Definition and Objectives of Internal Control

INTERNAL CONTROLS

A. Definition and Objectives of Internal Control

B. Components of Internal Control:

1. Control Activities

2. Risk Assessment

3. Information and Communication

4) Monitoring

5) Control Environment:

C. Inherent Limitations:

1. Human Error

3. Cost-Benefit Judgment

4. Collusion

5. Management Override

6. Control Environment

7. Time Period

D. References of Control Activities in Specific Accounting Areas

E. Foreign Corrupt Practices Act

1. Provisions

2. Assurance

II INTERNAL AUDITING

A. Purposes .

B. Attribute Standards for Internal Auditing

C. Internal Audit Process

D. Fraud Detection and Investigation

E. Types of Internal Audit Engagements

III. SYSTEMS CONTROLS AND SECURITY MEASURES

A. Roles and Responsibilities Within the IT Function

B. Segregation of Duties

C. Systems Design and Documentation .

D. Data Reliability Risks

E. Disaster Recovery Plan

F. Internet Security Risks

G. Methods for Internet Security

SECTION 1 - CHAPTER 4

INTERNAL CONTROLS

I. RISK ASSESSMENTS AND CONTROLS

A. Definition and Objectives of Internal Control

Internal control is defined as a process which is affected by an entity's board of directors, management as well as other personnel. It is designed to offer reasonable assurance in regard of the achievement of three major objectives (see below). The definition of internal control reflects the following concepts:

1. A Process: The management processes of planning, executing as well as monitoring combine together and thus formulate internal control. Controls are most effective when they are "built in" rather than "built on." Building in controls can reduce costs and promote the development of new controls necessary to new business activity.

2. People: Internal control is influenced by all the people of an organization, by what they do and what they say. A clear link must be established between peoples' duties, the way the duties are carried out, as well as the entity's objectives.

3. Reasonable Assurance: Internal control can offer merely reasonable assurance of the achievement of an organization's objectives. There are limitations in all control systems. These include human judgment, costs and benefits, breakdowns due to error or mistakes, collusion and management override.

4. Objectives: There are three aspects in which the following three objectives fall: financial reporting, operations as well as compliance.

Reliability of financial reporting

Efficiency & Effectiveness of operations

Compliance with applicable laws and regulations

And in details,

B. Internal Control Components:

There are five interrelated components in composing internal control:

Control Activities

Risk Assessment

Information and Communication

Monitoring

Control Environment

1. Control Activities: Control activities are the policies and procedures that help guarantee that the entity's objectives are achieved. Control activities have various objectives and are applied at various organizational and functional levels. Include policies and procedures that pertain to:

a. Segregation of Duties: CARP these control activities involve ensuring that different people are assigned responsibilities for maintaining custody of assets, authorizing transactions, recording transactions, and performing periodic reconciliations of existing assets to recorded amounts. They reduce the ability of individuals to both perpetuate and conceal errors or fraud. Desirable segregation of duties can be memorized using the acronym CARP:

C Custody

A Authorization

R Recordkeeping

P Periodic reconciliations

b. Information Processing: Check accuracy, completeness, as well as authorization of transactions are procedures in control activities. They include both general controls and application controls (discussed later in this chapter). Information processing controls include the use of prenumbered documents to ensure that all transactions are recorded and that they are recorded only once.

c. Physical Controls: These control activities address the physical security of assets, including secured facilities, authorization access for computer programs and data files, as well as periodic counting and comparison of physical assets with control records.

d. Performance Reviews: Investigations and corrective actions