LA 1.2 Internal Control
Exam Notes
Study theory from SAICA Handbook off by heart, especially last page in slides (What did we learn)
Refer especially to Appendix in ISA 315, bl 330-335
“Example from text”- use exact text
Describe control objective… start with “This will ensure…”
Weaknesses always stated in the negative
Objectives: “Management’s objective is to ensure…”
Definitions
Internal Control (282)
The process designed, implemented and maintained by those charged wit governance, management and other
personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to the
reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and
regulations
Business risk (282)
A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect
an entity's ability to achieve its objectives and execute its strategies; or from the setting of inappropriate
objectives and strategies.
Objectives of business
Reliability of the entity’s financial reporting
Effectiveness and efficiency of its operations
Compliance with applicable laws and regulations
*Business risk- anything that could prevent objectives from happening
*Answer to risk- process of internal control
5 Components of internal control
To ensure objectives are met and business risk therefore minimised)
1. Control Environment (285)
Intangible presence that affects everyone in the business
Set by management- culture of honesty and ethical behaviour
Code of ethical values that is communicated and enforced, with appropriate organisational structure
Strengths of control environment collectively provide an appropriate foundation for the other components of
internal control
Elements of the control environment (CHOPPER)***
1. Commitment to competence- levels needed for certain jobs, and how these levels translate to skills and knowledge
2. Human resources policies and practices
3. Organisational structure- framework of how activities are planned, executed, controlled and reviewed
4. Participation of those charged with governance (board of directors or audit committee)- independence;
experience; appropriotness of actions etc.
5. Management’s philosophy and operating style- e.g. approach to taking risk, financial reporting
6. Communication and enforcement of integrity, ethical values
7. Assignment of authority and responsibility- establishment of relationships and hierarchies
2. Risk Assessment (285)
1. Identify business risk to financial reporting objectives
2. Estimate significance of risks.
3. Assessing likelihood of occurrence
, 4. Determine actions necessary to manage risk = controls.
3. Information system (including related business processed relevant to
financial reporting and communication)
An IF consists of infrastructure, software, people, procedures and data
It encompasses methods that:
1. Identify and record all valid transactions
2. Describe in a timely fashion the transactions
3. Measures the value of transactions so they can be reported
4. Determine time period in which transactions occurred
5. Present the transactions in the financial statements
Consists of (What an auditor must obtain an understanding of)*
1. Classes of significant transactions
2. Procedures: initiate, record, process, and report the transactions to general leger & financial statements at the
correct amount
3. Related accounting records that are used to initiate, record, process, and report the transactions to general leger &
financial statements at the correct amount
4. How the IS captures events and conditions other than transactions that are significant to the IS
5. Financial reporting process used to prepare the FSs, including significant estimates and disclosures
6. Controls surrounding journal entries Including journals used to record unusual transactions
4. Control activities
What each transaction in a business should be subject to
Activities**
1. Authorisation
2. Performance reviews
- actual vs budgeted, data analysis,
- functionality of controls, relating different sets of data
3. Information processing- general- and application controls
4. Physical control
- physical security and safeguarding of items;
- authorisation to access to computer programs and files,
- periodic counting and comparison of amounts
5. Segregation of duties
- authorisation, recording and custody of assets are segregated
- may not be able to commit fraud and conceal it (to be in a position to both perpetrate and conceal errors or
fraud in the normal course of a person’s duty)
- (Answering- identify person, and different activities that he is responsible for)
5. Monitoring
Monitoring activities deal with management’s ongoing and periodic assessment of the quality of internal control
performance, and the taking of remedial actions if needed
Monitored through information from third parties, or the manager’s close involvement in operations (smaller
entities)
Monitoring is accomplished by ongoing activities, separate evaluations or a combination of the two
Formalized procedures- an internal audit
To determine whether controls are operating as intended and modified when needed.
