Internal controls
Characteristics
* Internal control is a process - a combination of systems, policies & procedures designed, implemented
& maintained to address the risks of running a business.
* Effected by people. Doesn't consist only of policy & procedure manuals, ledgers,documents, computers & machine
*There is a shared responsibility for the internal control process; the directors, management & ordinary employees
*Not static. A response to the risks of operating a business; risks change,therefore responses must change.
*Not foolproof.Provides only reasonable assurance that risks will be addressed to the so that obj. will be achieved
*Not a single control addressing a single risk. IC policies & procedures must work in conjunction with each
other & with the books, records & documents used. The control over a risk is best achieved by combinations of
actions, policies & procedures.
Inherent limitations
* Manag.'s usual require. that cost of IC doesn't exceed the expected benefit to be derived.
*The tendency for internal controls to be directed at routine transactions rather than non-routine transactions
*The potential for human error due to carelessness, distraction,mistakes of judgement & misunderstanding instr.
*The possibility of circumvention of IC through collusion
*The possibility of a person resp. for an IC abusing that resp.
*The possibility that control procedures become inadequate due to change
Components Types of control activities
C - control activities *Approval, authorisation
R -risk assessment process *Segregation of duties
I - info. System & communication -Custodian of the entity’s assets, shouldn't be resp. for
M - monitoring of controls records relating to the asset.
E - control environment - Facilitates checking of one employee’s work by another.
Design of Internal Controls *Isolation of resp.
1. Identify risk - people involved in the system must be fully aware
2. Formulate control objective of their resp. & be accountable for their performance.
3. Design proper system of IC *Physical or logical controls
- use the 5 components of a system of IC *Reconciliation
- Implement, maintain & monitor the IC as designed *Verification
Computerised environment
GENERAL CONTROLS
*establish an overall framework of control for computer activities,
*Span across all applications. General controls operate “around” the application controls
*if your general controls are not adequate, the application controls might not be of much use.
Characteristics
* Internal control is a process - a combination of systems, policies & procedures designed, implemented
& maintained to address the risks of running a business.
* Effected by people. Doesn't consist only of policy & procedure manuals, ledgers,documents, computers & machine
*There is a shared responsibility for the internal control process; the directors, management & ordinary employees
*Not static. A response to the risks of operating a business; risks change,therefore responses must change.
*Not foolproof.Provides only reasonable assurance that risks will be addressed to the so that obj. will be achieved
*Not a single control addressing a single risk. IC policies & procedures must work in conjunction with each
other & with the books, records & documents used. The control over a risk is best achieved by combinations of
actions, policies & procedures.
Inherent limitations
* Manag.'s usual require. that cost of IC doesn't exceed the expected benefit to be derived.
*The tendency for internal controls to be directed at routine transactions rather than non-routine transactions
*The potential for human error due to carelessness, distraction,mistakes of judgement & misunderstanding instr.
*The possibility of circumvention of IC through collusion
*The possibility of a person resp. for an IC abusing that resp.
*The possibility that control procedures become inadequate due to change
Components Types of control activities
C - control activities *Approval, authorisation
R -risk assessment process *Segregation of duties
I - info. System & communication -Custodian of the entity’s assets, shouldn't be resp. for
M - monitoring of controls records relating to the asset.
E - control environment - Facilitates checking of one employee’s work by another.
Design of Internal Controls *Isolation of resp.
1. Identify risk - people involved in the system must be fully aware
2. Formulate control objective of their resp. & be accountable for their performance.
3. Design proper system of IC *Physical or logical controls
- use the 5 components of a system of IC *Reconciliation
- Implement, maintain & monitor the IC as designed *Verification
Computerised environment
GENERAL CONTROLS
*establish an overall framework of control for computer activities,
*Span across all applications. General controls operate “around” the application controls
*if your general controls are not adequate, the application controls might not be of much use.
