Internal control:
/ operational audit: control whether the results of activities of
-done by int. auditors
-indispensable element
-elaborates what shouldn’t be done
-main duty is detect errors frauds
-COSO(committee of sponsoring org) is ordering, management,
coordination of the works, mechanism that regulates or directs the
operation of system.
-according to coso, there is a need for predetermined obj. (purpose)
functions of management:
-planning, organization, execution, coordination, control
definition of inter. control by coso: int cont is generally effected by the
entity’s board of directors. It is a process designed to provide reasonable
assurance ab. the achievement of objectives regarding effectiveness of
oper., reliability of fin. reporting, compliance with laws.
purpose of int control: is protect the assets of the bank, to ensure
effectiveness, in accordance with laws, ensure reliability. Carried out by
the administration. Definition is a mix of COSO and AICPA
Auditing is the accumulation and evaluation of evidence about info to
determine and report the degree of correspondence bet ween info and
established criteria.
Auditing should be done by a competent and independent person
To do an audit, there must be a info verifieb by FASB and IASB
Evidence: transaction data, commun with outsiders, observations, client
testimony
Final stage is reporting
Auditing vs accounting: acc is recording, classifying and summarizing
events to provide fin info for dec. making. Auditing focuses on recorded
info is correct or not.
Info risk: possibility that info used to decision making was inaccurate.
Auditing reduces info risk.
--Causes of info risk: --
remoteness of info(dec makers don’t have firsthand knowledge)
Biases and motives of the provider
Voluminous data
Complex exchange transactions
--reducing info risk—
User verifies info: go to business and verify
User shares info risk with mngement
Audited fin st are provided: external auditors
--primary types of audits performed by CPA’s—
-operational audit: evaluate efficiency and effectiveness
-compliance audit: following procedures, regulations or not
-fin st audit: whether in accordance with us gaap or ifrs
--int aud.
Internal auditors: buss org. reach the goals and objectives and resources are used
Commonly perform compliance audit. They report to committee of board effectively
of directors to remain independent. int control vs int audit:
int control is a process operated under the responsibility of employees at
Requirements for becoming cpa: all levels. It exist whether the business type, bakkal vs her şeyde
-education -uniform CPA examination provides reasonable assurance
-experience But int audit isn’t essential for business. Iş büyüdükçe int aud
gereksinimi artar. Institutionalization için en önemli tool.
Activity created in bus. to improve and add value. can be from outside
Audit concept:
-assertions Int control vs independent audit:
-collecting audit evidence --are disclosed to collect public evidence in an impartial and systematic
-correspondence with standards approach in order to compliance of the fin info presented in fin st. with
-whether assertions are correct or not the gaap/ifrs and evaluate results, present their opinions ab. the accuracy
-audit reports of in info in the form of report.
--an independent auditor must obtain information about the operating
In first statement, aud. Investigates whether the fin st are prepared in conditions of the entity and its relations with its environment to apply
accordance with rules, and in second statements investigates whether the additional indep. audit tekniks to identify the risk of mat. missta.
acc system meets the criteria of efficiency and reliability --collects info ab risk assessm. Methods including its int control system
and analyze info, reveal material errors and other info presented my mng.
Auditor Types: -- takes into acc possibilities of risk and tries to reach prof. judgement
-independent/external auditors --within scope of risk asses. determine the degree of materiality, evaluate
-internal auditors they’re in accordance with obj of business or not
-govt auditors --tries to determine the internal control risk by conducting continuous
internal control tests and in this context.
--independent: cpa’s, smmm(kgk/pcaob certificate) -- IAASB within IFAC determines the criteria and regulate the
responsibilities of indep audi. It adopted the int cont approach COSO.
--govt auditors: --indep auditors are responsible for notifying the mngment regarding the
-state supervisory board: works by order of the president, conduct inadequacy of int cont.
examinations, researches -- int control deficiency görürse, önemli mi değil mi, önemliyse mng
-turkish chart of acc audit (TCA): responsible for the effective, bilgilendir
economic, efficient and lawful functioning of public administrations
-inspection boards affiliates to ministries (devlet denetleme kurumu) with Control example: first stage: fireproof properties? Nerede falan. Second
approval of the minister stage: Çalışanlar nerede oldugunu, nasıl kullanıldıgını biliyor mu. Third
-turkish ombudsman institution: with the law, stage: bunlara ragmen mng will take out insurance policy
All acts of administration are in working area
With a private budget with understanding of justice based on human Int control under corp. govt. principles
rights OECD (org. for development)
-regulatory and supervisory boards: bddk, spk,kgk to regulate, supervise, The main task of this organization is to support policies for: contributing
monitor the org to econ. growth at sustainable level, increasing the standard of living,
developm. of world econ. promote well-being, equality, opportunity and
--internal auditors-- is the person who reports to a management unit that well being for all.
will evaluate the results of the audit actions carried out within the Good governance (corporate governance) helps create the climate of trust
business organization in the most effective way within the organization. --It has been accepted as one of the 12 important standards. These
Int audit deals with both fin and non-fin transactions. principles also form the basis for a comprehensive program of
--int aud./ Fin st. audit: investigates the accuracy and reliability of the cooperation between OECD member countries and non-OECD countries,
acc info that forms the basis of fin st. detection and prevention of errors and reinforce the corporate governance element of the World Bank/IMF
and frauds. Reports on the Observance of Standards and Codes (ROSC).
