2. Amin Siddiki FCA
BSA 315: Understanding the Entity and its Environment
and Assessing the Risks of Material Misstatement
3. Amin Siddiki FCA
What is this It is a process
Designed &
effected by
Those Charged
with governance
Management Other personnel
Works for
To provide
reasonable
assurance
On
Reliability on
financial
reporting
Effectiveness and
efficiency of
operation
Compliance with
applicable laws &
regulations
Definition
4. Amin Siddiki FCA
Internal control is what we do to see that the things
we want to happen will happen …
And the things we don’t want to happen won’t
happen.
5. Amin Siddiki FCA
Internal Controls are everywhere:
You exercise internal control principles in your personal life
when you:
Lock your house when you leave
Keep copies of important papers in your safety deposit box
Balance your checkbook
Keep your ATM/debit card PIN number separate from your
card
Make travel plans
6. Amin Siddiki FCA
Those Charged with governance are the people
who direct the operations of the company.
In Bangladesh, Those charged with governance
and management are often one and the same
thing- the directors of a company
Those Charged with Governance
7. Amin Siddiki FCA
Internal Controls : Management View
Logically,
The More
Reliable a
System
More
Accurate
Output
More
Reliable
Information
Better
Decision
Making
8. Amin Siddiki FCA
Therefore management should be pleased to have good
systems because:
Financial information will be less prone to error
Good systems may play a part in fraud prevention
and detection
Good systems will help with safeguarding the assets
Internal Controls : Management View
9. Amin Siddiki FCA
Auditor Response : Internal Control
It really all about risk
Reduced Audit Risk
More Reliable
Information
10. Amin Siddiki FCA
Auditor Response : Internal Control
How judge whether a system is more or less reliable?
More
Reliable
Strong
Internal
Control
11. Amin Siddiki FCA
Primary Objectives of Internal Controls
1. Strategic: high-level goals and objectives, aligned with
and supporting the mission.
2. Operational: Effective and efficient use of resources.
3. Reporting: Integrity and reliability of reporting.
4. Compliance: Compliance with applicable laws and
regulations.
5. Stewardship:protection and conservation of assets.
12. Amin Siddiki FCA
Business analysis, program design or … think C.A.R.E.S.
• Compliance with applicable laws and regulations.
• Accomplishment of the entity’s mission (objectives and
goals).
• Relevant and reliable financial reporting.
• Effective and efficient operations.
• Safeguarding of assets.
13. Amin Siddiki FCA
Ultimate Objectives of Internal Controls
The objectives for internal control can be seen in the example.
They includes:
Minimising the company’s business risk
Ensuring the continuing effective function of the company
Ensuring the company complies with relevant laws and
regulations
14. Amin Siddiki FCA
Limitation of Internal Control
Expense:
Continual use of the control is more expenses
than the cost of risk arising
Human
element: Most controls can only functioned by human
being.
Unusual
transactions: Controls are designed to deal with what
normally or routine transaction in a business.
15. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
16. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
17. Amin Siddiki FCA
The control environment
• Establishes the tone of a
company,
• Influences the control
awareness of the employees.
Factors included within the
control environment are:
• Integrity, ethical values and
competence of employees
• Management philosophy and
operating style
• Assignment of authority and
responsibility
• The attention and direction
provided by the
board of directors (ie: Audit
committee)
Control Environment
18. Amin Siddiki FCA
Audit Committee
• A sub section of board of directors which
has a particular interest in the finance and
accounting activities of the company
Control Environment
19. Amin Siddiki FCA
Function of Audit Committee
Review the integrity of financial statements
Formal announcements of company performance
Review the internal financial control & risk assessment system
Monitor & review the effectiveness of internal audit function
Recommendation to the board in relation to the external auditor
Monitor the independence of the external auditor
Implement policy of non audit service by the external auditor
20. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
21. Amin Siddiki FCA
Risks are internal & external events (economic
conditions, staffing changes, new systems, regulatory
changes, natural disasters, etc.) that threaten the
accomplishment of objectives.
22. Amin Siddiki FCA
Risk Assessment Process
The Process by which management in a
business identifies business risk relevant to
financial reporting objectives & decides what
actions to take to address those risk.
