Principles of Auditing - Chapter - 3
Principles of Auditing - Chapter - 3
Principles of Auditing - Chapter - 3
1. Operations objectives, such as performance goals and securing the organization’s assets against fraud, focus on
the effectiveness and efficiency of your business operations.
2. Reporting objectives, including both internal and external financial reporting as well as non-financial reporting,
related to transparency, timeliness and reliability of the organization’s reporting habits.
3. Compliance objectives are internal control goals based on adhering to laws and regulations that the organization
must comply with.
Components of Internal Control System
2. Risk Assessment—is a process used to identify, assess, and manage risks to the achievement of the entity’s
objectives.
3. Control Activities—are actions performed under the direction of management, as directed by an entity’s policies
and procedures, to mitigate the risks to the achievement of the entity’s objectives.
4. Information and Communication—is the distribution of information needed to perform control activities and
to understand internal control responsibilities to personnel internal and external to the entity.
5. Monitoring Activities—are on going evaluations of the implementation and operation of the five components of
internal control.
Components of Internal Control
1. Control Environment
Refers to the actions, policies, and procedures that reflect the overall attitude of the client’s top management, directors, and
owners of an entity about internal control and its importance, such as:
2. Risk Assessment
3. Control Activities
Following policies and procedures.
Improving security of applications and networks.
Conducting application change management.
Planning business continuity and backups.
Performing outsourcing.
Components of Internal Control
5. Monitoring
Performing the continuous monitoring of internal control activities.
Conducting separate evaluations.
Reporting deficiencies.
Limitations of Internal Controls
No matter how well the internal controls are designed, they can only provide reasonable assurance that objectives
following limitations:
1. Judgment Errors: The effectiveness of controls will be limited by decisions made with human judgment under
2. Breakdowns: Even well designed internal controls can break down. Employees sometimes misunderstand
instructions or simply make mistakes. Errors may also result from new technology and the complexity of
3. Management Override: High level employees may be able to override the company’s internal
control policies and procedures for personal gain or advantage.
4. Collusion: Two or more employees acting collectively can alter the financial data or other
management information in a manner that cannot be identified by control systems.
5. Limited Resources: A company that has limited resources may decide that certain controls are
too costly to implement. Controls that cost more than the benefit they are expected to give are not
worth having if the company has limited resources.
Evaluation of Internal Control System
To evaluate the internal control system, the company auditor should follow the below given steps:
1. Interview Management
Interview questions should include:
Why the owner created certain internal controls,
What the controls are for,
Do managers understand the purpose of the controls and
What corrective measures are taken when a control violation is found.
Managers who are consistently absent from creating or reviewing internal controls can signal a careless
environment where employees may abuse company operations.
Evaluation of Internal Control System
2. Interview Employees
Auditors use employee interviews to determine how well individuals are trained for their jobs.
The interviews can also shed more light on how well business owners and managers educate
employees on the importance of safeguarding business operations.
Auditors may ask employees:
what is their job responsibility,
how do they protect the company’s business and financial information,
have they been given a manual outlining the company’s standard operating procedures and
who is responsible for reviewing the employee’s completed work.
Evaluation of Internal Control System
4. Test of Controls
Auditors often test a company’s internal controls by reviewing operational information.
Testing internal controls generally relates to the company’s financial and accounting
operations
Auditors select a sample of information and test it against the company’s standard
operating procedures or national accounting standards.
This process ensures employees are not abusing a company’s financial information by
committing fraud or embezzlement. (theft/misappropriation).
Recommendations To Improve Internal Control
ANSWER: C
Practice Test 2
Which of the following category of internal control objectives ensure that a company abides by the
rules and regulations of the Ministry of Labor?
A. Operations objectives
B. Reporting objectives
C. Compliance objectives
D. None of these
ANSWER: C
Practice Test 3
Which component of internal control sets the “tone at the top” that highlights the management
philosophy and operating style?
A. Risk Assessment
B. Control Activities
C. Monitoring
D. Control Environment
ANSWER: D
Practice Test 4
Operational deficiencies are identified and reported under which component of Internal Control?
A. Control Environment
B. Control Activities
C. Information and Communication
D. Monitoring
ANSWER: D
Practice Test 5
JBM Company’s CEO Mr. Khalid instructed the Head Accountant to record its PPEs (Property, Plant
and Equipment's) at fair value in order to overstate the total assets, which is a clear violation of the
accounting standards. Which limitation in Internal Control is best described in this case?
