CONSIDERATION OF I

NTERNAL CONTROL IN
A FINANCIAL STATEM
ENT AUDIT
PSA 315
"Identifying and Assessing the Risks of Material Mi
sstatement Through Understanding the Entity and Its
Environment" establishes standards and provides gui
dance in obtaining an understanding of the accounti
ng and internal control system and on audit risk an
d its components: inherent risk, control risk, and
detection risk.
Nature and Purpose of Internal
Control
 PSA 315 (Clarified) paragraph 4 (c) defines inte
rnal control as the process designed and effecte
d by those charged with governance, management,
and other personnel to provide reasonable assura
nce about the achievement of the entity's object
ives with regard to reliability of financial rep
orting, effectiveness and efficiency of operatio
ns and compliance with applicable laws and regul
ations.
Those objectives fall into thre
e categories:
 Reliability of the entity's financial rep
orting
 Effectiveness and efficiency of operation
s
 Compliance with applicable laws and regul
ations
Internal control system defined
 Internal control system means all the policies
and procedures (internal controls) adopted by t
he management of an entity to assist in achievi
ng management's objective of ensuring the order
ly and efficient conduct of its business, inclu
ding adherence to management policies, the safe
guarding of assets, the prevention and detectio
n of fraud and error, the accuracy and complete
ness of the accounting records, and the timely
preparation of reliable financial information.
Elements of Internal Contr
ol
a. the control environment
b. the entity's risk assessment process
c. the information system, including the re
lated business processes, relevant to finan
cial reporting, and communication
d. control activities
e. monitoring of controls
A. Control Environment
Factors in control environment include:
•The function of the board of directors and it
s committees
•Management's philosophy and operating style
•The entity's organizational structure and met
hods of assigning authority and responsibility
•Management's control system including the int
ernal audit function, personnel policies and pr
ocedures and segregation of duties
1.Communication and Enforcement of Integrity and
Ethical Values
2.Commitment to Competence
3.Participation by those Charged with Governance
4.Management's Philosophy and Operating Style
5.Organizational Structure
6.Assignment of Authority and Responsibility
7.Human Resources Policies and Procedures
B. Entity's Risk Assessment Pro
cess
Risks can arise or change due to circumstances such as the
following:
•Changes in operating environment
•New personnel
•New or revamped information system
•Rapid growth
•New technology
•New business models, products, or activities
•Corporate restructuring
•Expanded foreign operations
•New accounting pronouncements
C. Information System, including the Busines
s Processes, Relevant to Financial Reporting
and Communication
 Initiate,record, process and report entity transactions (as well as
events and conditions) and to maintain accountability for the relate
d assets, liabilities, and equity
 Resolve incorrect processing of transactions
 Process account for system overrides or bypasses to controls
 Transferinformation from transaction processing systems to the gene
ral ledger
 Capture information relevant to financial reporting for events and c
onditions other than transactions, such as the depreciation and amor
tization of assets and changes in the recoverability of accounts rec
eivables
 Ensureinformation required to be disclosed by the applicable financ
ial reporting framework is accumulated, recorded, processed, summari
zed and appropriately reported in the financial statements
 Journal entries
 Related Business Process
 Application to Small Entities
D. Control Activities
Major categories of control procedures:
A. Performance Review
B. Information Processing Controls
(1.) Proper authorization or transactions and ac
tivities
(2.) Segregation of duties
(3.) Adequate documents and records
(4.) Safeguards over access to assets; and
(5) Independent checks on performance
C. Physical controls
Control activities related to the
processing of transactions may be
grouped as follows:

1. Proper authorization of transactions and

activities
2. Segregation of duties
3. Adequate documents and records
4. Access to assets
5. Independent checks on performance
C. Physical Controls
Controls that encompass:
>The physical security of assets, including adequat
e and safeguards suc as facilities over access to a
ssets and records.
>The authorization for access to computer programs
and data files.
>The periodic counting and comparison with amounts
shown on control records
E. Monitoring of Controls
 Managementmonitors controls to consider
whether they are operating as intended an
d to modify them as appropriate for chang
es in conditions.
Objective of the Study of Inter
nal Control
 To assess control risk below maximum
 To evaluate the effectiveness of controls
that have been placed in operation
Stages of Study and Evaluation
of Internal Control
Stage A. OBTAINING AN UNDERSTANDING OF THE ENTITY'S
INTERNAL CONTROL STRUCTURE

In planning the audit examination, each of the five

components of internal control must be studied and
understood by the auditor to enable him to (1)ident
ify types of potential misstatements;(2)consider fa
ctors that affect the risk of misstatement; and (3)
begin to design appropriate testing procedure.
Understanding the Control envir
onment
 Theauditor should obtain sufficient know
ledge of the control environment to under
stand management's and the board of direc
tor's attitude, awareness, and actions co
ncerning the control environment.
Understanding the Control Proce
dures
 The auditor should consider the knowledge about
the presence or absence of the control procedure
s obtained from the understanding of the control
environment and accounting system in determining
whether it is necessary to devote additional att
ention to obtaining an understanding of control
procedures to plan the audit.
Understanding the Accounting an
d Internal Control Systems
1. The major classes of transactions of the entity
2. How those transactions are initiated
3. What accounting records exist and their nature
4. How transactions are processed from initiation to completion,
including the extent and nature of computer use
5. The nature and details of the financial reporting process foll
owed.