--int aud./ compliance audit: measure the compliance of business --ensure liability of reporting and contr. Systems and board of directors
activities with the policies, procedures, laws determined by mng. sets clear lines of responsibility. (boards of dire.: it should ensure
controls can be carried out approp. by top mng. Its achieved by internal
audit, reporting directly to board (audit committee)

Int. contr. models and approaches wordwide
Historical Definitions and Evolution:
AICPA's 1949 definition focused on asset protection, data accuracy,
activity execution, and policy adherence.
AICPA revised it into administrative and accounting control components.
SAS 55 (1988) defined internal control with three components.
COSO's SAS 78 emphasized financial statement reliability.
Global Adoption:
COSO's definition adopted worldwide by various organizations and
countries.
Including England (Cadbury, Greenbury, Hampel, Turnbull Reports),
France (Vienot Report), Netherlands (Peters Report), and others.
Adopted by IFAC, GAO, INTOSAI, BIS (BCBS), CICA, ISACF
(COBIT), SEC, British Treasury, and J-SOX Regulation in Japan.
Role and Importance:
Turnbull Report (England) highlights internal control's role in managing
risks for business objectives.
Strong internal control protects assets, enhances operational
effectiveness, ensures reporting reliability, and aids in compliance.
Internal control, as defined by IFAC and INTOSAI, ensures financial
reliability, operational effectiveness, and regulatory compliance.
The Basel Committee emphasizes continuous control processes involving
all levels of management.
COBIT and SAC Report align with COSO, defining internal control as
policies and procedures for goal achievement and risk prevention.
Regulatory standards from the British Treasury focus on efficiency,
compliance, and risk management.
The Institute of Internal Auditors stresses the importance of effective
internal control for confident business advancement and resource
preservation.
Overall, COSO's control model, widely adopted by U.S. and international
regulatory agencies, sets the global standard for internal control practices.
Misconceptions and facts on int control:
Facts: most imp element, reasonable assurn.
Emp. at all levels, human element so always possibility that controls will
be ineffective
Not a panacea(her derde deva)
Internal controls act as early warnings for management decisions amidst
external factors.
They enhance accuracy in commercial and economic decisions.
Internal controls aid in fraud detection and prevention.
They provide crucial evidence for audits but don't ensure perfect
financial reporting.
Fraudulent financial reporting often involves senior executives bypassing
controls.
Periodic controls ensure legal compliance but can't guarantee adherence.
Employees may still violate internal controls, limiting their effectiveness.
Despite limitations, internal controls offer stakeholders reasonable
assurance.
While providing reasonable assurance, internal controls are not error- Control Environment: Establishes standards, processes, and structures for
proof. internal control.
Risk Assessment: Identifies and manages risks associated with business
Misconceptions: objectives.
-int control always starts with written policies and procedures Control Activities: Implements policies and procedures to mitigate risks
-int cont. is a job that should be done by int auditors (every employee) effectively.
-int control is just a fin issue Information and Communication: Ensures effective exchange of
-int control tells you what not to do (ensures job done accurate) information within the organization.
-waste of time (part of job, process) Monitoring: Observes processes and implements necessary changes for
-must be built on buss activities (places inside processes not over them) adaptability.
- if int contr are strong, no possib. of committing fraud, Interrelationships:
Aims: achievement of its profitability goal, ensure effective operation,
reduce risk of asset losses, ensure reliability All components and principles interact and are interdependent for
effective internal control.
Fraud triangle: The control environment is influenced by various internal and external
-pressure: debt, revenge, bad habits, passion for luxury, econ troubles factors.
-opportunity: weak int contr, uneffec. aud, lack of corp governance It provides discipline and order, supporting risk assessment, control
-rationalization: everyone is doing the same, I wasn’t promoted, actions, information exchange, and monitoring.
Constraints that affect the probability of success of int cont:
-mng and staff omissions and violations
-top mng’s ineffectiveness of int cont.
-acting jointly
-cost
1) the judgements of bus. mngers during dec making may be wrong or all
emp may make simple mistakes
2) two or more emp.’s can override contr. by colluding with each other
3) mng’s ability to override internal cont. is always present
Goals of int control:
-operational objectives: effectiveness, efficiency, performance, protection
against losses
-reporting objectives: fin and nonfin reporting, reliability, timeliness,
transparency
-compliance objectives: org’s adherence to laws and regulations
Relationship bween objectives and components:
Internal Control Components and Principles:
Seventeen principles stem directly from components for effective internal
control.
An effective system reduces the risk of failing to achieve objectives to an
acceptable level.
All components and associated principles must be available and
operational for effectiveness.
Constraints and Requirements:
Internal controls act as early warnings but cannot guarantee success.
Despite limitations, controls offer reasonable assurance regarding
operations, financial reliability, and legal compliance.
Management must address constraints like human judgment errors and
external events.
COSO Components and Principles: