What are the procedures used to obtain an understanding of internal control?

In an effective control environment, competent people understand their responsibilities and the limits of their authority, and are knowledgeable, mindful, and committed to doing what is right.

The university has adopted an internal control methodology developed by the Committee of Sponsoring Organizations (COSO), in which internal control is defined as a process implemented by management that provides reasonable assurance that:

• Operations are effective and efficient.
• Financial and operational reports are reliable.
• Compliance with applicable laws, regulations, and internal policies and procedures has been achieved.

COSO Components of Internal Control (listed in order of importance and effectiveness)

• The control environment sets the tone for the organization. Factors such as integrity, ethical values, competency, management philosophy, and operating style form the foundation for other components of internal control, and for providing discipline and structure.
• Risk assessment represents the identification of circumstances which may impede the organization's ability to achieve its business objectives, and the procedures in place that mitigate the identified risks.
• Control activities are undertaken by the organization to ensure compliance with sound business practices, including the development of policies and procedures, the review and approval of transactions, the segregation of duties, and account reconciliation. Control activities should be documented, including follow-up activities.
• Information and communication comprise the transmittal of quality data to the right people at the appropriate time to ensure employees have adequate information to effectively discharge their responsibilities. Effective communication must also occur in a broader sense throughout the organization.
• Monitoring activities assure that processes are working as intended and actions are taken to address problems with the quality of performance. This includes regular monitoring, management and supervisory activities.

---

The above internal controls definition was developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) which is recognized by the Office of the University Auditor.

Internal control is an efficient system of control is established by the management in the conduct of mousiness including internal cheek, internal audit, and other forms of control.

The whole system of internal check, internal audit and other forms of control, financial and otherwise established by management in order to carry on the business of the company in an orderly manner that safeguards its assets and secures as far as possible the accuracy and reliability of its records are called internal control.

The procedure to obtain an understanding consists of –

(a) Reviewing previous experience with the client: When the auditor has previous experience with the client, the previous year’s working papers should contain a great deal of information relevant to the current year’s audit.

(b) Inquiring of appropriate management and supervisory and staff personnel: Management and staff personnel with whom the auditor will perform auditing activities must gather sufficient and computes information about them.

(c) Inspecting documents and records: Relevant documents and records of the entity should be inspected. Examples include organization charts, policy manuals, the chart of accounts, accounting ledgers, journals and source documents, transaction flowcharts and reports used by management in performance reviews such as comparative reports showing actual and budgeted data and variances.

(d) Observing entity activities and operations: To reinforce the understanding of some aspects of the accounting system and certain control activities, some auditors perform a transaction walk-through review.

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand.See full bio

Last editedJun 2021 — 3 min read

Table of contents

All businesses, whether they are corporates or SMEs, need some level of internal control over their finances to ensure they stay on the right side of the law. As well as ensuring the efficiency and accuracy of accounting and financial reporting, internal controls, procedures and systems are key to ensuring businesses and their employees deal with their money in a legal and responsible way.

Within accounting, there are seven internal control procedures that need to be followed to ensure a business’s finances are fully legal and compliant. This article will explain more about internal control systems and how you can ensure your accounts meet their requirements, starting with the definition of internal control.

What is internal control?

To ensure a business’s finances are being run correctly and legally, a set of internal controls are put in place. As well as making sure each set of accounts are legal and compliant, internal controls give out policies and procedures in place to protect an organisation’s assets and ensure any individuals operate within the laws, regulations and ethics of a company.

Primarily, internal controls are put in place within the structure of an organisation to minimise any risks to the company, reduce the number of errors and ensure operations run effectively according to any set rules or regulations. The larger an organisation is, the larger the internal control system that needs to be in place to ensure its operations are fully compliant.

What is an internal control framework?

An internal control framework is a set of processes a business has in place to ensure all of its operations, specifically its financial operations, comply with laws and regulations. A thorough and effective internal control system will enable a company to perform effectively while ensuring its finances and accounts are run with full integrity.

Within larger organisations, an internal control framework will include processes and procedures that cover all stages and levels of the business, from the board of directors to junior employees. Stages within the internal control framework may include IT regulations, controls around asset protection and rules for individual employees to protect the organisation against theft and fraud.

In these companies, there is usually a team of

internal auditors whose role is to oversee these processes and procedures to ensure they’re functioning effectively without reducing the overall efficiency of an organisation. There may even be internal control in auditing teams to ensure complete compliance and integrity.

Internal control examples

Internal control in auditing and accountancy are the most common examples seen in all sizes of businesses. To ensure a company’s finances are fully compliant and follow all laws and regulations, there are seven internal controls that can be put in place:

• Separation of duties: this involves giving jobs within the accounting process to different employees. This can include critical tasks being reviewed by colleagues or having specific duties, such as bookkeeping and deposits, being designated to different employees within a team.

• Accounting system access controls: to minimise the likelihood of fraud or errors, businesses can control accounting systems via restricting access via different user accounts, passwords and electronic logs. This also enables businesses to track and monitor access to the accounting system.

• Physical audits of assets: from hand-counting cash to taking inventories of equipment, counting assets physically gives extra reassurance and ensure there’s no discrepancies in account balances and electronic records.

• Standardised financial documentation: by having a system and template for invoices, internal request and expense reports, companies can ensure there’s consistency within their record keeping and reduce the likelihood or errors or discrepancies to appear.

• Daily or weekly trial balances: by running trial balances on a regular basis, companies can gain insight into the status of their system and ensure any discrepancies are picked up and dealt with as early as possible.

• Periodic reconciliations in accounting systems: similar to trial balances, reconciliations ensure balances match up across different systems, banks, suppliers and customers. Any errors or discrepancies can then be revealed quickly and easily.

• Approval authority requirements: assigning particular managers the responsibility of authorising specific types of transactions adds an extra layer of control and reduces the likelihood of errors or fraudulent claims.

Although these seven internal controls may not be used in all types of businesses, they’re an example of the types of internal control systems that can be put in place to ensure a company’s finances are compliant and lawful.

What are the 7 internal control procedures in accounting?

What are the five procedures used for tests of controls?

What are the steps taken to obtain audit evidence regarding the internal control?

How would you document your understanding of internal control?