Internal Control

 Process designed, implemented, and maintained by those charged with

governance, management, and other personnel to provide reasonable assurance
about the achievement of an entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance
with applicable laws and regulations

4 Essential concepts:
 Process – means of achieving entity’s objectives
 Reasonable assurance – entity sure that they will reasonably meet company’s
achievements
o Reason: because there is inherent limitation (e.g. cost of placing control >
benefits, do not employ control)
 Achievement of entity’s objectives
o Reliability of financial reporting – Financial statements should be reported
according to standards (e.g. IFRS)
o Effectiveness and efficiency of operations
o Compliance with applicable laws and regulations – do the company follow
the laws? If yes, internal control is strong.

Management vs Governance
 Management – responsible on control/conduct of operations
 Governance – strategic task of setting the organization's goals, direction,
limitations and accountability frameworks

Internal Control – Objectives

 Safeguard assets of the firm
 Ensure accuracy and reliability of accounting records and information
 Orderly and efficient conduct of business (including adherence to internal
policies)
 Prevention and detection of fraud and error
 Timely preparation of financial information
2
Preventive, Detective, and Corrective Controls

 Preventive Control
o First line of defense (passive techniques)
 If there is undesirable event, it will confront it first
o More cost-effective than detective and corrective controls
 You invest in preventive controls to reduce costs to be incurred to
detective and corrective controls
 More costs to be incurred if only corrective controls are present
because of mistakes
 Detective Control
o Second line of defense
o Identify and expose undesirable events that elude preventive control
(those that slipped through preventive control)
o Examples: cash count, physical inventory check
 Corrective Control
o Reverse effects of detected errors
o Example: correcting entries, correcting false/illegal transactions done by
employees, disciplinary actions against erring employees, restoration of
backup data

Components of Internal Control

 Control environment
o Foundation for the other four control components
o Elements:
 Integrity and ethical value of management
 Structure of the organization
 Participation of organization’s BOD and audit committee
 Management’s philosophy and operating style
 Procedures for delegating responsibility and authority
 Management’s methods for assessing performance
 External influences, such as examinations by regulatory agencies
 Risk assessment
o Identify, analyze, manage risks relevant to financial reporting
 Risk is inherent, that’s why there is need for internal control to
address such risks
o Circumstances:
 Changes in the operating environment that impose new or changed
competitive pressures on the firm

3
  New personnel who have a different/inadequate understanding of
internal control
 New/reengineered information systems that affect transaction
processing
 Significant and rapid growth
 Implementation of new technology into the production process or
information system
 Introduction of new product lines, etc.
 Information and communication
o Consists of records and methods used to initiate, identify, analyze,
classify, and record the organization’s transactions and to account for the
related assets and liabilities
o Effective Accounting Information System:
 Identify and record all valid financial transactions
 Provide timely information about transactions in sufficient detail
 Accurately measure the financial value of transactions
 Control activities
o Policies and procedures used to ensure that appropriate actions are taken
to deal with association’s risk
 Physical controls (human intervention) – human activities employed
in accounting systems
 Custody of assets
 Use of computer (as long as humans use it)
 IT Controls
 General Controls (backup of files)
 Application Controls (specific transactions)
 Monitoring

4
5