An analysis of internal controls

An analysis of inner chinks congenital get wind as a process, effected by an entitys board of directors, vigilance and some other personnel, figure of speeched to provide reasonable assurance regarding the achievement of objectives inThree categories1. Effectiveness and efficiency of operations2. Reliability of financial reporting, and3. Compliance with applicable laws and regulations1. inbred tell our EDP System cozy watchs argon a vigorous part of accounting and data processing outlines. It is important that the canvassor be aware with the characters and uses of internal delays with respect to both manual of arms and automatic systems. The restrains of an electronic data processing system (EDP) and their identification, evaluation, and importance to the external auditor1.1.1. Importance of Internal ControlInternal controls are a important part of accounting and data processing systems. It is important that the auditor be familiar with the functions and uses of internal controls with respect to both manual and automatic systems.1.1.2. What are Internal Controls?In a broad sense, internal control comprises controls which embrace the boldnessal plan and the methods used to protection the assets, create the dependableness of financial data and records, endorse working efficacy and loyalty to managerial policies.Internal control is categorized by independence between departments and lines of vicarious tariff and authority. It is important that these internal controls verify the dependability and correctness of the data supportive all transactions using control aggregate techniques, sanctions and approvals, contrasts, and other tests of data accuracy. military commission on Auditing Procedure. Auditing Standards and Procedures, Statements on Auditing Procedure No. 33. New York American Institute of Certified Public Accountants, 2008, p. 27.1.1.3. Why Internal Controls are Important?Before trouble can make judgments to maximize the long run profit of a firm, it must first have dependable accounting data on which to rest home these decisions. This info should be timely, accurate, complete, and reliable.The protection of the assets of the firm against losses from misappropriation, robbery, failure to take discounts, inadequacy, and unjustified delays of credit are some functions of internal control that should be sufficiently interweaved in any good accounting system. These controls are necessary to assure management that the agreed procedures and orders are obeyed to since the management of large companies are not usually involved in personal supervision of their employees. Therefore, controls add reliability to accounting and financial data.Internal controls are important to deliver appropriate segregation of useful responsibilities and to create a system of authorization and sanction to provide reasonable safety over these assets, liabilities, revenues, and expenses. Sound practices shadowed in the work outance of duties with in the organization and the allocations of persons of a quality appropriate with responsibilities are two additional necessary and correct functions of internal controls in any system.1.1.4. Why the Auditor is Concerned with Internal Controls?Management identifies the needs and importance of internal controls as valuable tools to assure that events and transactions are properly carried out. The use and attendance of sufficient internal controls loans combine and credibility to accounting records and consequently, reduces the length and detail of the audit. These internal controls reduce monotonous, routine, mechanical checks and verifications of bookkeeping accuracy, authorizing replacement of less time consuming approaches that involve judgment, reasoning, and common sense.1.2. Internal Control Over Financial ReportingThe internal control system of an entity is severely interconnected to the structure used by management to supervise the activities of the organization, or to what is defined as the entitys corporate governance. Good corporate governance should deliver proper inducements for the board and management to follow purposes that are in the interest of the association and shareholders and should ease telling monitoring, thereby encouraged firms to use resources more proficiently (OECD Principles of Corporate Governance). The Board of Directors is thus accountable for providing governance, supervision and oversight for senior management and guaranteeing that a equal internal control system is in place and effective, meaning it ensure that foreseeable objectives are attained.Financial reporting is the connection between the company and its external environment. One of the main features which contributed to these failures relate to the internal control system established around the disclosure of information to stakeholders. It seemed that not attaining the objective of effective internal control system over financial reporting demoralizes the st atus of a company, even at the attendance of many other control components, do it problematic or impossible for a company to be dependable on the market, to be able to collect financing resources, to be believable to shareholders and stakeholders in general.1.2.1. Role of the Internal Auditor in Evaluating Internal ControlsThe Internal auditor should scrutinize and contribute to the continuing persuasiveness of the internal control system finished evaluation and commendations.Though, the internal auditor is not lodged with managements primary obligation for designing, applying, maintaining and documenting internal control. Internal audit functions add value to an organizations internal control system by transporting an orderly, disciplined approach to the evaluation of danger and by making commendations to streng then the effectiveness of risk management struggles. The internal auditor should emphasis towards improving the internal control structure and promoting better corporat e governance.The role of the internal auditor consists ofEvaluation of the efficiency and effectiveness of internal control Commending new controls where essential or stopping unnecessary controls Using control framework Developing Control self-valuationThe internal auditors assessment of internal control includesDetermining the significance and the com retrogression of the risk for which controls are cosmos measuredMeasuring the vulnerability to misuse of resources, failure to r each(prenominal) objectives concerning moralities, economy, efficiency and effectiveness, or failure to accomplish accountability obligations, and non-obedience with laws and regulations.Identifying and understanding the design and operation of related controls.Determining the grade of control effectiveness done testing of controls.Measuring the sufficiency of the control design.Reporting on the internal control evaluation and debating the essential corrective actions.The comprehensive areas of review by t he internal auditor in assessing the internal control System areMission, vision, ethical and organisational worthy system of the entity.Personnel allocation, evaluation system, and growth policiesAccounting and financial reporting policies and obedience with applicable legal and regulatory standardsObjective of dimension and differentiate performance pointersDocumentation standardsRisk management structureOperational frameworkProcesses and procedures followedDegree of management administrationInformation systems, communication channelsBusiness ceaselessness and Disaster Recovery ProceduresThe internal auditor should get an understanding of the important processes and internal control systems adequate to plan the internal audit engagement and turn an effective audit tactic. The internal auditor should use professional finding to assess and evaluate the adulthood of the entitys