Accomplished and documented by the narrative description of th

e system or by flowcharting.
The operation of the accounting information system is often de
termined by tracing one or a few through the system (called a tr
ansaction walk-through).
Documentation of Understanding
1. Internal Accounting Control Questionnaire
Advantages
1. They provide audit assurance that attention is given
to presence or absence of all controls listed and tha
t certain features of the system are not overlooked.
2. They provide a means of obtaining uniform documentat
ion of internal control system reviewed.
3. They provide inexperienced audit staff members with
guidance in performing internal control reviews.
4. They facilitate the early detection of potential wea
knesses in the system.
Disadvantages
1. Auditor may view the questionnaire devi
ce for accomplishing an automatic evaluation
of internal control.
2. Controls listed on questionnaires may n
ot suit the particular circumstances of a sp
ecific audit.
3. They auditor may overlook pertinent con
trol not included in the questionnaires.
2. Flowcharts
Advantages
1. Easily understood
2. Better overall picture or complex system
3. Parallels EDP documentation
4. It is easy to update

Disadvantages
1. Higher level of knowledge and training are required to pre
pare a good flowchart of a complex system.
2. Flowcharts take more time to prepare and require more know
ledge.
3. It is more difficult to spot internal control weakness.
3. Narrative Description
Advantages
1. Narrative is flexible and may be tailor-made for engagement.
2. Requires a detailed analysis and thus forces auditor to unde
rstand functioning of the system.

Disadvantages
1. Auditor may not have the ability to describe the system corr
ectly and concisely.
2. This may require more time and careful study.
3. Auditor may overlook important portions of internal control
system.
4. A poorly written internal accounting control narrative can le
ad to a misunderstanding of the system thus resulting in the imp
roper design and application of compliance tests.
4. Internal Control Checkl
ist
 Thechecklist basically provides only a g
uide to review the internal control of th
e auditee and does not represent a record
of the auditor's findings.
STAGE B. ASSESSING THE PRELIMINAR
Y LEVEL OF CONTROL RISK
The preliminary assessment of control risk for a fi
nancial statement assertion should be high unless t
he auditor:
(a) is able to identify internal controls relevant
to the assertion which are likely to prevent or det
ect, and correct a material misstatement
(b) plans to perform tests of control to support th
e assessment
Assessing Inherent Risk
At the Financial Statement Level
•The integrity of management.
•Management experience, knowledge and changes in management during the period
.
•Unusual pressures on management.
•The nature of the entity's business.
•Factors affecting the industry in which the entity operates.
At the Account Balance and Class of Transactions Level
•Financial statement accounts likely to be susceptible to misstatement.
•The complexity of underlying transactions and other events which might requi
re using the work of an expert.
•The degree of judgment involved in determining account balances.
•Susceptibility of assets to loss or misappropriation.
•The completion of unusual and complex transactions, particularly at near per
iod end.
•Transactions not subjected to ordinary processing.
STAGE C. OBTAINING EVIDENTIAL MATTER TO SUPPORT THE A
SSESSED LEVEL OF CONTROL RISK
 Test of Controls
(a)design of the accounting and internal control sy
stems, whether they are suitably designed to preven
t or detect and correct material misstatements
(b)operation of the internal controls throughout th
e period
STAGE D. EVALUATING THE RESULTS OF THE EVIDENTIAL MAT
TER

Factors to be considered include:

 The result of the interim tests.

 The length of the remaining period.
 Whether any changes have occurred in the accounting and i
nternal control systems during the remaining period.
 The nature and amount of the transactions and other event
s and the balances involved.
 The control environment, especially supervisory controls.
 The substantive procedures which the auditor plans to ca
rry out.
STAGE E. DETERMINING THE NECESSARY LEVEL OF DETECTION
RISK
 The auditor should assessed level of control ris
k (together with the assessed level of inherent
risk)to determine the acceptable level of detect
ion risk for financial statement assertions. The
auditor uses the acceptable level of detection r
isk to determine the nature, timing, and extent
of the