Part B – Internal Control and Review
Internal control: Definition/Importance/Objectives
Definition/Importance
(Definition)
Internal control is any action taken by management to enhance the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Thus the control is the result of proper planning, organizing and directing of management. Controls attempt to ensure that risks and those factors which stop the achievement of company objectives are minimized.
(Importance)
(1) Internal control and risk management are fundamental components of good corporate governance.
(2) Good corporate governance means that the board must identify and manage all risks within a company.
(3) In terms of risk management, internal control systems span financial, operational, and other areas i.e. all the activities of the company.
(4) However, internal control system are only as good as the people using them.
Objectives
(APB)
(1) The orderly and efficient conduct of its business, including adhere to internal policies.
(2) The safeguarding of assets.
(3) The preventing and detection of fraud and error.
(4) The accuracy and completeness of the accounting records.
(5) The timely preparation of financial information.
(COSO)
(1) Effectiveness and efficiency of operations.
(2) Reliability of financial reporting.
(3) Compliance with applicable laws and regulations.
Roles in risk management
Responsibility for internal control is not simply an executive management role. All employees have some responsibility for monitoring and maintaining internal controls.
(1) Board of directors: Ensuring adequacy and effectiveness of internal control system.
(2) Senior executive management: Setting internal control policies; Monitoring effectiveness of internal control system.
(3) Heads of business units: Establishing specific internal control policies and procedures.
(4) All employees: Operating and adhering to internal controls.
Elements/Components of internal control system (COSO framework)
Control Environment
(1) It describes the ethics and culture of the organization, which provide a framework with which other aspects of internal control operate.
(2) It is the attitude and actions of the board and management regarding the significance of control within the organization.
(3) It provides the discipline and structure of the achievement of the primary objectives of the system of internal control.
(4) It includes: (a) management’s philosophy and operating style; (b) organization structure; (c) Assignment of authority and responsibility; (d) human resources policies and practices; (e) competence of personnel.
Risk Assessment
(1) There is a connection between the objectives of an organization and the risks to which it is exposed.
(2) The risks involved in achieving those objectives should be identified and assessed.
(3) Risk assessment should form the basis for deciding how the risks should be managed.
Control Activities
(1) These are policies and procedures that ensure that the decisions and instructions of management are carried out.
(2) Control activities include: (a) authorizations; (b) verifications; (c) reconciliations; (d) approvals; (e) segregation of duties; (f) performance reviews etc.
(3) These control activities are commonly referred to as internal controls.
Information and Communication
(1) An organization must gather information and communicate it to the right people.
(2) Managers need both internal and external information to make decision.
(3) The quality of information systems is a key factor.
Monitoring
(1) The internal control system must be monitored.
(2) This element of an internal control system is associated with internal audit.