ACCA AA Syllabus C. Internal Control - The 5 components of Internal Control - Notes 2 / 2
There are 5 key components of an internal control system
These are
Control Activities
Risk Assessment
Information Systems
Monitoring of Controls
Strong Control Environment
Control Activities
This includes all procedures designed to ensure management directives are carried out
Approval and Control of Documents
Documents should be approved by an appropriate person. For example, wages calculations and payments should be approved by a senior manager.
Controls over IT
Passwords, usernames, back-ups and any other appropriate controls should be in place.
Reconciliations
Key account balances such as bank and debtors should be reconciled on a regular basis.
Arithmetical Accuracy
Items such as invoices etc should be checked to ensure they are arithmetically correct.
Control Accounts
Control accounts for accounts such as wages, PAYE, VAT should be maintained.
Restricted access to physical assets
Only authorised staff should have access to certain areas of the business such as valuable or sensitive assets.
Compare physical counts with accounting records
Items such as cash and inventory should be counted periodically and compared to the amount in the accounting records.
Segregation of Duties
Responsibilities should be divided to reduce the risk of fraud and error by employees
- Audio Player
Risk Assessment
The auditor should understand how management assess risk and how they take action to mitigate risks discovered
Management should be undertaking regular risk assessments to ensure that all risks are identified and mitigated.
Information System
The auditor must ‘obtain an understanding of the information system, including the related business processes, relevant to financial reporting.’
The auditor must decide what areas of the information system are relevant to the financial reporting of the entity and only concentrate on those systems.
The ISA defines these areas as:
The classes of transactions in the entities operations which are significant to the financial statements.
The procedures, within both IT and manual systems, by which those transactions are initiated, recorded, processed and reported in the financial statements.
The related accounting records, whether electronic or manual, supporting information and specific accounts in the financial statements, in respect of initiating, recording, processing and reporting transactions.
How the information system captures events and conditions other than classes of transactions, that are significant to the financial statements.
The financial reporting procedure used to prepare the entities financial statements, including significant accounting estimates and disclosures.
This is a key area to the exam as a question will often require you to understand business systems in a scenario. Read and ensure you understand the above areas.
- Audio Player
Monitoring of Controls
Controls may be monitored either by management or by the internal audit function if one exists.
The auditor may be able to rely on some of the work of internal audit as we will see later, but must first gain an understanding of how controls are monitored and how effective the monitoring is.
The Control Environment
The control environment refers to the framework around which the controls of the organisation operate.
Management attitude will largely determine the nature of the control environment.
ISA 315 requires the auditor to consider the following aspects:
Communication and enforcement of integrity and ethical values.
Commitment to competence.
Participation of those charged with governance.
Management philosophy and operating style.
Organisational structure.
Assignment of authority and responsibility.
Human resources policies and practices.
- Audio Player