23. Amin Siddiki FCA
Risk Assessment Process
Decide upon
action to
mange
Assessment
the
likelihood of
occurrence
Estimate the
impact of
risks
Indentify
relevant
business
risk
24. Amin Siddiki FCA
Considerati
on of Risk
assessment
recognition that every organization faces
risks to its success
recognition that the sources are internal and
external
identification, analysis and action
to achieve the company’s goals
use of cost-benefit analysis
Risk Assessment
25. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
26. Amin Siddiki FCA
Information System
Information System relevant to financial
reporting objectives includes the procedures
and records designed to initiate, record,
process and report entity transactions and to
maintain accountability for the related assets,
liabilities and equity.
27. Amin Siddiki FCA
Information System
Auditor will
be interested
in
The classes of transaction that are significant to the
entity
The procedures by which these transactions are
recorded and reported
The related accounting records and supporting
information
How the information system captures non financial
events
The process of preparing the financial statements
28. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
29. Amin Siddiki FCA
Control Activities
The policies and procedures that help ensure
that management directives are carried out.
30. Amin Siddiki FCA
Tools - policies, procedures, processes -designed and
implemented to help ensure that management directives are
carried out.
Help prevent or reduce the risks that can impede the
accomplishment of objectives.
Occur throughout the organization, at all levels, and in all
functions.
Includes training, approvals, authorizations, verifications,
reconciliations, security of assets, reviews of operating
performance, and segregation of duties.
Types of Controls
Preventative
Detective
31. Amin Siddiki FCA
Authorisation Approval & Control of document
Performance Review Reconciliation
Information Processing Checking arithmetical accuracy
Physical Control Physical counting of inventory
Segregation of duty More person involve in one
accounting process
Control Activities
32. Amin Siddiki FCA
Components of Internal Control
Control
Environment
Risk
Assessment
Information
System
Control
Activities
Monitoring
of Controls
33. Amin Siddiki FCA
Monitoring of Control
Internal control systems must be monitored to assess their
effectiveness… Are they operating as intended?
Ongoing monitoring is necessary to react dynamically to
changing conditions… Have controls become outdated,
redundant, or obsolete?
Monitoring occurs in the course of everyday operations, it
includes regular management & supervisory activities and
other actions personnel take in performing their duties.
Periodic testing can be done by the process owner, internal
audit and external audit.
34. Amin Siddiki FCA
Weak Internal Controls Increase Risk Through…
Business Interruption - system breakdowns or catastrophes, excessive re-
work to correct for errors.
Erroneous Management Decisions - based on erroneous, inadequate or
misleading information.
Fraud, Embezzlement and Theft -by management, employees, customers,
vendors, or the public-at-large.
Statutory Sanctions- penalties arising from failure to comply with
regulatory requirements, as well as overt violations.
Excessive Costs/Deficient Revenues - expenses which could have been
avoided, as well as loss of revenues to which the organization is entitled.
Loss, Misuse or Destruction of Assets -unintentional loss of physical
assets such as cash, inventory, and equipment.
35. Amin Siddiki FCA
Benefits from Strong Internal Controls
Reducing and preventing errors in a cost- effective
manner.
Ensuring priority issues are identified and addressed.
Protecting employees & resources.
Providing appropriate checks and balances.
Having more efficient audits, resulting in shorter
timelines, less testing, and fewer demands on staff.
37. Amin Siddiki FCA
1. Separation of Duties
Divide responsibilities between different employees so one
individual doesn’t control all aspects of a transaction.
Reduce the opportunity for an employee to commit and
conceal errors (intentional or unintentional) or perpetrate
fraud.
38. Amin Siddiki FCA
2. Documentation
Document & preserve evidence to substantiate:
Critical decisions and significant events...typically involving
the use, commitment, or transfer of resources.
Transactions…enables a transaction to be traced from its
inception to completion.
Policies & Procedures…documents which set forth the
fundamental principles and methods that employees rely on
to do their jobs.
39. Amin Siddiki FCA
3. Authorization and Approval
1. Management documents and communicates which
activities require approval, and by whom, based on the
level of risk to the organization.
2. Ensure that transactions are approved and executed only
by employees acting within the scope of their authority
granted by management.
40. Amin Siddiki FCA
4. Security of Asset
Secure and restrict access to equipment, cash, inventory,
confidential information, etc. to reduce the risk of loss or
unauthorized use.
Perform periodic physical inventories to verify existence,
quantities, location, condition, and utilization.
41. Amin Siddiki FCA
5. Reconciliation & Review
Examine transactions, information, and events to verify
accuracy, completeness, appropriateness, and compliance.
Base level of review on materiality, risk, and overall
importance to organization’s objectives.
Ensure frequency is adequate enough to detect and act upon
questionable activities in a timely manner.