
Completeness records authorisation in board
properly accounted and
and accuracy -reconcile statement of minute
recorded
loan provider with - verify interest charged
relevant ledger from statement from
loan provider to ensure
the accuracy
-interest charge are -calculation of interest - re-perform statement
Interest charge reasonable charge checked for from loan provider
accuracy reconciliation to general
ledger