Control Environmen t

Risk Assessment

Objective

Control Activities

Information and Communicatio n

Monitoring

By:

The umbrella for the other 4 component

With out the Control Environment the other four components

are unlikely to result in effective internal control regardless of their quality.

Control Environme nt
The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.
To understand and assess the control environment, auditors should consider the most important control subcomponents.

Control Environment

Integrity and ethical values

are the product of the entitys ethical and behavioral standards, as well as how they are communicated and reinforced in practice.

Commitment to competence

Competence is the knowledge and skills necessary to accomplish tasks that define an individuals job.

Board of directors or audit committee participation

The board of directors is essential for effective corporate governance because it has ultimate responsibility to make sure management implements proper internal control and financial reporting processes.

Managements philosophy and operating style

Human resource policies and practices

Organizational structure

Control Environmen t

Control Activities

Information and Communicatio n

Monitoring

This is managements assessment of the risk factors related to the preparation of the financial statements inconformity with appropriate accounting standards.

Risk Assessment
Identify factors that may increase risk Estimate the significance of the risk Assess the likelihood of the risk occurring Determine actions necessary to manage the risk

Control Environmen t
Risk Assessment

3)
Information and Communicatio n

Monitoring

Control activities are the policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entitys objectives.
Adequate separation of duties Proper authorization of transactions and activities Adequate documents and records

Physical control over assets and records

Independent checks on performance

Custody of assets Authorization of transactions

from from

Accounting The custody of related assets

Operational responsibility
IT duties

from
from

Record-keeping responsibility
User departments
1011

Transaction General Authorization Approval Management establishes policies and Policies subordinates are instructed to implement

these general authorizations by approving all transactions within the limits set by the policy.

Specific authorization applies to

individual transactions

Documents and records are the records upon which transactions are entered and summarized.

Documents and records should be:

Prenumbered consecutively

Prepared at the time of transaction

Designed for multiple use Constructed to encourage correct preparation

To maintain adequate internal control, assets and records must be protected.

The most important type of protective measure for safeguarding assets and records is the use of physical precautions

The need for independent checks arises because internal control tends to change over time, unless there is frequent review.

Control Environmen t
Risk Assessment

Control Activities

4)

Information and Communicatio n

Monitoring

Control Environmen t
Risk Assessment

Control Activities

Information and Communicatio n

5)

 Identify factors that may increase risk Estimate the significance of the risk Assess the likelihood of the risk occurring

Determine actions necessary to manage the risk

1021

1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance
1022

Custody of assets Authorization of transactions Operational responsibility IT duties

from from from from

Accounting The custody of related assets Record-keeping responsibility User departments

1023

Transaction Approval Policies

General Authorization

Specific Authorization

1024

 Prenumbered consecutively Prepared at the time of transaction Designed for multiple use

Constructed to encourage correct preparation

1025

The most important type of protective measure for safeguarding assets and records is the use of physical precautions.

1026

The need for independent checks arises because internal control tends to change over time, unless there is frequent review.

1027

The purpose of an accounting information and communication system

Initiate Record Process

1028

Report transactions

Maintain Accountability for Related Assets

Monitoring activities deal with managements ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and modified when needed.

1029