The-Accountant-Jan-Feb-2018
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Information Financial Reporting Technology and Assurance<br />
Internal Control Systems<br />
Assessment in Audit<br />
By CPA Samuel K. Maritim<br />
ISA 500 Audit Evidence paragraph<br />
10 on selecting Items for Testing<br />
to Obtain Audit Evidence states,<br />
‘’when designing tests of controls<br />
and tests of details, the auditor shall<br />
determine means of selecting items for<br />
testing that are effective in meeting the<br />
purpose of the audit procedure.’’<br />
An audit assignment should not just<br />
aim at producing Financial Statements<br />
for publication but should ensure<br />
that the systems upon which such<br />
financial statements are produced are<br />
reliable and adequate in every respect.<br />
In order to obtain such assurance,<br />
tests and procedures should be carried<br />
out to confirm the assertions held by<br />
management emanating from their<br />
systems. An Internal Control System is<br />
one such system.<br />
Internal Control System (ICS) is the<br />
whole system of controls put in place by<br />
management in order to safeguard, secure<br />
and protect the assets of the company.<br />
Internal control may be the equivalent<br />
of steps and procedures put in place to<br />
mitigate against all business risks by an<br />
entity. <strong>The</strong> best evaluators of risks are<br />
auditors because they are external to the<br />
business and may have independent and<br />
objective third party approach. An ICS is<br />
business wide. It is present in every area<br />
of operation e.g. in payments, income/<br />
revenue recording and recognition, in<br />
bank and cash management etc.<br />
An audit cannot be complete in my<br />
view without having to undertake an<br />
Internal Control System Assessment<br />
in order to measure and evaluate the<br />
degree of risk the Auditor may be facing.<br />
Assessing the Internal Control System is<br />
in other words undertaking a risk based<br />
audit which is more value adding than a<br />
normal audit.<br />
Structured Interviews<br />
Arrange to carry out a series of structured<br />
interviews with senior management<br />
and other personnel at various<br />
organizational levels. Management and<br />
senior employees of the company hold<br />
important information that will help map<br />
out control procedures in the company.<br />
Remember some controls may exist in<br />
theory rather than in practice in a number<br />
of companies and they could be working<br />
very well. By holding such interviews, you<br />
may capture some undocumented control<br />
systems practiced by management.<br />
Literature Review<br />
<strong>The</strong> Assessor should review documented<br />
accounting procedures, policies and<br />
controls. He should further study the<br />
financial regulations and procedures and<br />
other organizational policies such as<br />
human resource policies and practices.<br />
<strong>The</strong> Assessor should check compliance of<br />
internal controls and accounting systems<br />
by inspecting documents and records<br />
prepared and produced by these systems.<br />
<strong>The</strong> output results should be consistent<br />
with management expectations and<br />
intended outputs.<br />
System Features and Action<br />
Points<br />
In the process of executing a transaction,<br />
from commencement to conclusion,<br />
several actions are taken by different<br />
people to produce the final outcome.<br />
<strong>The</strong> Assessor should deliberately check<br />
for system points where specific action<br />
is required as an input in the process of<br />
producing a transaction. Such actions<br />
include but are not limited to checking<br />
and supervising, examining, validating and<br />
analysing content, quality and quantities<br />
and appropriate approvals or rejections. It<br />
is critical to note that all actions in the<br />
control points should be evidenced by use<br />
of initials, signatures, passwords and other<br />
security codes. Further all action points<br />
are segregated and distinct in nature.<br />
Management Override<br />
An Assessor should take necessary steps<br />
and procedures to check and examine<br />
for evidence of management override<br />
4 JANUARY - FEBRUARY <strong>2018</strong>