Question

In: Accounting

evaluate the internal control structure of an organization discuss the required documentation and audit work based...

evaluate the internal control structure of an organization

discuss the required documentation and audit work based on the evaluation of internal controls

Solutions

Expert Solution

An evaluation of internal control involves an examination of the effectiveness of an organization's system of internal controls. By engaging in this evaluation, an auditor can determine the extent of other tests that must be performed in order to arrive at an opinion regarding the fairness of the entity's financial statements. A robust system of internal controls reduces the risk of fraudulent activity, which moderates the need for additional audit procedures. The examination concentrates on such issues as:

  • The separation of duties
  • Checks and balances
  • Safeguarding of records
  • The training level and competence of employees
  • The effectiveness of the entity's internal audit function

The steps involved in this evaluation process include the following:

  1. Determine the extent and types of controls being used by the client.
  2. Determine which of these controls the auditor intends to rely upon.
  3. Based on the first two steps, determine which audit procedures should be expanded or reduced.
  4. Make recommendations to the client regarding how to improve its system of internal controls.

Control Objectives

In addition to detailing risks and controls, control documentation needs to identify control objectives clearly. To better understand the control objectives related to an activity, process, or system, internal auditors can reference regulatory compliance documentation from relevant authorities, including capital market regulators and central banks. Auditors can also leverage freely available Internet resources such as those found on AuditNet.org and The IIA's Web site.

Control objectives may be articulated in a variety of documents, including the organization's mission statement, strategic plan, business plans, and budgets. Internal auditors can use a risk and control matrix that incorporates COSO concepts to document the objectives and the relevant risks identified. Control objectives should be established mainly for the operating and compliance elements of coso and should address information processing objectives:

  • Completeness — what prevents duplicate postings by the system?
  • Accuracy — what ensures accurate data input?
  • Validity — what prevents unauthorized transactions?
  • Restricted access — what ensures data confidentiality?

Control objectives should address specific organizational risks, such as those related to strategy, operations, reporting, and compliance.

Understanding Controls

To document internal controls effectively, internal auditors must understand the flow of transactions, including how transactions are initiated, recorded, authorized, processed, and reported. Auditors must also identify and document the risks within the process, including fraud risk, and identify and document the controls that should be implemented to manage those risks.

Internal auditors must be able to determine which controls are necessary to the process, activity, or system under review in light of the risk profile and desired level of control. Management is responsible for establishing adequate business processes and measuring performance, as well as determining how best to monitor the operating effectiveness of enterprise processes and controls. Internal auditors should consider these responsibilities when documenting either formal (written) or informal (undocumented) controls.

Types of Documentation

Internal control documentation can take various forms, including flowcharts, policy and procedure manuals, and narrative descriptions. No one particular form of documentation is required by The IIA's Standards, and the extent of documentation may vary depending on the complexity of the area. Depending on the nature of the organization, control documentation may range from generic guidelines to detailed written policies and procedures.

In most instances, internal auditors use flowcharts supplemented by narrative descriptions as a starting point for documentation work. Once these items are completed, auditors often use risk and control matrices for more specific analysis. These methods, as well as internal control questionnaires (ICQs) and policy and procedure manuals, constitute the most well-known and commonly used forms of control identification and documentation.


Related Solutions

Discuss general management’s responsibilities for the accounting system and internal control structure of the organization.
Discuss general management’s responsibilities for the accounting system and internal control structure of the organization.
Chapter 5 of the online text, "Internal Control and Audit Compliance: Documentation and Testing Under the...
Chapter 5 of the online text, "Internal Control and Audit Compliance: Documentation and Testing Under the New COSO Framework" discusses the concept of segregation of duties. What does this concept mean? Discuss your current or maybe a former workplace where you noticed that there was a proper segregation of duties or maybe a lack of segregation of duties. What procedure might have helped to strengthen the internal controls?Chapter 5 of the online text, "Internal Control and Audit Compliance: Documentation and...
Based on documentation gathered, your internal audit fraud team has sufficient evidence to prove that a...
Based on documentation gathered, your internal audit fraud team has sufficient evidence to prove that a warehouse manager for the company where you work has been stealing inventory. You have been assigned to lead the interview of the manager. How would you prepare for an interview at the company’s warehouse offices? Include how you would initially contact the warehouse manager for an interview. Also, include in your discussion how you would prepare the interview room and how you would conduct...
Explain the use of audit sampling methods that work for internal auditor within an organization.
Explain the use of audit sampling methods that work for internal auditor within an organization.
Identify an internal control structure and describe an effective internal control structure, relating to accounting and...
Identify an internal control structure and describe an effective internal control structure, relating to accounting and preparing accurate financial statements.
Discuss the importance of understanding internal control in developing an effective audit program. In that context,...
Discuss the importance of understanding internal control in developing an effective audit program. In that context, include in your discussion a general overall position and specifically the internal control questionnaires for either the Revenue and collection Cycle or Production (Inventory) Cycle, which also includes internal control over Inventory Transaction Processing. Matters such as seperation of duties should be part of your response. Include in your answer several (3 would be enough) important considerations to satisfy sound internal control for each...
Explain how internal control work done by auditors impacts the audit risk equation. Does control risk...
Explain how internal control work done by auditors impacts the audit risk equation. Does control risk change if the auditors are providing an opinion over internal controls? How is detection risk impacted?
What is the relationship between internal control,internal audit , audit committee and corporate governance ?
What is the relationship between internal control,internal audit , audit committee and corporate governance ?
What is internal control, and what are the objectives of a well-designed internal control structure in...
What is internal control, and what are the objectives of a well-designed internal control structure in an organization?
write an audit program for internal control of cash
write an audit program for internal control of cash
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT