What are the 5 elements of internal control?

Documents should be approved by an appropriate person.  For example, wages calculations and payments should be approved by a senior manager.

Risk Assessment

1. The auditor should understand how management assess risk and how they take action to mitigate risks discovered

2. Management should be undertaking regular risk assessments to ensure that all risks are identified and mitigated.

This audio is hosted on a service that uses preferencestracking cookies.

These cookies are currently disabled - to listen to this audio, you will need to consent to and re-enable preferences cookies in your Cookie Settings

Information System

The auditor must ‘obtain an understanding of the information system, including the related business processes, relevant to financial reporting.’

The auditor must decide what areas of the information system are relevant to the financial reporting of the entity and only concentrate on those systems.

• The ISA defines these areas as:

  • The classes of transactions in the entities operations which are significant to the financial statements.

  • The procedures, within both IT and manual systems, by which those transactions are initiated, recorded, processed and reported in the financial statements.

  • The related accounting records, whether electronic or manual, supporting information and specific accounts in the financial statements, in respect of initiating, recording, processing and reporting transactions.

  • How the information system captures events and conditions other than classes of transactions, that are significant to the financial statements.

  • The financial reporting procedure used to prepare the entities financial statements, including significant accounting estimates and disclosures.

• This is a key area to the exam as a question will often require you to understand business systems in a scenario.  Read and ensure you understand the above areas.

• This audio is hosted on a service that uses preferencestracking cookies.

  These cookies are currently disabled - to listen to this audio, you will need to consent to and re-enable preferences cookies in your Cookie Settings

  Enable all cookies

Monitoring of Controls

1. Controls may be monitored either by management or by the internal audit function if one exists.

2. The auditor may be able to rely on some of the work of internal audit as we will see later, but must first gain an understanding of how controls are monitored and how effective the monitoring is.

This audio is hosted on a service that uses preferencestracking cookies.

These cookies are currently disabled - to listen to this audio, you will need to consent to and re-enable preferences cookies in your Cookie Settings

The Control Environment

• The control environment refers to the framework around which the controls of the organisation operate.

  Believe it or not, internal control is your job, too! In fact, it is mandated by the Budget and Accounting Procedures Act of 1950, which required agencies to establish systems of internal control. The Federal Managers Financial Integrity Act of 1982 strengthened this system by requiring agency heads to report annually according to prescribed internal control standards and guidance of the Government Accountability Office (GAO) and Office of Management and Budget (OMB). There are five components of internal control, 17 associated principles, and 47 attributes. This article will focus primarily on the five components.

  Control Environment
  The first component, the control environment, is probably the most important of the five standards because it impacts all the others. In fact, the control environment is the foundation. It has five principles pertaining to setting the tone at the top, demonstrating a commitment to competence, and establishing oversight, structure, responsibility, and enforcing accountability. Think of the difference between parents who set and enforce ‘house rules’ on things like homework, social media access, bedtime, etc., and those that do not. Generally, the former produces better outcomes.

  Risk Assessment
  The second component, risk assessment, has four principles that address defining objectives, identifying, analyzing, and responding to all types of risk and change. Managers have a responsibility for not only identifying risk but establishing the level of risk they are willing to accept. For example, if the agency goal is an 85 percent customer satisfaction rate, the agency is willing to accept 15 percent of customers being unsatisfied — the risk tolerance level.

  Control Activities
  The third component is control activities. As the name suggests, the three associated principles pertain to designing and implementing control activities. Think of control activities as the policies, procedures, and mechanisms put in place to accomplish agency objectives. For example, if your objective is to keep your home and family safe, locking the doors and installing a security system would be examples of control activities.

  Information and Communication
  The fourth component, information and communication, has three principles of which processing data into quality information and communicating to both internal and external audiences are hallmarks. “Seven times, seven ways” is sometimes used to describe how management must continually understand their audience and communicate both internally and externally to stakeholders. Townhall meetings, intranet, email, focus groups, and surveys are examples of how this might be accomplished.

  Monitoring
  The final component, monitoring, has two principles outlining responsibilities for monitoring and correcting deficiencies. Think of the start of a new year and new year’s resolutions. Many people set goals to get in shape and lose weight. Let’s say you start the year off at 174 pounds and have a goal to get to 150. That means you need to lose 24 pounds or about 2 pounds a month on average. Suppose you set this goal but never weigh yourself at the start of the year, or during the year for that matter. You could likely end the year weighing more than 174 pounds. An effective monitoring system requires one to establish a baseline (identify your starting point) as well as periodic and recurring monitoring (daily, weekly, monthly, quarterly, etc.) so that adjustments can be made along the way to reach the established milestones and goals.

  Where should I begin?
  Here are a few resources that you can go to right now to get closer to meeting your professional objectives related to internal control.

  • OMB Circular A-123 – Management’s Responsibility for Enterprise Risk Management and Internal Control – This memo provides guidance to federal managers on improving the accountability and effectiveness of federal programs and operations by establishing, assessing, correcting, and reporting on internal control.
  • GAO – Standards for Internal Control in the Federal Government, commonly known as the Green Book, provides the most comprehensive information available on internal controls.
  • AGA – The Internal Controls Workgroup of the Association of Government Accountants (AGA) has developed numerous resources that provide detailed information about internal control business processes, individual components developed by The Committee of Sponsoring Organizations of the Treadway Commission (COSO), principles, attributes, and best practices.
  • Management Concepts – We offer close to 30 courses that cover internal control, many of which are accredited and may be applied to a certification program. In addition, we offer private group training that can be customized for the internal controls training needs of your organization. For a fresh perspective on how internal controls drive mission success, see this infographic.

  ---

  Joe Ward is a Management Concepts instructor and the President and CEO of Ward Management Group LLC. He is a retired USAF officer and retired member of the Senior Executive Service. In addition, Joe was an officer with two different global audit and management consulting firms. During his 26 years of service in the Air Force, and for more than a decade since he has provided high-profile leadership in financial management. Joe earned a bachelor of science degree in business administration from Central Connecticut State University and a master of public administration in finance from Troy State University. He is a Certified Defense Financial Manager and Certified Government Financial Manager.

  What are the five main objectives of internal control?

  Internal control should have the following objectives:.

  Efficient conduct of business: ... .

  Safeguarding assets: ... .

  Preventing and detecting fraud and other unlawful acts: ... .

  Completeness and accuracy of financial records: ... .

  Timely preparation of financial statements: ... .

  Figure 1: Categories of controls..

  What are the five purposes of internal control and what does each mean?

  Internal Control Is Part of Your Job Internal controls function to minimize risks and protect assets, ensure accuracy of records, promote operational efficiency, and encourage adherence to policies, rules, regulations, and laws.

  What are the 7 internal control procedures?

  What are the 7 internal controls procedures?.

  Separation of duties..

  Access controls..

  Physical audits..

  Standardised financial documents..

  Periodic trial balances..

  Periodic reconciliations..

  Approval authority..

  What are the 6 internal controls?

  The six principles of control activities are: 1) Establishment of responsibility, 2) Segregation of duties, 3) Documentation procedures, 4) Physical controls, 5) Independent internal verification, 6) Human resource controls.