Page 56 - DCOM509_ADVANCED_AUDITING
P. 56
Unit 4: Internal Control
In order to identify and establish effective controls, management must continually assess the Notes
risk, monitor control implementation, and modify controls as needed. Top managers of publicly
held companies must sign a statement of responsibility for internal controls and include this
statement in their annual report to stockholders.
4.1 Process of Internal Control
Internal control is the process designed to ensure reliable financial reporting, effective and
efficient operations, and compliance with applicable laws and regulations. Safeguarding assets
against theft and unauthorized use, acquisition, or disposal is also part of internal control.
Internal Control defined as a process designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
1. Effectiveness and efficiency of operations
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations
Several key points should be made about this definition.
Internal control is, to some degree, everyone’s responsibility.
Example: Within the University, administrative employees at the department-level are
primarily responsible for internal control in their departments.
Effective internal control is a built-in part of the management process (i.e., plan, organize,
direct, and control). Internal control keeps an organization on course toward its objectives and
the achievement of its mission, and minimizes surprises along the way. Internal control promotes
effectiveness and efficiency of operations, reduces the risk of asset loss, and helps to ensure
compliance with laws and regulations. Internal control also ensures the reliability of financial
reporting (i.e., all transactions are recorded and that all recorded transactions are real, properly
valued, recorded on a timely basis, properly classified, and correctly summarized and posted).
Notes Effective internal control helps an organization achieve its operations, financial
reporting, and compliance objectives.
Effective internal control helps an organization achieve its objectives; it does not ensure success.
There are several reasons why internal control cannot provide absolute assurance that objectives
will be achieved: cost/benefit realities, collusion among employees, and external events beyond
an organization’s control. A short description of control activities appears below:
1. Segregation of duties requires that different individuals be assigned responsibility for
different elements of related activities, particularly those involving authorization, custody,
or record keeping.
Example: The same person who is responsible for an asset’s record keeping should not
be responsible for physical control of that asset having different individuals perform these
functions creates a system of checks and balances.
2. Proper authorization of transactions and activities helps ensure that all company activities
adhere to established guide lines unless responsible managers authorize another course
of action.
LOVELY PROFESSIONAL UNIVERSITY 51