internal control. The auditor should obtain an understanding of the control environment sufficient to ev aluate managements attitudes, consciousness and actions regarding internal controls and their importance in the entity.Such an understanding would also help the internal auditor to make an sign assessment of the sufficiency of the accounting and internal control systems as a basis for the preparation of the financial statements, and of the likely nature, timing and magnitude of internal audit procedures. The internal auditors measures the as is internal control system within the organization.The internal auditor should become an understanding of the internal control.Procedures adequate to develop the audit plan. In obtaining that understanding, the internal auditor would consider knowledge about the attendance or absence of control procedures obtained from the understanding of the control environment, art processes and accounting system in determining whether any additional understanding of control procedures is essential. The internal auditor should document and understand the de sign and operations of internal controls to assess the effectiveness of the control environment.When attaining an understanding of the business processes, accounting and internal control systems to plan the audit, the internal auditor obtains information of the design of the internal control systems and their operation. For example, an internal auditor may perform a walk-through test that is present a few transactions through the accounting system. When the transactions selected are typical of those transactions that pass through the system, this procedure may be treated as part of the tests of control.The internal auditor should deliberate the following aspects in the evaluation of internal control system in an entityDiscovering the entity has a mission statement and written goals and objectives.Evaluating risks at the activity (or process) level.Completing a Business Controls worksheet for each important activity (or process) in each function or department with documentation of t he attendant controls and their degree of effectiveness (partial or full) arranging those activities (or processes) which are most critical to the success of the function or departmentEnsuring that all risks identified at the entity and function or department level are addressed in the Business Controls worksheet along with the combine documentation of the operating controls.Discovering from the Business Controls worksheet, those risks for which no controls exist or existing controls are insufficient.1.2.2. The assessment of internal control over financial reportingThe total assessment dedicates a complete opinion of the effectiveness of entitys internal control system across internal control components. To facilitate the comparability with other entities and give complete assessment of the effectiveness of an entitys internal control system as such, universal system for evaluations is needed.Assessments and audits of internal control system should be tailor-made to the size, busi ness, operations, risks, and procedures of each company, not directed by standardized lists (Heuberger 2009). This should more exactly identify possible problems, promote more efficient allocation of resources to in high spiritser-risk areas, and encourages a focus on outcomes rather than on processes.Internal control over financial reporting can be judged effective when reasonable assurance subsists that financial statements are being prepared reliably.Quantitative assessments are intended to measure the level of confidence that can be placed on the internal control systems ability to perform effectively (Perry 2010).Perry and Warner (Ibid 52-55) have suggested a five-step warning for quantitative assessment of internal control system, which is described on figure 1.1. The most important feature to wrinkle in this framework is scoring individual control objectives against the selected model. Using a suitable framework as a basis of the evaluation helps to attain a complete and s tructured assessment without missing important features of internal control.Figure 1.1. Quantitative assessment of internal controls. Perry 2010 52-55.A framework can be deemed suitable as the fundamental for evaluation, when it is free from bias it permits reasonably consistent qualitative and quantitative measurements it is adequately complete so that those related factors that would modify a culture about the effectiveness of a companys internal control over financial reporting are not mislaid and it is related to the evaluation (PCAOB 2009 11).There are two key components of quantitative scoring establishing how the maximum score will be assigned within the model and determining what percentage of the total shell out score to award to each control components. The initial COSO cube provides insight into the importance of the five internal control components in relative to each other, emphasise the great importance of control environment and observing. However, Perry. (201054) note that those performing the assessment should apply their own experience with and information of internal controls and use this in corporate trust with COSO guidance.COB IT model describes numerous different levels of dependability or maturity of an internal control system. Levels may range from initial, the lowest level of dependability, to optimized, the highest.COBIT Internal control reliability model is drawing the evaluators consideration to different features of the effectiveness of internal control, which would otherwise go unobserved, e.g. documentation and perceived value of controls. At the same time, this model is incomplete with respect to COSO internal control framework, because control environment and risk assessment are not comprised. Also, difficulties may arise greatly in lessened and medium-sized enterprises, where documentation regarding internal control system is limited and control procedures informal, but consciousness, communication and observing functioni ng might still be at high level.The Internal Control Institute in the US features six categories in rating internal control components. Groups range from reactive controls to world class system pronounced in table 1.3. Each category is worth a percentage that is proportionate with the attained level of control (Perry 2005 54). Specifically, category 1 is worth 162/3 percent (1/6) and category 6 is the highest level of maturity and is worth100 percent. The points for each control principle should be assigned according to the evaluated percentage of proposed maximum score, then concise and an assessment report prepared. In this system, the evaluators score the internal control over financial reporting according to the fulfillment of the principles of internal control through numerous criteria. The total evaluation of internal control is attained through summarizing the scores across objectives and components.Perrys model allows giving an total numerical opinion of the effectiveness of the internal control system, taking into account the distinct features of every organization by assigning different percentages for different control principles and components according to the entitys size, ownership and business activities.The assessment of the efficiency of internal control over financial reporting in an entity is closely associated to the concept of fraud. The Chartered Institute of Public Finance and account (CIPFA) defines fraud as those intentional misrepresentations of financial statements and other records which are carried out to conceal the misappropriation of assets or otherwise for gain (Pickett 2000 550). For a person to target fraud, three factors need to be in place incentive or burden, chance and rationalization (Rittenberg 2005 301 Pickett 2000 550).