A. Breakdowns
B. Management Override
C. Judgment
D. Limited Resources
ANSWER: B
Practice Test 6
Ali, a cashier of GB Trading needed money for his holidays. So he connived with the
accountant that the cash collection for the day will not be recorded in the books.
Which inherent limitation of internal control is best described in this case?
A. Management Override
B. Collusion
C. Breakdowns
D. All of these
ANSWER: B
Glossary
Assignment of authority and responsibility- the entity’s personnel should have a clear understanding of the entity’s objectives,
how their individual actions interrelate and contribute to those objectives and how and for what they will be held
accountable.
Board of directors and audit committee participation- the BOD and audit committee guide and oversee the entity. They
monitor the entity’s operation and progress for authorizing certain activities, for providing advice to management and for
overseeing internal control and financial reporting.
Collusion - Two or more employees acting collectively can alter the financial data or other management information in a manner
that cannot be identified by control systems.
Commitment to competence- is the knowledge and skills necessary to accomplish tasks that define an individual job.
Management considers the competence levels necessary for particular jobs and to use employees with appropriate skills and
knowledge for each job.
Control activities- are the policies and procedures management establish to address risks that might prevent the entity from
achieving its objectives.
Glossary
Control Environment - sets an organization’s tone by influencing the control consciousness of its people. It reflects the
overall attitude, awareness and actions of the board of directors, management, employees and other concerning the
importance of control and the emphasis it is given in the entity.
Human resource policies and practices- an entity’s ability to employ sufficient, competent personnel to accomplish its
objectives. Policies and practices concerning hiring, training, evaluating, promoting and compensating employees.
Information and Communication- the financial reporting information system, which includes the accounting information
system, consists of the methods and records establish to identify, assemble, analyze, classify, record, and report entity
transactions and to maintain accountability for the related assets and liabilities.
Information processing- these control activities are used to check the authorization, accuracy, and completeness of
transactions.
Integrity and ethical values- are management’s value judgments, preferences, and management style. They form the set of
moral and behavioral standards that management adheres to.
Glossary
Internal Control - is the process designed and effected by those charged with governance, management, and other personnel to
provide reasonable assurance about the achievement of the entity’s objectives concerning the reliability of financial
reporting, effectiveness, and efficiency of operations and compliance with applicable laws and regulations.
Management Override - is the intervention by managers in handling financial information and making decisions contrary to
Management philosophy and operating style- auditor considers management’s method for taking and monitoring business risk.
Monitoring- the process of assessing the quality of internal control over time. Monitoring can be done through ongoing activities
or separate evaluations. Ongoing monitoring procedures are built into the normal recurring activities. Separate evaluations
Organizational structure- is the form and nature of its subunits and the management functions and reporting relationships. It
affects how authority and responsibility are assigned within the entity (centralized or decentralized)
Glossary
Physical controls- these activities encompass the physical security of assets, including adequate safeguards over
access to assets and records, such as facilities; authorization for access to computer programs and data files
and periodic counting of assets and comparison with amounts shown on control records.
Reasonable Assurance - a high level of assurance regarding material misstatements, but not an absolute one.
Reasonable assurance includes the understanding that there is a remote likelihood that material
Risk Assessment- is an entity’s identification, analysis, and management of risk relevant to the preparation of
financial statements that are fairly presented in conformity with generally accepted accounting principles.
Segregation of duties- duties should be divided to reduce the possibility of any person both perpetrating and
concealing errors and irregularities in the normal course of his or her duties. Management can segregate
duties by assigning different people the responsibilities of authorizing transaction, recording transaction, and
2. PRINCIPLES OF AUDITING An Introduction to International Standards on Auditing by Rick Hayes Roger Dassen Arnold Schilder Philip
Wallage, Printice Hall FT Publications (2nd Edition) http://library.wbi.ac.id/repository/211.pdf
4. The Committee of Sponsoring Organizations (COSO) of the Tread way Commission (www.coso.org).
6. https://www.coso.org/Documents/COSO-CROWE-COSO-Internal-Control-Integrated-Framework.pdf
8. https://ebookpbt.files.wordpress.com/2011/11/acca-f8-audit-and-assurance-int-study-text-bpp.pdf , Exercise.
CONTACT INFORMATION:
VERSION HISTORY
31