Topic 4:

INTERNAL CONTROL
SYSTEM (ICS)
NURUL AZIRAH BINTI MOHD WAZIR

Department of Accounting and Finance (DAF,FBMP)

1
At the end of this topic, students should be able to:

q Discuss various characteristics and components of

internal control system (ICS)
q Explain the importance and limitations of ICS
q Describe the Letter of Weaknesses (L.O.W)

2
 DEFINITION OF ICS

• Process or system to control the operating, financial and

management in order to:

1) to carry on the business of the enterprise in orderly

and efficient manner

2) To ensure adherence to mgt policies

3) To safeguard the assets

4) To prevent and detect fraud & errors

5) To ensure the completeness and accuracy of the

records
3
 COMPONENTS OF ICS (CICEM)/
FEATURES OF GOOD ICS

Contr
ol
enviro
nment Informa
tion &
Monitoring commu
nication
system

Entity’s Contr
Risk
ol
assess
ment proce
process dures 4
 1- Control environment
• Consists of actions, policies & procedures.

• It reflects the overall attitudes of top mgt,

directors & owners of an entity about IC.

• Factors that may affect it:

1) Integrity & ethical values of the mgt

2) Mgt commitment to competence
3) Participation of the BOD
4) Organization structure
5
 2- Information &
Communication system

• Methods & procedures used to initiate, record

process & report transactions

• The communication maintain the accountability

of individual roles & responsibilities

• The communication important to record all

transaction to BS

6
 3- Control procedure/activity

• Policies & procedures is important to:

1) Help mgt achieve their objectives and
aims
2) Reduce the risks

• The control activity generally relates to:

1) Segregation of duties
2) Information processing
3) Physical control
4) Performance review

7
 4- Entity’s risk assessment
process
• The process that the entity identifies & manages
its business risks

• Risk assessment for financial reporting may cover:

1) identification of risks
2) analysis & mgt of risks
3) risk that relevant to the preparation of FS

8
 5- Monitoring

• It is possible action taken to maintain the

quality IC performance

• It is part of mgt ongoing assessment and

periodic assessment

9
 CHARACTERISTICS OF
GOOD ICS (MOSSPAPA)
Management perform independent checks on performance

Organizational structure

Segregation of duties

Supervision

Physical control over assets and records

Arithmetic & accounting

Personnel hiring & training policy

10
Authorization & approval
 Management perform independent
checks on performance

• Mgt is responsible for devising & maintaining

the system of IC

• Review on adequacy of IC is need to be

performed on regular basis to ensure that all
controls are operate effectively

• For example : Regularly observes and

evaluate the personnel performance
11
 Organizational structure

• Mgt create organizational structure to:

1) facilitate delegation of duties

2) coordination of activities
3) control the actions of its employees

• Example = organizational chart used to

identify who is responsible towards certain
area and official title of person in charge
12
 Segregation of duties

• Not only one person sees the transactions

from the beginning till the end

• Example:
1) different person in charge in
authorization of transaction
2) different person on recording and
custody the assets

13
 Supervision

• Supervision should be carried out on regular

and continuous basis

• Example:
1) work done by clerk should be supervise
by his supervisor
2) Manager supervise officer

14
 Physical control over assets
and records
• The use of physical precautions prevent:
1) unauthorized access to physical
assets
2) alteration to documents and records

• Example:
1) Cash kept under lock & key
2) Inventories kept in store room
3) Use ID for access the documents

15
 Arithmetic & accounting

• Transactions are correctly & accurately

recorded & processed

• Example:
1) Adequate chart of accounts
2) System manual preparation of monthly
bank reconciliation
3) Sales ledger control accounts
16
 Personnel hiring & training policy

• The company should employ competent,

honest and qualified staff.

• Training programmes should be conducted

for new recruitment and experienced staff

17
 Authorization & approval

• Only VALID transactions are recorded.

Transactions perform are according to the
specific authorization.

• Policy on cash payment that more than RM

10k must be approved only by 2 officers.

18
 LIMITATION OF IC
• IC can only provide reasonable assurance that mgt
objectives are attained.

• The IC are effective in reducing error & fraud only to

certain extent, due to inherent risk.

• Example:
1) Fraud done by employees
2) Personnel errors and mistakes
3) IC procedures become inadequate due to
changes in company activities and policies
19
 IMPORTANCE IC TO
MANAGEMENT
• IC provides an alternative to mgt to meet its goal
and aims

• The IC system ensure that information generated

for DM is reliable

• Effective IC can provide assurance that assets:

1) Safeguarded from unauthorised used
2) Safeguarded from disposition
3) Reliably records
20
 IMPORTANCE IC TO
AUDITOR
• Auditor need to understand the IC system of an
entity in planning the audit

• If IC is strong, the FS & other data generated by

entity is more reliable. Thus, auditor possibly will
reduce substantive test

• If the IC is weak, the auditor needs to perform more

substantive test & detailed checking during audit.

21
 WHO IS RESPONSIBLE
TO MAINTAIN ICS?

• Auditor will only evaluate & ascertain the ICS

in deciding the level of testing required.

• A good ICS will reduce the amount of audit

work required
22
 REASONS FOR AUDITORS
TO UNDERSTAND CLIENT’S IC

• To obtain info about integrity of mgt

• To obtain info about the nature & extent of
available accounting records
• To identify the types of potential errors & fraud
that might affect the FS
• To assess control risk
• To plan & design the appropriate audit test

23
 RELATIONSHIP OF IC & AUDIT
EVIDENCE

• Effective IC reduces planned audit

evidence in the audit of FS
1) Types of potential misstatements
2) risk of material misstatements

• Once audit of IC completed, auditor

can use the results to determine the
nature, timing & extent of audit
procedure
24
 REVIEW OF THE CLIENT’S IC
SYSTEM

1) Update & evaluate auditor’s previous

experience with the entity
2) Make inquiries of client personnel
3) Examine client’s documents & records
4) Observe client procedures/ activities/
operations
5) Perform walkthrough test

25
 DOES ENTITY SIZE
AFFECT IC?
LARGE ENTITY (COMPLEX) SMALL ENTITY (SIMPLE)

Able to implement IC in Difficult to implement IC in

formal manner formal manner

Less effective More effective

communication channel communication channel

Less effective monitoring More effective monitoring

procedures procedures

26
 LETTER OF WEAKNESSES
(L.O.W)

ü auditor have to inform client on any

material IC weaknesses identified
during audit.

ü Auditor need to sent a L.O.W to

management explaining the weakness
and recommendation

27
 CONTENT OF L.O.W

1) Purpose of the letter

2) Purpose of the IC investigation
3) List of weaknesses
4) Recommendation for improvements

28
 SUMMARY

q IC is important for the effective

operation of entity

qThe auditor must obtain an

understanding of the IC structure to
effectively plan the audit

29
 QUESTION

Explain the basic control necessary for

the validity, completeness & accuracy of
the accounting records?

30