Page 122 - DCOM204_AUDITING_THEORY
P. 122
Auditing Theory
Notes Describe internal checking;
Discuss procedure of internal audit;
Evaluate internal control.
Introduction
The management style and the expectations of upper-level managers, particularly their control
policies, determine the control environment. An effective control environment helps ensure
that established policies and procedures are followed. The control environment includes
independent oversight provided by a board of directors and, in publicly held companies, by an
audit committee; management’s integrity, ethical values, and philosophy; a defined
organizational structure with competent and trustworthy employees; and the assignment of
authority and responsibility.
Control activities are the specific policies and procedures management uses to achieve its
objectives. The most important control activities involve segregation of duties, proper
authorization of transactions and activities, adequate documents and records, physical control
over assets and records, and independent checks on performance. A short description of each of
these control activities appears below.
1. Segregation of duties requires that different individuals be assigned responsibility for
different elements of related activities, particularly those involving authorization, custody,
or record keeping. For example, the same person who is responsible for an asset’s record
keeping should not be responsible for physical control of that asset having different
individuals perform these functions creates a system of checks and balances.
2. Proper authorization of transactions and activities helps ensure that all company activities
adhere to established guide lines unless responsible managers authorize another course
of action. For example, a fixed price list may serve as an official authorization of price for
a large sales staff. In addition, there may be a control to allow a sales manager to authorize
reason able deviations from the price list.
3. Adequate documents and records provide evidence that financial statements are accurate.
Controls designed to ensure adequate record keeping include the creation of invoices and
other documents that are easy to use and sufficiently informative; the use of pre-numbered,
consecutive documents; and the timely preparation of documents.
4. Physical control over assets and records helps protect the company’s assets. These control
activities may include electronic or mechanical controls (such as a safe, employee ID cards,
fences, cash registers, fireproof files, and locks) or computer-related controls dealing with
access privileges or established backup and recovery procedures.
5. Independent checks on performance, which is carried out by employees who did not do
the work being checked, help ensure the reliability of accounting information and the
efficiency of operations. For example, a supervisor verifies the accuracy of a retail clerk’s
cash drawer at the end of the day. Internal auditors may also verity that the supervisor
performed the check of the cash drawer.
In order to identify and establish effective controls, management must continually assess the
risk, monitor control implementation, and modify controls as needed. Top managers of publicly
held companies must sign a statement of responsibility for internal controls and include this
statement in their annual report to stockholders.
116 LOVELY PROFESSIONAL UNIVERSITY