Reconciliations on a timely basis
Inherent limitations of IC (304)
Can provide entity only with reasonable assurance about achieving the entity’s financial reporting objectives
Exam Notes
Study theory from SAICA Handbook off by heart, especially last page in slides (What did we learn)
Refer especially to Appendix in ISA 315, bl 330-335
“Example from text”- use exact text
Describe control objective… start with “This will ensure…”
Weaknesses always stated in the negative
Objectives: “Management’s objective is to ensure…”
Definitions
Internal Control (282)
The process designed, implemented and maintained by those charged wit governance, management and other
personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to the
reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and
regulations
Business risk (282)
A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect
an entity's ability to achieve its objectives and execute its strategies; or from the setting of inappropriate
objectives and strategies.
Objectives of business
Reliability of the entity’s financial reporting
Effectiveness and efficiency of its operations
Compliance with applicable laws and regulations
*Business risk- anything that could prevent objectives from happening
*Answer to risk- process of internal control
5 Components of internal control
To ensure objectives are met and business risk therefore minimised)
1. Control Environment (285)
Intangible presence that affects everyone in the business
Set by management- culture of honesty and ethical behaviour
Code of ethical values that is communicated and enforced, with appropriate organisational structure
Strengths of control environment collectively provide an appropriate foundation for the other components of
internal control
Elements of the control environment (CHOPPER)***
1. Commitment to competence- levels needed for certain jobs, and how these levels translate to skills and knowledge
2. Human resources policies and practices
3. Organisational structure- framework of how activities are planned, executed, controlled and reviewed
4. Participation of those charged with governance (board of directors or audit committee)- independence;
experience; appropriotness of actions etc.
5. Management’s philosophy and operating style- e.g. approach to taking risk, financial reporting
6. Communication and enforcement of integrity, ethical values
7. Assignment of authority and responsibility- establishment of relationships and hierarchies
2. Risk Assessment (285)
1. Identify business risk to financial reporting objectives
2. Estimate significance of risks.
3. Assessing likelihood of occurrence
, 4. Determine actions necessary to manage risk = controls.
3. Information system (including related business processed relevant to
financial reporting and communication)
An IF consists of infrastructure, software, people, procedures and data
It encompasses methods that:
1. Identify and record all valid transactions
2. Describe in a timely fashion the transactions
3. Measures the value of transactions so they can be reported
4. Determine time period in which transactions occurred
5. Present the transactions in the financial statements
Consists of (What an auditor must obtain an understanding of)*
1. Classes of significant transactions
2. Procedures: initiate, record, process, and report the transactions to general leger & financial statements at the
correct amount
3. Related accounting records that are used to initiate, record, process, and report the transactions to general leger &
financial statements at the correct amount
4. How the IS captures events and conditions other than transactions that are significant to the IS
5. Financial reporting process used to prepare the FSs, including significant estimates and disclosures
6. Controls surrounding journal entries Including journals used to record unusual transactions
4. Control activities
What each transaction in a business should be subject to
Activities**
1. Authorisation
2. Performance reviews
- actual vs budgeted, data analysis,
- functionality of controls, relating different sets of data
3. Information processing- general- and application controls
4. Physical control
- physical security and safeguarding of items;
- authorisation to access to computer programs and files,
- periodic counting and comparison of amounts
5. Segregation of duties
- authorisation, recording and custody of assets are segregated
- may not be able to commit fraud and conceal it (to be in a position to both perpetrate and conceal errors or
fraud in the normal course of a person’s duty)
- (Answering- identify person, and different activities that he is responsible for)
5. Monitoring
Monitoring activities deal with management’s ongoing and periodic assessment of the quality of internal control
performance, and the taking of remedial actions if needed
Monitored through information from third parties, or the manager’s close involvement in operations (smaller
entities)
Monitoring is accomplished by ongoing activities, separate evaluations or a combination of the two
Formalized procedures- an internal audit
To determine whether controls are operating as intended and modified when needed.
Reconciliations on a timely basis
Inherent limitations of IC (304)
Can provide entity only with reasonable assurance about achieving the entity’s financial reporting objectives
