AUD 589

AUDITING 1

Internal Controls

Prepared by:
Yusarina Mat Isa
UiTM Kampus Puncak Alam
 Learning Objectives
• Able to:
 Explain the significance of internal controls to the clients
and auditors and their respective responsibilities

2
 Definition Internal Controls
The process designed and effected by those
charged with governance, management and
other personnel to provide reasonable
assurance about the achievement of the entity’s
objectives with regard to reliability of financial
reporting, effectiveness and efficiency of
operations and compliance with applicable laws
and regulations.

3
 Purpose/Objectives of IC
• To assist in achieving management’s objective of ensuring, as
far as practicable, the orderly and efficient conduct of its
business, including:
– adherence to management policies,
– the safeguarding of assets,
– the prevention and detection of fraud and error,
– the accuracy and completeness of the accounting records,
– and the timely preparation of reliable financial information.
• Objectives
– Reliability of financial reporting
– Effectiveness and efficiency of operations
– Compliance with laws and regulations

4
 Components of IC
• The control environment;
• The entity’s risk assessment process;
• The information system, including the related
business processes, relevant to financial
reporting, and communication;
• Control activities; and
• Monitoring of controls

5
 Components of IC (cont.)
Control environment –
Includes the governance and management functions and the
attitudes, awareness and actions of those charged with
governance and management concerning the entity’s internal
control and its importance in the entity

Sets the tone of an organisation, influencing the control

consciousness of its people

Factors affecting the control environment are integrity and

ethical values, a commitment to competence, participation of
BOD or audit committee, mgmt’s philosophy and operating
style, organisational structure, assignment of authority and
responsibility, human resource policies and practices
6
 Components of IC (cont.)
Risk assessment procedures –
The audit procedures performed to obtain an understanding
of the entity and its environment, including its internal
control, to assess the risks of material misstatement at the
financial statement and assertion levels.

A process the entity identifies and manages its business risks.

Client business risk can arise or change due to change in the

operating environment, new personnel, new or revamp
information system, rapid growth, new technology, new lines,
products or activities, corporate restructuring, foreign
operations and accounting pronouncements

7
 Components of IC (cont.)
Information system relevant to financial reporting –
A component of internal control that includes the
financial reporting system, and consists of the
procedures and records established to initiate, record,
process and report entity transactions (as well as events
and conditions) and to maintain accountability for the
related assets, liabilities and equity.

Include the procedures and records to initiate, record

process and report transactions and to maintain
accountability of individuals roles and responsibilities

8
 Components of IC (cont.)
Control activities –
• Policies and procedures that help ensure that management
directives are carried out, for example, that necessary
actions are taken to address risks that threaten the
achievement of the entity’s objectives.
• Control activities - IT or manual systems
• Examples:
o Physical custody of assets: custody of assets, restricting access of valuable
& attractive
o Authorisation and approval: duties & limits are clearly defined
o Personnel: selection & training (HRD)
o Arithmetical and accounting: accuracy, maintenance & checking
o Management: by internal audit, review by directors
o Organisation: division, segregation, coordination
o Segregation of duties: reduce risk of fraud & error, no one person to
record complete transaction (initiate transaction-physical custody-
recording) 9
 Components of IC (cont.)
Monitoring of controls –
A process to assess the effectiveness of internal
control performance over time. It includes
assessing the design and operation of controls
on a timely basis and taking necessary corrective
actions modified for changes in conditions.
A process to assess the quality of internal control
performance over time

10
 Importance of IC:
Management’s Perspective
• Meets its stewardship responsibilities that
reasonable assurance that adequate control exists
over entity’s assets and records
• Safeguard assets and records
• Efficiency and effectiveness of operations
• Reliable information for decision making
• Encourage adherence to prescribed policies
• Comply with the Companies Act 2016

11
 Importance of IC:
Auditor’s Perspective
• Sufficient understanding of IC to plan the audit and
develop an effective audit approach
• Assurance about the reliability of data
• How well the assets and records of the entity are
safeguarded
• Entity’s ability to record, process, summarise, and
report financial data consistent with management’s
assertions
• Emphasis on control over classes of transactions
rather than account balances

12
 Inherent Limitations of IC
• Internal control, no matter how well designed and
operated, can provide an entity with only reasonable
assurance about achieving the entity’s financial
reporting objectives.
• The likelihood of achievement is affected by limitations
inherent to internal control, such as:
o Human error
o IT glitch
o Management override
o Cost constraint
o Company size

13
 Tests of Control
Tests of control—Tests performed to obtain audit evidence about
the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the
assertion level.

Include:
• Inquiry of appropriate client personnel
• Inspection of documents, reports and electronic media
indicating the performance of the policy or procedure
• Observation of the application of the policies and procedures
• Reperformance (recalculates information & tests the transfer
of information in accounting system) of the application of the
policy or procedure by the auditor

14
End of Topic 3b