1

AUDIT 20103
AUDIT I
CHAPTER 5:
INTERNAL CONTROL SYSTEM
(ICS) note: ICS is set up by co’s mgt.
 2

INTERNAL CONTROL SYSTEM (ICS)

 Policies and procedures adopted by the management of

an entity to assist in :
ü Achieving management’s objectives
ü Adherence to management policies,
ü Safeguarding of assets,
ü Prevention and detection of fraud and error,
ü Ensuring the accuracy and completeness of the
accounting records,
ü Timely preparation of reliable financial information.
 3

COMPONENT OF ICS
The control
environment

Risk
Monitoring Assessment

Control
system
activities

Information and
Communication
 4

CONTROL ENVIRONMENT

Include actions, policies and procedures

It reflect overall attitude of top management, directors and

owners of the entity about IC.

Auditors assess control environment by assessing client’s:

• Integrity and ethical values of the mgt

• Mgt commitment to competence
• Participation of BOD or AC
• Organizational structure-lines of responsibilities and
authorities(flat line vs. pyramid )
 5

RISK ASSESSMENT

Is a process relates on how the entities identify and

manage its business risks (going concern review)

Common ways auditors used to obtain knowledge about

management’s risk assessment:
Discussion with
Questionnaires
Management
 6

CONTROL ACTIVITIES

Includes policies & procedure as to:

• achieve management objectives
• reduce risks

Control activities include:

• Segregation of duties (to avoid fraud/ error)
• Proper authorization of transactions and records
• Adequate documents and records (completeness)
• Physical control over assets and records
• Independent checks on performance
 7

INFORMATION AND COMMUNICATION

SYSTEM

Include the recording, processing and reporting of

the entity’s business activities (Financial reporting
system)

Purpose:

• To maintain accountability for the related assets,

liabilities and equity.
• To maintain accountability of individuals roles and
responsibilities
 8

MONITORING

A process to assess the effectiveness of internal

control performance over time.

To make sure that controls are operating as

intended and modified for any changes in
conditions.
Internal and external auditors monitors the control
implemented.
 9

Types of Control Activities/

Characteristics of Good ICS

Adequate separation of duties`

Proper authorization of transactions and activities

Adequate documents and records

Physical control over assets and records

Independent checks on performance

 10

SEGREGATION OF DUTIES
• Not only one person in charged for any particular

transactions from the beginning till the end

• Example:

üSeparation of the custody of assets and accounting

for the assets- prevent misappropriation of assets

üSeparation of the authorization of transactions from

the custody of related assets

 11

PROPER AUTHORIZATION OF
TRANSACTIONS
• To ensures only valid transactions are recorded

• Example:

• Policy on cash payment amounted to more than

RM10,000 must be approved by two officers

 12

ADEQUATE DOCUMENTS AND

RECORDS
• To ensure that all assets are properly controlled
and all transactions are correctly recorded

• Example:
üPre-numbered invoices- To facilitate control
over missing document
üPrepared at the time transaction takes place
üSeveral copies for multiple use (PO, Sales inv,
ets)
 13

PHYSICAL CONTROL OVER ASSETS

AND RECORDS
 To ensure that assets are protected from being stolen,
damaged or lost

 Example:
v Use of storeroom to safeguard inventories
v Fireproof safes and safety deposit – safeguard petty
cash
v Manufacturing equipment kept in area protected by
burglary alarms and fire alarms
v Access to master files is restricted with passwords
 14

INDEPENDENT CHECKS ON
PERFORMANCE (VERIFICATION)

• Mgt is responsible for devising & maintaining the system

of IC
• Review on adequacy of IC is need to be performed on
regular basis to ensure that all controls are operate
effectively
• For example : Regularly observes and evaluate the
personnel performance, periodic meeting with AC, etc
 15

INHERENT LIMITATIONS OF INTERNAL

CONTROL

qCost exceed the benefits

qMost internal controls tend to be directed at routine
transactions rather than non-routine transactions
qHuman error: Carelessness, distraction, mistakes of
judgements and misunderstanding on instructions
qA person responsible for exercising an internal control
could abuse that responsibility (overriding internal control)
qProcedures may become inadequate due to changes in
conditions.
 16

HOW AUDITORS UNDERSTAND IC OF

CLIENT
vReviewing organization chart ( S E G R E G AT I O N OF DUTIES,
AUTHORIZATION, VERIFICATION)

vDiscussing with accountants, internal auditors, authorized

personnel
vReviewing procedural manual
vReading previous year’s audit files
vObserving entity’s activities and operations
vWalk through test ( A TO Z, for those transaction)
 17

RECORDING THE UNDERSTANDING OF

IC

1. Narrative notes
• Written description of accounting system and internal
control (via discussion, interview with PIC)

2. Copies of the entity’s procedures manuals and

organisation chart
• May include documentation of the information system
and related control procedures (diagram / flowchart)
 18

3. Internal control questionnaires or checklist (ICQ or

ICC, from auditors)
• Series of questions designed by audit firm relating to
internal control. It requires `yes’ or `no’ response with
`no’ indicating potential internal control deficiencies.

4. Flowcharts
• Diagrammatic representation of client’s documents and
their flow in the accounting system and internal
control.(easy to read and update compared to narrative)
 19

REASONS FOR AUDITORS TO

UNDERSTAND CLIENT’S IC
• To obtain info about integrity of mgt
• To obtain info about the nature & extent of available
accounting records
• To identify the types of potential errors & fraud that might
affect the FS
• To assess control risk
• To plan & design the appropriate audit test (substantive
tests, for handling the detection risk of auditors)
 20

LETTER OF WEAKNESSES (L.O.W)

ü auditor have to inform client on any material IC

weaknesses identified during audit.

ü Auditor need to sent a L.O.W to management explaining

the weakness and recommendation
ü Auditor will forward to mgt by end of audit.
ü Also known as letter of management (value added to
audit)
 21

CONTENT OF L.O.W

1) Purpose of the letter

2) Purpose of the IC investigation
3) List of weaknesses
4) Recommendation for improvements